|
- UID
- 112893
- 帖子
- 10
- 积分
- 37
- 威望
- 2 点
- A币
- -2 元
- 阅读权限
- 10
- 最后登录
- 2008-1-22
|
2#
发表于 2008-1-21 18:13
| 只看该作者
刚刚没发完搞错了
2008-01-21 星期一,18:10:50.31
----------------进程及其启动命令--------------
PROCESS PID COMMAND LINE
smss.exe 1184 \SystemRoot\System32\smss.exe
csrss.exe 1248 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 1272 winlogon.exe
services.exe 1328 C:\WINDOWS\system32\services.exe
lsass.exe 1340 C:\WINDOWS\system32\lsass.exe
svchost.exe 1504 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 1560 C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1724 C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1784 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 204 C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 532 C:\WINDOWS\system32\spoolsv.exe
Explorer.EXE 768 C:\WINDOWS\Explorer.EXE
AdskScSrv.exe 920 "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
BoBoTurbo.exe 956 C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe
CDANTSRV.EXE 1012 C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
MDM.EXE 656 "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
raysat_3dsmax8server.exe 1404 "E:\应用软件\3d 8\mentalray\satellite\raysat_3dsmax8server.exe"
nod32krn.exe 1652 "C:\Program Files\Eset\nod32krn.exe"
nvsvc32.exe 1664 C:\WINDOWS\system32\nvsvc32.exe
svchost.exe 1716 C:\WINDOWS\system32\svchost.exe -k imgsvc
360Tray.exe 748 "F:\360\360safe\safemon\360Tray.exe" /start
alg.exe 744 C:\WINDOWS\System32\alg.exe
nod32kui.exe 800 "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
ctfmon.exe 912 "C:\WINDOWS\system32\ctfmon.exe"
QQ.exe 2292 "D:\QQ2\Q Q\QQ\QQ.exe"
TIMPlatform.exe 2476 "D:\QQ2\Q Q\QQ\TIMPlatform.exe" -Embedding
conime.exe 732 C:\WINDOWS\system32\conime.exe
Thunder5.exe 3924 "E:\下载与工具软件\讯雷12在线\Program\Thunder5.exe" /8d24a5bd /q
notepad.exe 3084 "C:\WINDOWS\notepad.exe" C:\Documents and Settings\xiao\桌面\辉少查毒\辉少查毒.txt
iexplore.exe 2016 "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
辉少查毒.exe 652 "C:\Documents and Settings\xiao\桌面\辉少查毒\辉少查毒.exe"
cmd.exe 2160 cmd.exe /c C:\DOCUME~1\xiao\LOCALS~1\Temp\bt1864.bat
辉少查毒.com 3508 "辉少查毒.com" -l
-
-------------------注册表启动项-------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 REG_SZ ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
sayingclock REG_SZ ; E:\建辉软件\SAYING
CorelDRAW Graphics Suite 11b REG_SZ ; E:\应用软件\CorelDraw 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=050907 serial=DR12CRC-7032960-LBH lan
VMSnap3 REG_SZ ; C:\WINDOWS\VMSnap3.EXE
StormCodec_Helper REG_SZ ; "F:\暴风影\Storm Codec\StormSet.exe" /S /o
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
360Safetray REG_SZ F:\360\360safe\safemon\360Tray.exe /start
nod32kui REG_SZ "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ ; "C:\Program Files\Messenger\msmsgs.exe" /background
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui 预加?
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ 组件类别
-
-------------------IE加载项----------------------------
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
-
-------------------映像劫持----------------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
# copyright (c) 1993-1999 microsoft corp.
#
# this is a sample hosts file used by microsoft tcp/ip for windows.
#
# this file contains the mappings of ip addresses to host names. each
# entry should be kept on an individual line. the ip address should
# be placed in the first column followed by the corresponding host name.
# the ip address and the host name should be separated by at least one
# space.
#
# additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# for example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
#cnnod32.cn 2008-1-2 18:48
61.178.85.174 u1.cnnod32upserver
61.150.85.189 u2.cnnod32upserver
211.91.111.134 u3.cnnod32upserver
61.150.85.189 u4.cnnod32upserver
61.143.251.80 u5.cnnod32upserver
61.152.91.242 u6.cnnod32upserver
-
-------------------各个盘的autorun.inf---------------------------- |
|
发表于 2008-1-21 19:23
|