花在吗? 帮我看下 bbs.ikaka.com

smartzlm18 - 2006-1-3 20:23:00

Logfile of HijackThis v1.99.1
Scan saved at 20:18:22, on 2006-1-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Chinanet\VnetClient.exe
C:\Program Files\rising\rav\RavMon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\rising\rav\Rav.exe
F:\4842302005517164643\HijackThis.exe

O1 - Hosts: 202.103.67.180 auto.search.msn.com
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Online Register.lnk = ?
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{496C82AF-9FF8-44FB-8127-DC9DBF6284C0}: NameServer = 61.177.7.1 221.228.255.1
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

现在发现木马可是瑞星查不到啊可是监控老提示出现木马啊

魔法学徒 - 2006-1-3 20:53:00

具体报告是什么木马？请将监控日志贴上来

smartzlm18 - 2006-1-3 22:11:00

Dropper.Delf.k
C:\DOCUME~1\z\LOCALS~1\Temp\0

smartzlm18 - 2006-1-3 22:12:00

就这个木马回来在杀查不到啊现在TEMP里面的垃圾文件多删不了啊
Dropper.Delf.k 我查了下是WINDOWS下的木马 17.58就可以杀了可是现在查不到啊

花落花又开 - 2006-1-3 22:17:00

【回复“smartzlm18”的帖子】
清空C:\DOCUME~1\z\LOCALS~1\Temp\目录下的所有文件即可.

smartzlm18 - 2006-1-3 22:17:00

病毒分类 WINDOWS下的PE病毒病毒名称 Dropper.Delf.k 　
别名　病毒长度
依赖系统传播途径　
行为类型 WINDOWS下的木马程序感染　
病毒发作瑞星版本号
　 17.58.12

smartzlm18 - 2006-1-3 22:21:00

里面的文件删不了啊说在使用中可是不知道是哪项在使用怎么关掉

smartzlm18 - 2006-1-3 22:26:00

在安全模式下可以删不?
C:\Documents and Settings\z\Local Settings\Temp 这个是不是就是下面这个地址啊
C:\DOCUME~1\z\LOCALS~1\Temp

花落花又开 - 2006-1-3 22:28:00

2个都可以.
在安全模式下删除

smartzlm18 - 2006-1-3 22:30:00

TEMP里面多是这个Perflib_Perfdata_db8.dat文件删不了说是在使用中在线等啊刚才发了就进不这论坛了现在不敢走啊斑竹快啊

花落花又开 - 2006-1-3 22:32:00

安全模式下还出现这样的吗?

别急.

smartzlm18 - 2006-1-3 22:34:00

等下啊我现在木马克星在查要等会在去安全模式快了

smartzlm18 - 2006-1-3 22:37:00

NTUSER.DAT 这是什么文件啊删不了还是隐藏的边上还有个文件甲

花落花又开 - 2006-1-3 22:41:00

【回复“smartzlm18”的帖子】
文件的位置.

试试killbox

smartzlm18 - 2006-1-3 22:49:00

晕啊在安全模式下找不到那些文件啊 TEMP里面删掉了一开机又有了不知道怎么办啊

smartzlm18 - 2006-1-3 22:53:00

你说的那个东西删不了在使用中

smartzlm18 - 2006-1-3 22:56:00

Logfile of HijackThis v1.99.1
Scan saved at 22:56:05, on 2006-1-3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rising\rav\RavMon.exe
C:\Program Files\Chinanet\VnetClient.exe
F:\4842302005517164643\HijackThis.exe

O1 - Hosts: 202.103.67.180 auto.search.msn.com
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Online Register.lnk = ?
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{496C82AF-9FF8-44FB-8127-DC9DBF6284C0}: NameServer = 61.177.7.1 221.228.255.1
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

smartzlm18 - 2006-1-3 23:38:00

多休息了看来只好明天继续等了可是瑞星一到白天就难上啊

smartzlm18 - 2006-1-4 12:44:00

还是解决不了啊请斑竹们来帮帮忙谢谢

魔法学徒 - 2006-1-4 14:51:00

请用最新版System Repair Engineer扫描一个log贴上来。

System Repair Engineer下载地址见
【推荐】System Repair Engineer 2.0.12.350 RC1版
http://forum.ikaka.com/topic.asp?board=67&artid=7540414

smartzlm18 - 2006-1-4 15:05:00

2006-01-04,15:02:16

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NMGameX_AutoRun><C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><APIHookDll.dll>

==================================
启动文件夹
[EPSON Online Register]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Online Register.lnk><N>

==================================
服务
[Dcfssvc / Dcfssvc]
<C:\WINDOWS\system32\drivers\dcfssvc.exe><Eastman Kodak Company>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[寻论网--中学作业解答]
{6924091F-CD97-41E1-B1D4-D9079409D423} <http://www.xunlun.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[NMChatX Control]
{D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINDOWS\system32\NMChatX.ocx, Netmarble>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON

smartzlm18 - 2006-1-4 15:06:00

[D:\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\QQ\BasicCtrlDll.dll] <Tencent><0, 2, 2, 2>
[D:\QQ\QQZip.dll] <tencent><2.05>
[C:\WINDOWS\system32\APIHookDll.dll] <N/A><N/A>
[D:\QQ\ImagePro.dll] <Tencent><1.3.8.4>
[D:\QQ\InPlus.dll] <Tencent><1.3.8.4>
[D:\QQ\CoralQQ.dll] <Coral Team><2.4.0.0>
[D:\QQ\IPSearcher.dll] <><1.0.0.3>
[D:\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\QQ\TIMProxy.dll] <tencent><2.05>
[D:\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\QQ\CQQApplication.dll] <N/A><N/A>
[D:\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\QQ\LongConnection.dll] <tencent><0, 2, 2, 2>
[D:\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\QQ\QQPlugin.dll] <N/A><N/A>
[D:\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\QQ\QQCustomFace.dll] <N/A><N/A>
[D:\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\QQ\SCCore.dll] <N/A><N/A>
[D:\QQ\GroupConnection.dll] <Tencent><0, 3, 1, 14>
[D:\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\QQ\BQQApplication.dll] <N/A><N/A>
[D:\QQ\QQMMSender.dll] <N/A><N/A>
[D:\QQ\QQAvatar.dll] <N/A><N/A>
[D:\QQ\QRingMng.dll] <N/A><N/A>
[D:\QQ\videodevice.dll] <Tencent><1.3.8.4>
[D:\QQ\QQSceneMng.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[D:\QQ\QQHook.dll] <N/A><N/A>
[D:\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[D:\QQ\QQUdpGetFileLib.dll] <tencent><2.05>
[D:\QQGame\GameLogCore.Dll] <><0, 10, 106, 13>
[D:\QQGame\Core.dll] <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
[D:\QQGame\NetCenter.dll] <é??úêDìú???????ú?μí3óD?T1???><0, 10, 0, 0>
[D:\QQGame\CmdCenter.dll] <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
[D:\QQGame\HelpDll.dll] <><1, 0, 0, 1>
[D:\QQGame\ResEx.dll] <深圳市腾讯计算机系统有限公司><0, 10, 0, 0>
[D:\QQGame\GameLogAidMgr.dll] <><1, 0, 0, 1>
[D:\QQGame\COMToolKit.dll] <><1, 0, 0, 3>
[D:\QQGame\QQGameAvatar.dll] <深圳市腾讯计算机系统有限公司 Tencent Computer System Ltd.><0, 10, 0, 0>
[D:\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\QQ\QQFileTransfer.dll] <Tencent><0, 3, 1, 16>
[PID: 3876][D:\QQ\TIMPlatform.exe] <tencent><2.05>
[C:\WINDOWS\system32\APIHookDll.dll] <N/A><N/A>
[D:\QQ\TIMProxy.dll] <tencent><2.05>
[PID: 2784][F:\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\system32\APIHookDll.dll] <N/A><N/A>
[D:\QQ\QQHook.dll] <N/A><N/A>

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

瑞星卡卡安全论坛