请高手看看 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请高手看看

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 3 页

跳转页

请高手看看

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-09 23:04 \| 只看楼主短消息资料字号：小中大 11楼 c:\windows\system\mainsv.exe C:\WINDOWS\mapserver.exe C:\WINDOWS\system\cmpku.exe C:\WINDOWS\rundll32.exe c:\windows\system\mainsv.exe C:\WINDOWS\System32\mswdm.exe 这几个文件删掉又出现,特别是这个C:\WINDOWS\system\cmpku.exe,说什么磁盘写保护.
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林	发表于： 2006-07-10 00:19 \| 短消息资料字号：小中大 12楼请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe 重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows 双击打开KillBox.exe，分别删除 C:\DOCUME~1\zyf\LOCALS~1\Temp\cesy.dll C:\WINDOWS\System32\mssie.exe C:\WINDOWS\FONTS\5B042.com C:\WINDOWS\system\cmpku.exe （删除时勾选“删除前先结束Explorer.EXE进程” 运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。 C:\WINDOWS\mapserver.exe c:\windows\system\mainsv.exe C:\WINDOWS\FONTS\5B042.com c:\windows\system\mainsv.exe C:\WINDOWS\System32\mssie.exe 运行(双击)System Repair Engineer，使用“启动项目，启动文件夹”来删除以下选项。 C:\Documents and Settings\All Users\「开始」菜单\程序\启动\启动.bat 删除 C:\WINDOWS\mapserver.exe c:\windows\system\mainsv.exe C:\WINDOWS\FONTS\5B042.com C:\DOCUME~1\zyf\LOCALS~1\Temp删除这个文件夹里所有能删除的东东。 C:\WINDOWS\System32\mssie.exe C:\WINDOWS\system\cmpku.exe 修复后，重启回到正常模式，请再扫份日志粘上来。
我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 10:44 \| 只看楼主短消息资料字号：小中大 13楼 2006-07-10,10:28:06 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <eMuleAutoStart><rem D:\新建文件夹\eMule\emule.exe -AutoStart> [] <Ntcheck><C:\WINDOWS\mapserver.exe> [UNDEATH] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] <Cmpnt><c:\windows\system\mainsv.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <RavTimer><C:\PROGRA~1\rising\Rav\RavTimer.exe> [rising] <RavMon><C:\PROGRA~1\rising\Rav\RavMon.exe> [rising] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <Cmpnt><C:\WINDOWS\system\ptsnopt.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] <RavMon><C:\PROGRA~1\rising\Rav\RavMon.exe /AUTO> [rising] <Shell><c:\windows\system\mainsv.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation]
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 10:45 \| 只看楼主短消息资料字号：小中大 14楼 ================================== 启动文件夹服务 [Rising Realtime Monitor Service / RsRavMon] <C:\Program Files\rising\rav\RavMonD.exe><rising> ================================== 浏览器加载项 [Yahoo 1G电邮] {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A> [寻宝乐趣多] {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A> [雅虎助手] {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A> [kele8] {84920E5F-3788-49cd-A274-E365578DF174} <http://www.kele8.com/, N/A> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [情景聊天] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [上传到QQ网络硬盘] <D:\QQ\AddToNetDisk.htm, N/A> [使用网际快车下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [添加到QQ自定义面板] <D:\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\QQ\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 420][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 792][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2> [PID: 912][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 940][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2> [PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620> [PID: 1244][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 1316][C:\Program Files\rising\rav\RavMonD.exe] <rising><16, 0, 0, 6> [C:\Program Files\rising\rav\RavMon.dll] <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 24> [C:\Program Files\rising\rav\guidll.dll] <rising><16, 0, 0, 31> [C:\Program Files\rising\rav\RsCommX.dll] <rising><15, 0, 1, 13> [C:\Program Files\rising\rav\Language.dll] <RiSing><15, 0, 0, 17> [C:\Program Files\rising\rav\Engine.dll] <rising><16, 0, 0, 41> [C:\Program Files\rising\rav\LibLoad.dll] <Rising><16, 0, 0, 25> [C:\Program Files\rising\rav\StoreDll.dll] <Beijing Rising Technology Co., Ltd.><13, 42, 0, 4> [C:\Program Files\rising\rav\ScanFile.dll] <rising><16, 0, 0, 33> [C:\Program Files\rising\rav\NVFile.dll] <rising><16, 0, 0, 4> [C:\Program Files\rising\rav\PostTrt.dll] <Rising><16, 0, 0, 13> [C:\Program Files\rising\rav\PostTrtX.dll] <瑞星科技股份有限公司><16, 0, 0, 5> [C:\Program Files\rising\rav\ExtFile.dll] <RiSing><16, 0, 0, 23> [C:\Program Files\rising\rav\ExtMail.dll] <rising><16, 0, 0, 24> [C:\Program Files\rising\rav\ScanEx.dll] <rising><16, 0, 0, 30> [C:\Program Files\rising\rav\UnMacro.dll] <rising><16, 0, 0, 8> [C:\Program Files\rising\rav\UnExe.dll] <Rising><16, 0, 0, 27> [C:\Program Files\rising\rav\UnMail.dll] <rising><16, 0, 0, 7> [C:\Program Files\rising\rav\BtEngine.dll] <rising><16, 0, 0, 30> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\zip.dll] <rising><13, 0, 0, 1> [C:\Program Files\rising\rav\VirusLib.dll] <rs><16, 0, 0, 13> [PID: 1876][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 112][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 920][C:\PROGRA~1\rising\Rav\RavMon.exe] <rising><16, 0, 0, 17> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\PROGRA~1\rising\Rav\RavMon.dll] <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 24> [C:\PROGRA~1\rising\Rav\guidll.dll] <rising><16, 0, 0, 31> [C:\PROGRA~1\rising\Rav\RsCommX.dll] <rising><15, 0, 1, 13> [C:\PROGRA~1\rising\Rav\Language.dll] <RiSing><15, 0, 0, 17> [PID: 984][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 888][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.2010> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\WINDOWS\System32\msdmo.dll] <N/A><N/A> [PID: 1328][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 612][C:\WINDOWS\system\ptsnopt.exe] <UNDEATH><3.02> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 360][D:\新建文件夹 (2)\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2>
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 10:45 \| 只看楼主短消息资料字号：小中大 15楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ==================================
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 10:48 \| 只看楼主短消息资料字号：小中大 16楼似乎搞定了,C:\WINDOWS\system\cmpku.exe这个文件要在任务管理器中终止cmpku.exe的进程才能删掉.
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林	发表于： 2006-07-10 13:25 \| 短消息资料字号：小中大 17楼这几项还在 C:\WINDOWS\mapserver.exe c:\windows\system\mainsv.exe C:\WINDOWS\system\ptsnopt.exe c:\windows\system\mainsv.exe 以上的方法在安全模式下都无法删除吗？建议再试一次完后，请再扫份日志粘上来。
我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 14:09 \| 只看楼主短消息资料字号：小中大 18楼 2006-07-10,13:58:57 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] <eMuleAutoStart><rem D:\新建文件夹\eMule\emule.exe -AutoStart> [] <Ntcheck><C:\WINDOWS\mapserver.exe> [UNDEATH] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] <Cmpnt><c:\windows\system\mainsv.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <RavTimer><C:\PROGRA~1\rising\Rav\RavTimer.exe> [rising] <RavMon><C:\PROGRA~1\rising\Rav\RavMon.exe> [rising] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [] <Cmpnt><C:\WINDOWS\system\ntdllf.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] <RavMon><C:\PROGRA~1\rising\Rav\RavMon.exe /AUTO> [rising] <Shell><c:\windows\system\mainsv.exe> [UNDEATH] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 启动文件夹服务 [Rising Realtime Monitor Service / RsRavMon] <C:\Program Files\rising\rav\RavMonD.exe><rising> ================================== 浏览器加载项 [Yahoo 1G电邮] {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A> [寻宝乐趣多] {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A> [雅虎助手] {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A> [kele8] {84920E5F-3788-49cd-A274-E365578DF174} <http://www.kele8.com/, N/A> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [情景聊天] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A> [] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A> [] {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [上传到QQ网络硬盘] <D:\QQ\AddToNetDisk.htm, N/A> [使用网际快车下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [使用网际快车下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [添加到QQ自定义面板] <D:\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\QQ\SendMMS.htm, N/A>
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 14:10 \| 只看楼主短消息资料字号：小中大 19楼 ================================== 正在运行的进程 [PID: 424][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 488][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 556][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 568][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 732][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 784][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2> [PID: 928][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2> [PID: 1108][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)> [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 1352][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\WINDOWS\System32\RAVEXT.DLL] <北京瑞星科技股份有限公司><16, 0, 0, 2> [PID: 1532][C:\PROGRA~1\rising\Rav\RavMon.exe] <rising><16, 0, 0, 17> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\PROGRA~1\rising\Rav\RavMon.dll] <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 24> [C:\PROGRA~1\rising\Rav\guidll.dll] <rising><16, 0, 0, 31> [C:\PROGRA~1\rising\Rav\RsCommX.dll] <rising><15, 0, 1, 13> [C:\PROGRA~1\rising\Rav\Language.dll] <RiSing><15, 0, 0, 17> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [PID: 1556][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [PID: 1564][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.2010> [C:\WINDOWS\System32\msdmo.dll] <N/A><N/A> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [PID: 1692][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)> [PID: 1764][C:\Program Files\rising\rav\RavMonD.exe] <rising><16, 0, 0, 6> [C:\Program Files\rising\rav\RavMon.dll] <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 24> [C:\Program Files\rising\rav\guidll.dll] <rising><16, 0, 0, 31> [C:\Program Files\rising\rav\RsCommX.dll] <rising><15, 0, 1, 13> [C:\Program Files\rising\rav\Language.dll] <RiSing><15, 0, 0, 17> [C:\Program Files\rising\rav\Engine.dll] <rising><16, 0, 0, 41> [C:\Program Files\rising\rav\LibLoad.dll] <Rising><16, 0, 0, 25> [C:\Program Files\rising\rav\StoreDll.dll] <Beijing Rising Technology Co., Ltd.><13, 42, 0, 4> [C:\Program Files\rising\rav\ScanFile.dll] <rising><16, 0, 0, 33> [C:\Program Files\rising\rav\NVFile.dll] <rising><16, 0, 0, 4> [C:\Program Files\rising\rav\PostTrt.dll] <Rising><16, 0, 0, 13> [C:\Program Files\rising\rav\PostTrtX.dll] <瑞星科技股份有限公司><16, 0, 0, 5> [C:\Program Files\rising\rav\ExtFile.dll] <RiSing><16, 0, 0, 23> [C:\Program Files\rising\rav\ExtMail.dll] <rising><16, 0, 0, 24> [C:\Program Files\rising\rav\ScanEx.dll] <rising><16, 0, 0, 30> [C:\Program Files\rising\rav\UnMacro.dll] <rising><16, 0, 0, 8> [C:\Program Files\rising\rav\UnExe.dll] <Rising><16, 0, 0, 27> [C:\Program Files\rising\rav\UnMail.dll] <rising><16, 0, 0, 7> [C:\Program Files\rising\rav\BtEngine.dll] <rising><16, 0, 0, 30> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\zip.dll] <rising><13, 0, 0, 1> [C:\Program Files\rising\rav\VirusLib.dll] <rs><16, 0, 0, 13> [PID: 1184][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [PID: 280][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2> [C:\WINDOWS\System32\RavScrCh.dll] <><16, 0, 0, 3> [C:\WINDOWS\System32\UnMail.dll] <rising><16, 0, 0, 7> [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [PID: 1080][C:\WINDOWS\system\ntdllf.exe] <UNDEATH><3.02> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [PID: 1856][D:\新建文件夹 (2)\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\rising\rav\ApiHook.dll] <北京瑞星><16, 0, 0, 19> [C:\Program Files\rising\rav\MemMon.dll] <北京瑞星><16, 0, 0, 20> [C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1> [C:\Program Files\rising\rav\RavProxy.dll] <rising><16, 0, 0, 2>
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:	发表于： 2006-07-10 14:10 \| 只看楼主短消息资料字号：小中大 20楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ==================================
漫步跑跑初生襁褓狮帖子:83 注册: 2006-06-13 来自:

<<上一主题|下一主题>>

2 / 3 页

跳转页

页面顶部

Powered by Discuz!NT