1   1  /  1  页   跳转

auto.exe高手帮忙看看

收藏
暗焰欣空
头像
拙长孩提狮
  • 帖子:142
  • 注册: 2007-03-23
  • 来自:
发表于: 2007-06-29 09:48 | 只看楼主 短消息 资料
字号: 1楼

auto.exe高手帮忙看看

[CODE]

2007-06-29,09:34:06

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <LTSMMSG><LTSMMSG.exe>  [LT]
    <PmProxy><C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe>  [adi]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><f:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[腾讯通]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\腾讯通.lnk --> C:\PROGRA~1\Tencent\RTX\rtxc.exe [Tencent]><N>
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
最后编辑2007-06-29 09:44:25
分享到:
gototop
 
暗焰欣空
头像
拙长孩提狮
  • 帖子:142
  • 注册: 2007-03-23
  • 来自:
发表于: 2007-06-29 09:49 | 只看楼主 短消息 资料
字号: 2楼

服务
[Error Reporting Service / ERSvc][Running/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Print Spooler / Spooler][Stopped/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[5412F41F / 5412F41F][Stopped/Auto Start]
  <C:\WINDOWS\system32\9DF85D38.EXE -k><Microsoft Corporation>
[C66DC2DC / C66DC2DC][Stopped/Auto Start]
  <C:\WINDOWS\system32\D6F5ED15.EXE -p><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ecpar / ecpar][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\ecpar.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TOSHIBA Software Modem / TOSHIBASoftModem][Stopped/Manual Start]
  <system32\DRIVERS\LTSM.sys><LT>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[3024569 / 3024569][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
gototop
 
暗焰欣空
头像
拙长孩提狮
  • 帖子:142
  • 注册: 2007-03-23
  • 来自:
发表于: 2007-06-29 09:50 | 只看楼主 短消息 资料
字号: 3楼

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <f:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <f:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <f:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <f:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <f:\Program Files\360safe\live.dll, 360safe.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <f:\Program Files\360safe\safemon\safemon.dll, >
[使用迅雷下载]
  <f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 652][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\79952F30.DLL]  [Microsoft Corporation, ]
[PID: 700][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 712][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 864][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 1484][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [f:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Tencent\RTX\RTXShl.dll]  [Tencent, 1, 0, 0, 1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\79952F30.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1896][C:\WINDOWS\LTSMMSG.exe]  [LT,  3.1.118.2 04/18/2003 10:06:28]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 1924][C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe]  [adi, 1, 0, 0, 18]
    [C:\Program Files\Analog Devices\SoundMAX\PMCPL.cpl]  [Analog Devices, 1, 0, 0, 19]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 1408][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 168][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 192][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 492][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\C7EC7EE8.DLL]  [Microsoft Corporation, ]
[PID: 4056][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3340][f:\Program Files\360safe\360Safe.exe]  [奇虎网, 3, 5, 1, 1001]
    [f:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [f:\Program Files\360safe\AntiEng.dll]  [360Safe.com, 3, 5, 1, 1001]
    [f:\Program Files\360safe\Antispy.dll]  [奇虎网, 3, 5, 1, 1001]
    [f:\Program Files\360safe\LeakCheck.dll]  [360Safe.com, 3, 5, 1, 1001]
    [f:\Program Files\360safe\CleanHis.dll]  [奇虎网, 3, 0, 2, 1000]
    [f:\Program Files\360safe\AntiActi.dll]  [360Safe.com, 2, 0, 0, 3000]
    [f:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1016]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1920][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\WinRAR\Formats\tar.fmt]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 2104][f:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 5, 1, 1001]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [f:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [f:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
[PID: 3696][F:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 2, 1360]
    [F:\Program Files\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 50]
    [F:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
    [F:\Program Files\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 3356]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [F:\Program Files\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 200]
    [F:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [F:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [F:\Program Files\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 62]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
[PID: 2548][C:\Documents and Settings\aaaa\桌面\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [f:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
HOSTのS
头像
飘泊而立狮
  • 帖子:784
  • 注册: 2007-06-10
  • 来自:
发表于: 2007-06-29 09:54 | 短消息 资料
字号: 4楼

删除服务
[Error Reporting Service / ERSvc][Running/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[5412F41F / 5412F41F][Stopped/Auto Start]
<C:\WINDOWS\system32\9DF85D38.EXE -k><Microsoft Corporation>
[C66DC2DC / C66DC2DC][Stopped/Auto Start]
<C:\WINDOWS\system32\D6F5ED15.EXE -p><Microsoft Corporation>
驱动
[3024569 / 3024569][Running/]
<2 - 系统找不到指定的文件。
><N/A>
删除文件

[C:\WINDOWS\system32\C7EC7EE8.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\79952F30.DLL] [Microsoft Corporation, ]
这个驱动可疑
[ecpar / ecpar][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\ecpar.sys><N/A>
等高手鉴定
删除Autorun.inf
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT