瑞星卡卡安全论坛
飞舞的风筝 - 2007-2-1 13:47:00
[CODE]
2007-02-01,13:21:51
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe> [Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
<UUpdate><rem C:\Progra
飞舞的风筝 - 2007-2-1 13:48:00
<UUpdate><rem C:\Program Files\UUSee\UUpdate.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<LClock><rem C:\Program Files\LClock\LClock.exe> [N/A]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<paTray><rem "C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe"> [N/A]
<System><rem C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<upx1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\upx1.exe> [N/A]
<upxdnd1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\ztt.exe> [N/A]
<webService><C:\WINDOWS\services.exe> [N/A]
<Snewpeek><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\6.exe> [N/A]
<wsvbs><rem C:\WINDOWS\wsvbs.exe> [N/A]
<sdafdsafds><rem C:\WINDOWS\temp\155.exe> [N/A]
<AHNSD><"C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"> [AhnLab, Inc.]
<WinampAgent><"F:\软件包\winampa.exe"> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
飞舞的风筝 - 2007-2-1 13:49:00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [(Verified)YAHOO Corporation Limited]
<_{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<_{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><> [N/A]
<_{6E44887F-5214-41F2-AB46-4728735C4CC6}><> [N/A]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[4FEB270 / 4FEB270][Stopped/Auto Start]
<C:\WINDOWS\system32\4FEB270.EXE -service><Microsoft Corporation>
[9FFD0DA0 / 9FFD0DA0][Stopped/Auto Start]
<C:\WINDOWS\system32\9FFD0DA0.EXE -service><Microsoft Corporation>
[AhnLab Task Scheduler / AhnLab Task Scheduler][Running/Auto Start]
<"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe"><AhnLab, Inc.>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Imsvc / Imsvc][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Webmail.dll><>
[Remote Registry Protect / Investor][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\cgjhq.dll><Microsoft Corporation>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[MonSvcNT / MonSvcNT][Running/Auto Start]
<C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe><AhnLab, Inc.>
飞舞的风筝 - 2007-2-1 13:49:00
[P4P Service / P4P Service][Running/Auto Start]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Policy Agent Service V2.5 / paSvc][Running/Auto Start]
<"C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe"><AhnLab, Inc.>
[Remote Managements Instrumenta / Remss_Ser][Stopped/Auto Start]
<C:\WINDOWS\system32\netstart.exe -service><N/A>
[SysServiceStart / ServiceStart][Running/Auto Start]
<C:\Windows\system32\RWBIQXEKRY.EXE><N/A>
[Security Machine Manager / SOCEESe][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\EKBMM.DLL,Export 1087><N/A>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
<C:\WINDOWS\system32\win.exe><N/A>
[Vsn vsxx Service / vsxx][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\bfda\imkh.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
<C:\WINDOWS\system32\kaven.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
==================================
驱动程序
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnfdIont / AnfdIont][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ApfIPXX / ApfIPXX][Stopped/Manual Start]
<\??\C:\PROGRA~1\AhnLab\V3\ApfIPXX.sys><AhnLab, Inc.>
[ast / ast][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[ffpbek / ffpbek][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
<system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[lxyp / lxypc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\lxypc.sys><N/A>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
<system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MHDRV / MHDRV][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[MRxSmb / MRxSmb][Running/System Start]
<system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[msqmx / msqmx][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msqmx.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Rdbss / Rdbss][Running/System Start]
<system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
飞舞的风筝 - 2007-2-1 13:50:00
[P4P Service / P4P Service][Running/Auto Start]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Policy Agent Service V2.5 / paSvc][Running/Auto Start]
<"C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe"><AhnLab, Inc.>
[Remote Managements Instrumenta / Remss_Ser][Stopped/Auto Start]
<C:\WINDOWS\system32\netstart.exe -service><N/A>
[SysServiceStart / ServiceStart][Running/Auto Start]
<C:\Windows\system32\RWBIQXEKRY.EXE><N/A>
[Security Machine Manager / SOCEESe][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\EKBMM.DLL,Export 1087><N/A>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
<C:\WINDOWS\system32\win.exe><N/A>
[Vsn vsxx Service / vsxx][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\bfda\imkh.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
<C:\WINDOWS\system32\kaven.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
==================================
驱动程序
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnfdIont / AnfdIont][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ApfIPXX / ApfIPXX][Stopped/Manual Start]
<\??\C:\PROGRA~1\AhnLab\V3\ApfIPXX.sys><AhnLab, Inc.>
[ast / ast][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[ffpbek / ffpbek][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
<system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[lxyp / lxypc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\lxypc.sys><N/A>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
<system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MHDRV / MHDRV][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[MRxSmb / MRxSmb][Running/System Start]
<system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[msqmx / msqmx][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msqmx.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Rdbss / Rdbss][Running/System Start]
<system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
飞舞的风筝 - 2007-2-1 13:51:00
{4CEB0B7C-0729-412B-8627-0088FB4F6D9F} <C:\WINDOWS\system32\BHO04.dll, >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[�]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\bfda\�.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YDKRZGMTZGMTZ]
{72D93625-D049-4B9E-9D7D-1131D0AFCAD4} <C:\WINDOWS\system32\PVAHPVCIP.DLL, N/A>
[V3BOH Class]
{76EAE03C-F2B1-4397-97E8-390920B7C2DC} <C:\Program Files\AhnLab\V3\V3Bar.dll, AhnLab, Inc.>
[我的订阅]
{8755CE6E-0BF7-4441-8751-FB728941B0B4} <C:\Program Files\P4P\rss.dll, Sohu.com Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[V3]
{9E3849D6-41EF-4B2F-86B7-632EF90758E4} <"C:\Program Files\AhnLab\V3\V3Bar.dll", N/A>
[]
{A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[af6a]
{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\42c4ntos.dll, N/A>
[]
{EB16D2B9-8AA5-4CD7-A9F2-72A4D3078327} <C:\WINDOWS\system32\ciartmkwxgsuu.dll, N/A>
==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
飞舞的风筝 - 2007-2-1 13:51:00
[PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\webmail.dll] [, 1, 0, 0, 2]
[c:\windows\system32\ntxml.dll] [, 1, 0, 0, 1]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1400][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 3, 1004]
[C:\WINDOWS\system32\vrcqt.dll] [N/A, N/A]
[C:\Windows\system32\TYEKTZGMTAH.DLL] [N/A, 1.0.0.1]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[C:\WINDOWS\TEMP\temper\iecatch.dll] [N/A, N/A]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, N/A]
[C:\Program Files\AhnLab\V3\V3ShllEx.dll] [AhnLab, Inc., 6, 0, 0, 13]
[C:\Program Files\AhnLab\V3\NLS\V3SH0804.nls] [AhnLab, Inc., 6, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\system32\ContextMenuExt.dll] [N/A, N/A]
[PID: 1416][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe] [AhnLab, Inc., 5, 3, 0, 158]
[C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls] [AhnLab, Inc., 5, 0, 0, 5]
[PID: 1512][C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe] [AhnLab, Inc., 6, 1, 0, 12]
[C:\PROGRA~1\AhnLab\V3\AhnGICF.dll] [AhnLab, Inc., 6, 0, 0, 2]
[C:\PROGRA~1\AhnLab\V3\V3DrEx.dll] [AhnLab, Inc., 7, 0, 0, 112]
[C:\PROGRA~1\AhnLab\V3\v3svcctr.dll] [AhnLab, Inc., 6, 1, 0, 1]
[C:\PROGRA~1\AhnLab\V3\V3CfgE.dll] [AhnLab, Inc., 6, 0, 0, 96]
[C:\PROGRA~1\AhnLab\V3\V3Flt.dll] [AhnLab, Inc., 6, 1, 0, 8]
[C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll] [AhnLab, Inc., 1, 0, 1, 7]
[C:\PROGRA~1\AhnLab\V3\v3if.dll] [AhnLab, Inc., 6, 1, 0, 3]
[C:\PROGRA~1\AhnLab\V3\V3STScan.dll] [AhnLab, Inc., 6, 1, 0, 2]
[C:\PROGRA~1\AhnLab\V3\AhnDMZ.dll] [AhnLab, Inc., 6, 0, 0, 73]
[C:\PROGRA~1\AhnLab\V3\V3Track.dll] [AhnLab, Inc., 6, 0, 0, 26]
[C:\PROGRA~1\AhnLab\V3\V3IMSvc.dll] [AhnLab, Inc., 6, 0, 0, 33]
[C:\PROGRA~1\AhnLab\V3\V3Ift.dll] [AhnLab, Inc., 6, 0, 0, 5]
[C:\PROGRA~1\AhnLab\V3\NLS\V3Dr0804.nls] [AhnLab, Inc., 7, 0, 0, 8]
[C:\PROGRA~1\AhnLab\V3\v3logex.dll] [AhnLab, Inc., 6, 1, 0, 2]
[C:\PROGRA~1\AhnLab\V3\V3NETINT.dll] [AhnLab, Inc., 6, 0, 0, 20]
[C:\PROGRA~1\AhnLab\V3\System\26\V3pro32e.dll] [AhnLab, Inc., 2007,01,30,00]
[C:\WINDOWS\system32\v3w32se2.dll] [Ahnlab, Inc., 2002, 12, 16, 1]
[C:\PROGRA~1\AhnLab\V3\V3SR32.dll] [AhnLab, Inc., 5, 0, 0, 2]
[PID: 1660][C:\WINDOWS\system32\7B73C970.exe] [N/A, N/A]
[PID: 1732][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] [Sohu.com Inc., 2, 0, 0, 28]
[C:\Program Files\Sogou PXP\vodsvr.dll] [Sohu.com Inc., 2, 3, 0, 1]
[C:\Program Files\Sogou PXP\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 9]
[C:\Program Files\Sogou PXP\p2pclient.dll] [Sohu.com Inc., 2, 9, 1, 1]
[C:\Program Files\P4P\tbupdate.dll] [Sogou.com Inc., 1, 0, 1, 1]
[C:\Program Files\P4P\p4pipc.dll] [Sogou.com Inc., 1, 0, 0, 13]
[PID: 1744][C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe] [AhnLab, Inc., 2.5.5.76]
[C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\TPool.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll] [AhnLab, 2, 5, 5, 11]
[C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\PaNetApi.dll] [Ahnlab, Inc., 2, 5, 5, 90]
[PID: 340][C:\Windows\system32\RWBIQXEKRY.EXE] [N/A, N/A]
[PID: 408][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448][C:\WINDOWS\system32\win.exe] [N/A, N/A]
[PID: 748][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\bfda\imkh.dll] [, 1, 2, 0, 8]
[PID: 2120][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.10]
[PID: 2128][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
飞舞的风筝 - 2007-2-1 13:54:00
[PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\webmail.dll] [, 1, 0, 0, 2]
[c:\windows\system32\ntxml.dll] [, 1, 0, 0, 1]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1400][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 3, 1004]
[C:\WINDOWS\system32\vrcqt.dll] [N/A, N/A]
[C:\Windows\system32\TYEKTZGMTAH.DLL] [N/A, 1.0.0.1]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[C:\WINDOWS\TEMP\temper\iecatch.dll] [N/A, N/A]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, N/A]
[C:\Program Files\AhnLab\V3\V3ShllEx.dll] [AhnLab, Inc., 6, 0, 0, 13]
[C:\Program Files\AhnLab\V3\NLS\V3SH0804.nls] [AhnLab, Inc., 6, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\system32\ContextMenuExt.dll] [N/A, N/A]
[PID: 1416][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe] [AhnLab, Inc., 5, 3, 0, 158]
[C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls] [AhnLab, Inc., 5, 0, 0, 5]
[PID: 1512][C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe] [AhnLab, Inc., 6, 1, 0, 12]
[C:\PROGRA~1\AhnLab\V3\AhnGICF.dll] [AhnLab, Inc., 6, 0, 0, 2]
[C:\PROGRA~1\AhnLab\V3\V3DrEx.dll] [AhnLab, Inc., 7, 0, 0, 112]
[C:\PROGRA~1\AhnLab\V3\v3svcctr.dll] [AhnLab, Inc., 6, 1, 0, 1]
[C:\PROGRA~1\AhnLab\V3\V3CfgE.dll] [AhnLab, Inc., 6, 0, 0, 96]
[C:\PROGRA~1\AhnLab\V3\V3Flt.dll] [AhnLab, Inc., 6, 1, 0, 8]
[C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll] [AhnLab, Inc., 1, 0, 1, 7]
[C:\PROGRA~1\AhnLab\V3\v3if.dll] [AhnLab, Inc., 6, 1, 0, 3]
[C:\PROGRA~1\AhnLab\V3\V3STScan.dll] [AhnLab, Inc., 6, 1, 0, 2]
[C:\PROGRA~1\AhnLab\V3\AhnDMZ.dll] [AhnLab, Inc., 6, 0, 0, 73]
[C:\PROGRA~1\AhnLab\V3\V3Track.dll] [AhnLab, Inc., 6, 0, 0, 26]
[C:\PROGRA~1\AhnLab\V3\V3IMSvc.dll] [AhnLab, Inc., 6, 0, 0, 33]
[C:\PROGRA~1\AhnLab\V3\V3Ift.dll] [AhnLab, Inc., 6, 0, 0, 5]
[C:\PROGRA~1\AhnLab\V3\NLS\V3Dr0804.nls] [AhnLab, Inc., 7, 0, 0, 8]
[C:\PROGRA~1\AhnLab\V3\v3logex.dll] [AhnLab, Inc., 6, 1, 0, 2]
[C:\PROGRA~1\AhnLab\V3\V3NETINT.dll] [AhnLab, Inc., 6, 0, 0, 20]
[C:\PROGRA~1\AhnLab\V3\System\26\V3pro32e.dll] [AhnLab, Inc., 2007,01,30,00]
[C:\WINDOWS\system32\v3w32se2.dll] [Ahnlab, Inc., 2002, 12, 16, 1]
[C:\PROGRA~1\AhnLab\V3\V3SR32.dll] [AhnLab, Inc., 5, 0, 0, 2]
[PID: 1660][C:\WINDOWS\system32\7B73C970.exe] [N/A, N/A]
[PID: 1732][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] [Sohu.com Inc., 2, 0, 0, 28]
[C:\Program Files\Sogou PXP\vodsvr.dll] [Sohu.com Inc., 2, 3, 0, 1]
[C:\Program Files\Sogou PXP\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 9]
[C:\Program Files\Sogou PXP\p2pclient.dll] [Sohu.com Inc., 2, 9, 1, 1]
[C:\Program Files\P4P\tbupdate.dll] [Sogou.com Inc., 1, 0, 1, 1]
[C:\Program Files\P4P\p4pipc.dll] [Sogou.com Inc., 1, 0, 0, 13]
[PID: 1744][C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe] [AhnLab, Inc., 2.5.5.76]
[C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\TPool.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll] [AhnLab, 2, 5, 5, 11]
[C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll] [AhnLab, 2, 1, 0, 0]
[C:\Program Files\AhnLab\APC2\Policy Agent\PaNetApi.dll] [Ahnlab, Inc., 2, 5, 5, 90]
[PID: 340][C:\Windows\system32\RWBIQXEKRY.EXE] [N/A, N/A]
[PID: 408][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448][C:\WINDOWS\system32\win.exe] [N/A, N/A]
[PID: 748][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\bfda\imkh.dll] [, 1, 2, 0, 8]
[PID: 2120][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.10]
[PID: 2128][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
飞舞的风筝 - 2007-2-1 13:55:00
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[PID: 2164][C:\WINDOWS\services.exe] [N/A, N/A]
[PID: 2200][C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe] [AhnLab, Inc., 5, 3, 0, 23]
[C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls] [AhnLab, Inc., 5, 0, 0, 5]
[PID: 2208][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2220][C:\Program Files\AhnLab\V3\MonSysNT.exe] [AhnLab, Inc., 6, 1, 0, 91]
[C:\Program Files\AhnLab\V3\V3CfgE.dll] [AhnLab, Inc., 6, 0, 0, 96]
[C:\Program Files\AhnLab\V3\V3SSCtrl.dll] [AhnLab, Inc., 6, 0, 0, 100]
[C:\Program Files\AhnLab\V3\AhnI18N.dll] [AhnLab, Inc., 6, 0, 0, 18]
[C:\Program Files\AhnLab\V3\NLS\Mon0804.nls] [AhnLab, Inc., 6, 0, 0, 26]
[C:\Program Files\AhnLab\V3\AhnAlert.dll] [AhnLab, Inc., 6, 0, 0, 17]
[PID: 2228][C:\Program Files\AhnLab\V3\V3P3AT.exe] [AhnLab, Inc., 6, 1, 0, 201]
[C:\Program Files\AhnLab\V3\v3if.dll] [AhnLab, Inc., 6, 1, 0, 3]
[C:\Program Files\AhnLab\V3\V3CfgE.dll] [AhnLab, Inc., 6, 0, 0, 96]
[C:\Program Files\AhnLab\V3\V3DrEx.dll] [AhnLab, Inc., 7, 0, 0, 112]
[C:\Program Files\AhnLab\V3\V3P3ATHL.dll] [AhnLab, Inc., 6, 0, 0, 23]
[C:\Program Files\AhnLab\V3\AhnI18N.dll] [AhnLab, Inc., 6, 0, 0, 18]
[C:\Program Files\AhnLab\V3\V3MsgFlt.dll] [AhnLab, Inc., 6, 0, 0, 63]
[C:\Program Files\AhnLab\V3\V3NfCtl.dll] [AhnLab, Inc., 6, 0, 0, 3]
[C:\Program Files\AhnLab\V3\AnfdCtrl.dll] [AhnLab, Inc., 2, 0, 0, 12]
[C:\Program Files\AhnLab\V3\AhnCtlKD.dll] [AhnLab, Inc., 1, 0, 1, 7]
[C:\Program Files\AhnLab\V3\AhnIConv.dll] [AhnLab, Inc., 1, 0, 0, 1]
[C:\Program Files\AhnLab\V3\NLS\V3Dr0804.nls] [AhnLab, Inc., 7, 0, 0, 8]
[C:\Program Files\AhnLab\V3\NLS\V3MF0804.nls] [AhnLab, Inc., 6, 0, 0, 8]
[C:\Program Files\AhnLab\V3\v3logex.dll] [AhnLab, Inc., 6, 1, 0, 2]
[C:\Program Files\AhnLab\V3\NLS\p3at0804.nls] [AhnLab, Inc., 6, 0, 0, 14]
[C:\Program Files\AhnLab\V3\System\26\V3pro32e.dll] [AhnLab, Inc., 2007,01,30,00]
[C:\WINDOWS\system32\v3w32se2.dll] [Ahnlab, Inc., 2002, 12, 16, 1]
[C:\Program Files\AhnLab\V3\V3SR32.dll] [AhnLab, Inc., 5, 0, 0, 2]
[C:\Program Files\AhnLab\V3\V3azex.dll] [AhnLab, Inc., 5, 0, 0, 14]
[C:\Program Files\AhnLab\V3\AZMain.DLL] [ESTSoft Corp, 3.6.9.543]
[C:\Program Files\AhnLab\V3\V3MailDt.dll] [AhnLab, Inc., 6, 0, 0, 91]
[PID: 2244][C:\Program Files\AhnLab\V3\V3IMPro.exe] [AhnLab, Inc., 6, 0, 0, 33]
[C:\Program Files\AhnLab\V3\V3IM.dll] [AhnLab, Inc., 6, 0, 0, 47]
[C:\Program Files\AhnLab\V3\V3Ift.dll] [AhnLab, Inc., 6, 0, 0, 5]
[C:\Program Files\AhnLab\V3\AhnCtlKD.dll] [AhnLab, Inc., 1, 0, 1, 7]
[C:\Program Files\AhnLab\V3\NLS\V3IM0804.nls] [AhnLab, Inc., 6, 0, 0, 8]
[C:\Program Files\AhnLab\V3\V3CfgE.dll] [AhnLab, Inc., 6, 0, 0, 96]
[PID: 2264][C:\WINDOWS\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 2272][C:\Documents and Settings\Boss\winampa~.exe] [N/A, N/A]
[PID: 2292][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[PID: 3460][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3120][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[PID: 3140][C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.391\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.391\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/CODE]
xiaoyueIQ - 2007-2-1 14:05:00
运行Sreng删除注册表
<upx1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\upx1.exe> [N/A]
<upxdnd1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\ztt.exe> [N/A]
<webService><C:\WINDOWS\services.exe> [N/A]
wsvbs><rem C:\WINDOWS\wsvbs.exe> [N/A]
<sdafdsafds><rem C:\WINDOWS\temp\155.exe> [N/A]
<Snewpeek><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\6.exe> [N/A]
寻找北方的哥儿 - 2007-2-1 14:07:00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<System><rem C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<upx1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\upx1.exe> [N/A]
<upxdnd1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\ztt.exe> [N/A]
<webService><C:\WINDOWS\services.exe> [N/A]
<Snewpeek><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\6.exe> [N/A]
<wsvbs><rem C:\WINDOWS\wsvbs.exe> [N/A]
<sdafdsafds><rem C:\WINDOWS\temp\155.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<_{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<_{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><> [N/A]
<_{6E44887F-5214-41F2-AB46-4728735C4CC6}><> [N/A]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]
服务
[4FEB270 / 4FEB270][Stopped/Auto Start]
<C:\WINDOWS\system32\4FEB270.EXE -service><Microsoft Corporation>
[9FFD0DA0 / 9FFD0DA0][Stopped/Auto Start]
<C:\WINDOWS\system32\9FFD0DA0.EXE -service><Microsoft Corporation>
[Imsvc / Imsvc][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Webmail.dll><>
[Remote Registry Protect / Investor][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\cgjhq.dll><Microsoft Corporation>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[SysServiceStart / ServiceStart][Running/Auto Start]
<C:\Windows\system32\RWBIQXEKRY.EXE><N/A>
[Security Machine Manager / SOCEESe][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\EKBMM.DLL,Export 1087><N/A>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
<C:\WINDOWS\system32\win.exe><N/A>
[Vsn vsxx Service / vsxx][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\bfda\imkh.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
<C:\WINDOWS\system32\kaven.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
驱动还没有看....是不是我太笨了??怎么找到这么多???楼下分析吧.....不敢再写了..
可能我对你的服务不熟悉....叫高手继续...
xiaoyueIQ - 2007-2-1 14:11:00
太多了吖.~~`
寻找北方的哥儿 - 2007-2-1 14:14:00
xiaoyueIQ - 2007-2-1 14:21:00
我没有说你..我是说木马和病毒太多了..
我也会看服务的所以不敢乱说怕害死人啊
飞舞的风筝 - 2007-2-1 14:26:00
你说的是我的电脑吗?还是寻找北方的哥儿
新版小欧 - 2007-2-1 14:27:00
最好楼主先清一下自家的系统先....
好多程序和插件.....
重启电脑再扫描一下吧,这日志看了就头痛丫.....
飞舞的风筝 - 2007-2-1 14:28:00
可以帮帮我删除吗?
寻找北方的哥儿 - 2007-2-1 14:32:00
不是说不能删,,,,而是好像太多了点.....
斑竹来看看呀...
xiaoyueIQ - 2007-2-1 14:34:00
却实是啊....有的我们都拿不准
1
© 2000 - 2026 Rising Corp. Ltd.
