瑞星卡卡安全论坛

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <AMonitor><D:\Program Files\Tiny Firewall Pro\amon.exe>  [Tiny Software, Inc.]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SunJavaUpdateSched><D:\Program Files\Java\jre1.5.0\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <nod32kui><"D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <SKYNET Personal FireWall><D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINNT\SYSTEM32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><UmxSbxExw.dll>  [Tiny Software Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
    <WinlogonNotify: PFW><UmxWnp.Dll>  [Tiny Software Inc.]

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[MySQL / MySQL]
  <"D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="D:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL><N/A>
[NOD32 Kernel Service / NOD32krn]
  <"D:\Program Files\Eset\nod32krn.exe"><Eset>
[Virus Chaser Spider NT / spidernt]
  <D:\Program Files\Virus Chaser\SpiderNt.exe><N/A>
[FW Event Manager / UmxAgent]
  <D:\Program Files\Tiny Firewall Pro\UmxAgent.exe><Tiny Software, Inc.>
[FW Configuration Interpreter / UmxCfg]
  <D:\Program Files\Common Files\PFShared\UmxCfg.exe><Tiny Software, Inc.>
[FW User-Mode Helper / UmxFwHlp]
  <D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe><Tiny Software, Inc.>
[FW Live Update / UmxLU]
  <D:\Program Files\Common Files\PFShared\umxlu.exe><Tiny Software, Inc.>
[FW Policy Manager / UmxPol]
  <D:\Program Files\Common Files\PFShared\UmxPol.exe><Tiny Software Inc.>
[FW User to IP Address Translation / UmxUTA]
  <D:\Program Files\Tiny Firewall Pro\umxuta.exe><Tiny Software, Inc.>

==================================
浏览器加载项
[Java Plug-in 1.5.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
  {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, Sun Microsystems, Inc.>

==================================

正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 204][\??\D:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\D:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6714>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxWnp.Dll]  <Tiny Software Inc.><6, 0, 0, 1>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
[PID: 256][D:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 268][D:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6695>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 456][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 500][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 552][D:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 584][D:\Program Files\Common Files\PFShared\UmxCfg.exe]  <Tiny Software, Inc.><6.0.0.28>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\Program Files\Common Files\PFShared\xmlsdp.dll]  <Tiny Software, Inc.><6.2.0.103>
    [D:\Program Files\Common Files\PFShared\pthexp.dll]  <Tiny Software, Inc.><6.0.0.17>
    [D:\Program Files\Tiny Firewall Pro\SnortImp.dll]  <Tiny Software, Inc.><6.0.0.10>
[PID: 608][D:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe]  <Tiny Software, Inc.><6.0.0.2>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 632][D:\Program Files\Common Files\PFShared\UmxPol.exe]  <Tiny Software Inc.><6, 0, 0, 2>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 668][D:\Program Files\Tiny Firewall Pro\UmxAgent.exe]  <Tiny Software, Inc.><6.0.0.46>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\Program Files\Tiny Firewall Pro\UmxAgentRes.dll]  <Tiny Software, Inc.><6.0.0.35>
    [D:\Program Files\Tiny Firewall Pro\FncIDs.dll]  <Tiny Software, Inc.><1.0.0.10>
    [D:\Program Files\Common Files\PFShared\pthexp.dll]  <Tiny Software, Inc.><6.0.0.17>
    [D:\Program Files\Common Files\PFShared\nag.dll]  <Tiny Software, Inc.><6.0.0.10>
[PID: 692][D:\Program Files\Tiny Firewall Pro\UmxTray.exe]  <Tiny Software, Inc.><6.0.0.34>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\Program Files\Tiny Firewall Pro\UmxTrayRes.dll]  <Tiny Software, Inc.><6.0.0.26>
[PID: 748][D:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 876][D:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.6697>
    [D:\WINNT\System32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\System32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 968][D:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe]  <N/A><N/A>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 988][D:\Program Files\Eset\nod32krn.exe]  <Eset ><2, 51, 30 >
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\Program Files\Eset\ps_amon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\ps_dmon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\ps_emon.dll]  <Eset ><2, 51, 30 >
    [D:\WINNT\system32\imon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\ps_nod32.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\ps_upd.dll]  <Eset ><2, 51, 30 >
[PID: 1016][D:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 360][D:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1104][D:\Program Files\Common Files\PFShared\umxlu.exe]  <Tiny Software, Inc.><6.0.0.13>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1176][D:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1220][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1244][D:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1392][D:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
    [D:\WINNT\system32\igfxpph.dll]  <Intel Corporation><3,0,0,2104>
    [D:\WINNT\system32\hccutils.DLL]  <Intel Corporation><3,0,0,2104>
    [D:\WINNT\system32\igfxres.dll]  <Intel Corporation><3,0,0,2104>
    [D:\WINNT\system32\igfxsrvc.dll]  <Intel Corporation><3,0,0,2104>
    [D:\WINNT\system32\igfxdev.dll]  <Intel Corporation><3,0,0,2104>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [D:\Program Files\Eset\nodshex.dll]  <N/A><N/A>
[PID: 908][D:\Program Files\Java\jre1.5.0\bin\jusched.exe]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1564][D:\Program Files\Eset\nod32kui.exe]  <Eset ><2, 51, 30 >
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>

[D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
    [D:\Program Files\Eset\pu_amon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\pu_dmon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\pu_emon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\pu_imon.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\pu_nod32.dll]  <Eset ><2, 51, 30 >
    [D:\Program Files\Eset\pu_upd.dll]  <Eset ><2, 51, 30 >
[PID: 1624][D:\WINNT\system32\ctfmon.exe]  <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
[PID: 1744][D:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\System32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\System32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
[PID: 1648][D:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1160][D:\Program Files\NetMeeting\conf.exe]  <Microsoft Corporation><4.4.3398>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
    [D:\WINNT\system32\devenum.dll]  <N/A><N/A>
    [D:\WINNT\system32\tssoft32.acm]  <DSP GROUP, INC.><1.01>
    [D:\WINNT\system32\tsd32.dll]  <N/A><N/A>
    [D:\WINNT\system32\iac25_32.ax]  <Intel Corporation><2.05.53>
    [D:\WINNT\system32\l3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[PID: 1412][D:\WINNT\system32\rsvp.exe]  <Microsoft Corporation><5.00.2195.6663>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
[PID: 1700][D:\WINNT\system32\mspaint.exe]  <Microsoft Corporation><5.00.2195.6601>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
[PID: 1704][D:\java10\eclipse 3.1.2＋swt 4.2.1+zh_cn\eclipse-SDK-3.1.2-win32\eclipse\eclipse.exe]  <N/A><N/A>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
[PID: 1660][D:\WINNT\system32\javaw.exe]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\Program Files\Java\jre1.5.0\bin\client\jvm.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\hpi.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\verify.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\java.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\zip.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\net.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\Program Files\Java\jre1.5.0\bin\nio.dll]  <Sun Microsystems, Inc.><1.5.0.0>
    [D:\java10\eclipse 3.1.2＋swt 4.2.1+zh_cn\eclipse-SDK-3.1.2-win32\eclipse\configuration\org.eclipse.osgi\bundles\14\1\.cp\swt-win32-3139.dll]  <Eclipse Foundation><3.139>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>
    [D:\java10\eclipse 3.1.2＋swt 4.2.1+zh_cn\eclipse-SDK-3.1.2-win32\eclipse\configuration\org.eclipse.osgi\bundles\43\1\.cp\os\win32\x86\core_3_1_0.dll]  <N/A><N/A>
[PID: 1684][D:\java10\soft\killer2\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\WINNT\system32\UmxSbxExw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxTrw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\UmxSbxw.dll]  <Tiny Software Inc.><6.0.0.22>
    [D:\WINNT\system32\CHENHU4.IME]  <chenhu><5.8>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

病毒应该杀没了我想
只是不知道是不是还有病毒？

有没有人啊？？