1   1  /  1  页   跳转

找不到“yishou1.exe”

收藏
skyccill
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-16
  • 来自:
发表于: 2007-04-21 14:37 | 显示全部 短消息 资料
字号: 1楼

找不到“yishou1.exe”

[CODE]

2007-03-24,13:39:20

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Vcrmon><C:\Program Files\Virus Chaser\vcrmon.exe>  [New Technology Wave Inc.]
    <mppdys><C:\WINDOWS\mppdys.exe>  []
    <winform><C:\WINDOWS\winform.exe>  []
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <MediaCheck><C:\PROGRA~1\Kuree\MService.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]

==================================
启动文件夹
[AccessRunner DSL]
  <C:\Documents and Settings\Admin\「开始」菜单\程序\启动\AccessRunner DSL.lnk -->  [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[lsass network / lsass network][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\.exe><N/A>
[Virus Chaser Spider NT / spidernt][Running/Auto Start]
  <C:\Program Files\Virus Chaser\SpiderNT.exe><New Technology Wave Inc.>
[Windows Remote Service / WINRTM32][Running/Auto Start]
  <C:\WINDOWS\system32\winrtm32.exe><New Technology Wave Inc.>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Conexant AccessRunner USB ADSL WAN Adapter Filter Driver / CnxEtP][Stopped/Manual Start]
  <system32\DRIVERS\CnxEtP.sys><Conexant>
[Conexant AccessRunner USB ADSL Interface Device Driver / CnxEtU][Stopped/Manual Start]
  <system32\DRIVERS\CnxEtU.sys><Conexant>
[Conexant AccessRunner USB ADSL WAN Adapter Driver / CnxTgN][Stopped/Manual Start]
  <system32\DRIVERS\CnxTgN.sys><Conexant Systems Inc.>
[Virus Chaser Spider boot hook driver / drwebnet][Running/System Start]
  <\SystemRoot\system32\drivers\drwebnet.sys><Doctor Web Ltd>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><N/A>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Virus Chaser System Monitor / SPIDERCTL][Running/Auto Start]
  <\??\C:\Program Files\Virus Chaser\spider.sys><New Technology Wave Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {6E283399-7A2A-47B6-AEB2-197004272379} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Helper Class]
  {6E28339B-7A2A-47B6-AEB2-197004272379} <C:\WINDOWS\vchelper.dll, >
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[]
  {C64E4E3D-AAA0-4081-B6A7-22A40AFBFD35} <C:\WINDOWS\system32\rs.obj, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\应用软件\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[搜虎]
  {7A38130D-BEB7-4d60-BE7A-4C4AB6A85CD1} <C:\WINDOWS\vcbar11.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
  {6E283399-7A2A-47B6-AEB2-197004272379} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Helper Class]
  {6E28339B-7A2A-47B6-AEB2-197004272379} <C:\WINDOWS\vchelper.dll, >
[搜虎]
  {7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} <C:\WINDOWS\vcbar11.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[]
  {C64E4E3D-AAA0-4081-B6A7-22A40AFBFD35} <C:\WINDOWS\system32\rs.obj, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
最后编辑2007-04-21 15:05:11
分享到:
gototop
 
skyccill
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-16
  • 来自:
发表于: 2007-04-21 14:38 | 显示全部 短消息 资料
字号: 2楼

[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 368][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 456][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SSMWinlogonEx.dll]  [System Safety Limited, 2.3.0.612]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
[PID: 696][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
[PID: 812][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
[PID: 1192][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
[PID: 1516][C:\Program Files\Virus Chaser\SpiderNT.exe]  [New Technology Wave Inc., 5, 0, 1, 104]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
[PID: 1544][C:\WINDOWS\system32\cn.exe]  [N/A, ]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
[PID: 1608][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
[PID: 1620][C:\Program Files\Virus Chaser\vcrmon.exe]  [New Technology Wave Inc., 5, 0, 0, 101]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
[PID: 1624][C:\WINDOWS\system32\winrtm32.exe]  [New Technology Wave Inc., 5, 0, 0, 0]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
[PID: 1696][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
[PID: 1808][C:\PROGRA~1\Kuree\kpupdate.exe]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
[PID: 2044][C:\Program Files\Virus Chaser\spiderml.exe]  [Doctor Web, Ltd., 4.33.0.09160]
    [C:\Program Files\Virus Chaser\vchaser.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
    [C:\Program Files\Virus Chaser\drwspcnt.dll]  [Doctor Web, Ltd., 4.33.0.09160]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]
    [C:\WINDOWS\system32\DRWEBSP.DLL]  [Doctor Web, Ltd., 4.33.0.09160]
[PID: 1392][I:\PengKC\新建文件夹\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\SYSTEM32\CNKEY.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cn.DLL]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
DrwebSP.MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.RSVP TCP Service Provider
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)
DrwebSP.RSVP UDP Service Provider
    C:\WINDOWS\system32\DRWEBSP.DLL(Doctor Web, Ltd., Dr.Web Winsock Provider Hook)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误:NtQuerySystemInformation (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:RegEnumKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:RegEnumKeyExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:EnumServicesStatusA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:EnumServicesStatusW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:FindNextFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)
入口点错误:FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\CNKEY.DLL)

==================================
隐藏进程
    [716] C:\WINDOWS\system32\notepad.exe
    [1088] C:\WINDOWS\Explorer.EXE
    [1348] C:\program files\internet explorer\IEXPLORE.EXE
    [1356] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

==================================


[/CODE]




高手帮我看看 啊
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT