- 论坛徽章:
- 0
|
原帖由 deeperpurple 于 2007-4-21 21:30 发表
用System Repair Engineer 的智能扫描,发个Log上来;
spooler、alg这样的服务可以关掉;
在80端口监听,可能有个木马;
把所有与网络相关的程序关掉,用Wireshark抓包看看;
这是我的扫描结果,请帮我分析一下。谢谢了
- 2007-04-22,01:21:33
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <DAEMON Tools><"e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
- <RavTask><"e:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
- <RfwMain><"e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
- <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Publisher]
- <SunJavaUpdateSched><E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe> [Sun Microsystems, Inc.]
- <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
- <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
- <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
- <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
- <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
- <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
- <ATIModeChange><Ati2mdxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
- ==================================
- 启动文件夹
- [腾讯QQ]
- <C:\Documents and Settings\HollyLee\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
- ==================================
- 服务
- [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
- <C:\WINDOWS\system32\Ati2evxx.exe><>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
- <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
- [Rising Personal Firewall Service / RfwService][Running/Auto Start]
- <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
- [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
- <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
- [Rising Process Communication Center / RsCCenter][Running/Auto Start]
- <"e:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
- [Rising RealTime Monitor / RsRavMon][Running/Auto Start]
- <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
- ==================================
- 驱动程序
- [SENS LT56ADW Modem / AgereSoftModem][Running/Manual Start]
- <system32\DRIVERS\AGRSM.sys><Agere Systems>
- [ati2mtag / ati2mtag][Running/Manual Start]
- <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
- [Rising TDI Base Driver / BaseTDI][Running/Auto Start]
- <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
- [Cirrus Logic WDM Audio Codec Driver / cs429x][Running/Manual Start]
- <system32\drivers\cwawdm.sys><Cirrus Logic, Inc.>
- [Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
- <system32\DRIVERS\e100b325.sys><Intel Corporation>
- [ExpScaner / ExpScaner][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
- [HookCont / HookCont][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
- [HookReg / HookReg][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
- [HookSys / HookSys][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
- [HookUrl / HookUrl][Running/Auto Start]
- <\??\e:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
- [MEMSCAN / MEMSCAN][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
- [mProcRs / mProcRs][Running/Auto Start]
- <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
- [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
- <system32\drivers\npf.sys><Politecnico di Torino>
- [npkcrypt / npkcrypt][Running/Auto Start]
- <\??\e:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [PxHelp20 / PxHelp20][Running/Boot Start]
- <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
- [RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
- <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
- [RsFwDrv / RsFwDrv][Running/Auto Start]
- <\??\e:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
- [RsNTGDI / RsNTGDI][Running/Boot Start]
- <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
- [RSPPSYS / RSPPSYS][Running/Auto Start]
- <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [sptd / sptd][Running/Boot Start]
- <\SystemRoot\System32\Drivers\sptd.sys><N/A>
- [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
- <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
- ==================================
- 浏览器加载项
- [Thunder Browser Helper]
- {54EBD539-9BC1-480B-966A-843A333CA162} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
- [QQBrowserHelperObject Class]
- {54EBD53A-9BC1-480B-966A-843A333CA162} <e:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [BandIE Class]
- {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, N/A>
- [Windows Live Sign-in Helper]
- {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
- [Java Plug-in 1.5.0_01]
- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
- [启动迅雷5]
- {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <e:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
- [浩方对战平台]
- {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\Program Files\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
- [信息检索(&R)]
- {92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
- [QQ]
- {c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
- [QQIEFloatBarCfgCmd Class]
- {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <e:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [Messenger]
- {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
- [百度超级搜霸]
- {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, N/A>
- [Edit Class]
- {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
- [Java Plug-in 1.5.0_01]
- {8AD9C840-044E-11D1-B3E9-00805F499D93} <E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
- [Java Plug-in 1.5.0_01]
- {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [Thunder Browser Helper]
- {54EBD539-9BC1-480B-966A-843A333CA162} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
- [QQBrowserHelperObject Class]
- {54EBD53A-9BC1-480B-966A-843A333CA162} <e:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [Active Desktop Mover]
- {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
- [BandIE Class]
- {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, N/A>
- [Thunder Browser Helper]
- {889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
- [Windows Live Sign-in Helper]
- {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
- [百度超级搜霸]
- {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, N/A>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [&使用迅雷下载]
- <e:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
- [&使用迅雷下载全部链接]
- <e:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
- [上传到QQ网络硬盘]
- <E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
- [添加到QQ表情]
- <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
- [用QQ彩信发送该图片]
- <E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 608][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 692][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 716][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 760][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 772][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1004][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1116][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 512][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1220][e:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
- [e:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
- [e:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
- [e:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
- [e:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
- [e:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 244][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 260][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 264][E:\Program Files\Java\jre1.5.0_01\bin\jusched.exe] [Sun Microsystems, Inc., 1.5.0.10]
- [PID: 1948][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.4035]
- [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.4035]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.4035]
- [PID: 824][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.18 2.1.18 09/11/2002 17:23:56]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 1240][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 1480][E:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.08.0.0]
- [e:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.08.0.0]
- [e:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
- [e:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.0.0]
- [e:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0]
- [e:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.01.0.0]
- [e:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.18.0.0]
- [e:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0]
- [e:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [PID: 2900][E:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 80]
- [E:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
- [e:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
- [E:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
- [PID: 2648][e:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
- [PID: 3248][C:\DOCUME~1\HollyLee\LOCALS~1\Temp\Rar$EX01.085\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.2.9 03Jan03]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- N/A
- ==================================
- 隐藏进程
- N/A
- ==================================
|
|
免费注册
发表于 2007-04-21 07:37
