版主：如何提交可疑程序的Processinfo?

悠悠若月 · 发表于 2010-2-7 15:00:16

提示: 该帖被管理员或版主屏蔽

风小吟 · 发表于 2010-2-7 15:02:42

提示: 该帖被管理员或版主屏蔽

王子↑漫步 · 发表于 2010-2-7 15:03:01

把内容贴出来把，我看看

叶小落 · 发表于 2010-2-7 15:03:49

围观

mw376327028 · 发表于 2010-2-7 15:03:57

看专家

悠悠若月 · 发表于 2010-2-7 15:04:06

ver 1.1

Windows XP
注册表启动信息
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1                                           "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync                                     D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A                                           D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
IgfxTray                                           D:\WINDOWS\system32\igfxtray.exe
HotKeysCmds                                        D:\WINDOWS\system32\hkcmd.exe
360Safebox                                           "D:\Program Files\360Safebox\SafeBoxTray.exe" /r
AGRSMMSG                                           AGRSMMSG.exe
hhukcert02                                           D:\WINDOWS\system32\hhukcert02.exe
checkinstall                                        D:\Program Files\ICBC Personal Internet Banking Certificate Tools\ICBC\BHDC(Personal)\CheckInstall.exe

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe                                           D:\WINDOWS\system32\ctfmon.exe
360sd                                              "D:\Program Files\360sd\360sd.exe" /autorun
swg                                                 "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msmsgs                                              "D:\Program Files\Messenger\msmsgs.exe" /background

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
DebugOptions                                        2048
Documents
DosPrint                                           no
NetMessage                                           no
NullPort                                           None
Programs                                           com exe bat pif cmd

===========================================
系统进程列表
映像名称                                                       PID
D:\ProcessInfo.exe                                           0
System                                                       4
smss.exe                                                       564
csrss.exe                                                    632
winlogon.exe                                                 656
services.exe                                                 700
lsass.exe                                                    712
svchost.exe                                                    864
svchost.exe                                                    924
svchost.exe                                                    992
svchost.exe                                                    1088
svchost.exe                                                    1204
spoolsv.exe                                                    1412
scardsvr.exe                                                 1460
svchost.exe                                                    872
stormliv.exe                                                 1048
alg.exe                                                       1960
D:\WINDOWS\Explorer.EXE                                        1024
D:\WINDOWS\system32\wuauclt.exe                               1620
D:\WINDOWS\system32\igfxtray.exe                               1612
D:\WINDOWS\system32\hkcmd.exe                                  628
D:\Program Files\360Safebox\SafeBoxTray.exe                   204
D:\WINDOWS\AGRSMMSG.exe                                        268
D:\WINDOWS\system32\hhukcert02.exe                            1076
D:\WINDOWS\system32\ctfmon.exe                               2304
D:\Program Files\360sd\360sd.exe                               2408
GoogleToolbarNotifier.exe                                     2424
360rp.exe                                                    2924
E:\新建文件夹\Bin\QQ.exe                                     2224
E:\新建文件夹\Bin\TXPlatform.exe                               440
D:\Program Files\Internet Explorer\iexplore.exe                3900
D:\ProcessInfo.exe                                           4068
E:\梦幻西游\梦幻西游\my.exe                                  2176

悠悠若月 · 发表于 2010-2-7 15:05:07

===========================================
梦幻西游进程信息
2176 my.exe
地址             长度             模块路径                                  模块描述                                           公司                                     版本
4194304          1654784          E:\梦幻西游\梦幻西游\my.exe                梦幻西游                                           Netease                                  2, 0, 0, 3
2089943040       614400          D:\WINDOWS\system32\ntdll.dll             NT Layer DLL                                        Microsoft Corporation                      5.1.2600.5755
2088763392       1171456          D:\WINDOWS\system32\kernel32.dll          Windows NT BASE API Client DLL                      Microsoft Corporation                      5.1.2600.5781
1561788416       630784          D:\WINDOWS\system32\COMCTL32.dll          Common Controls Library                            Microsoft Corporation                      6.00.2900.5512
2010775552       692224          D:\WINDOWS\system32\ADVAPI32.dll          Advanced Windows 32 Base API                         Microsoft Corporation                      5.1.2600.5755
2011496448       598016          D:\WINDOWS\system32\RPCRT4.dll             Remote Procedure Call Runtime                      Microsoft Corporation                      5.1.2600.5795
2013003776       69632          D:\WINDOWS\system32\Secur32.dll          Security Support Provider Interface                Microsoft Corporation                      5.1.2600.5834
2012151808       299008          D:\WINDOWS\system32\GDI32.dll             GDI Client DLL                                     Microsoft Corporation                      5.1.2600.5698
2010185728       589824          D:\WINDOWS\system32\USER32.dll             Windows XP USER API Client DLL                      Microsoft Corporation                      5.1.2600.5512
1982857216       118784          D:\WINDOWS\system32\IMM32.DLL             Windows XP IMM32 API Client DLL                      Microsoft Corporation                      5.1.2600.5512
1656881152       36864          D:\WINDOWS\system32\LPK.DLL                Language Pack                                        Microsoft Corporation                      5.1.2600.5512
1945763840       438272          D:\WINDOWS\system32\USP10.dll             Uniscribe Unicode script processor                   Microsoft Corporation                      1.0420.2600.5512
1991311360       172032          D:\WINDOWS\system32\winmm.dll             MCI API DLL                                        Microsoft Corporation                      5.1.2600.5512
1906442240       94208          D:\WINDOWS\system32\WS2_32.dll             Windows Socket 2.0 32-Bit DLL                      Microsoft Corporation                      5.1.2600.5512
2008940544       360448          D:\WINDOWS\system32\msvcrt.dll             Windows NT CRT DLL                                  Microsoft Corporation                      7.0.2600.5512
1906376704       32768          D:\WINDOWS\system32\WS2HELP.dll          Windows Socket 2.0 Helper for Windows NT             Microsoft Corporation                      5.1.2600.5512
2102984704       8339456          D:\WINDOWS\system32\SHELL32.dll          Windows Shell Common Dll                            Microsoft Corporation                      6.00.2900.5686
2012479488       483328          D:\WINDOWS\system32\SHLWAPI.dll          Shell Light-weight Utility Library                   Microsoft Corporation                      6.00.2900.5512
1998061568       1060864          D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll User Experience Controls Library                   Microsoft Corporation                      6.00.2900.5512
1524367360       225280          D:\WINDOWS\system32\uxtheme.dll          Microsoft UxTheme Library                            Microsoft Corporation                      6.00.2900.5512
1952972800       311296          D:\WINDOWS\system32\MSCTF.dll             MSCTF Server DLL                                     Microsoft Corporation                      5.1.2600.5512
1993801728       139264          D:\WINDOWS\system32\apphelp.dll          Application Compatibility Client Library             Microsoft Corporation                      5.1.2600.5512
1935933440       188416          D:\WINDOWS\system32\msctfime.ime          Microsoft Text Frame Work Service IME                Microsoft Corporation                      5.1.2600.5768
1989738496       1298432          D:\WINDOWS\system32\ole32.dll             Microsoft OLE for Windows                            Microsoft Corporation                      5.1.2600.5512
1906049024       253952          D:\WINDOWS\System32\mswsock.dll          Microsoft Windows Sockets 2.0 Service Provider       Microsoft Corporation                      5.1.2600.5625

lin2192208 · 发表于 2010-2-7 15:05:09

等待砖家叫兽

╯仅留旳残温 · 发表于 2010-2-7 15:05:30

..还有这事！~

王子↑漫步 · 发表于 2010-2-7 15:06:15

原帖由 悠悠若月 于 2010-2-7 15:04 发表
ver 1.1

Windows XP
注册表启动信息
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /S ...

Google Toolbar （谷歌工具栏）建议卸载
MSN的开机启动可以取消
其他的并没有发现异常！

°浠．／cute · 发表于 2010-2-7 15:06:55

额....

悠悠若月 · 发表于 2010-2-7 15:08:06

登录游戏时候出现对话框说发现mu,ma或第三方软件在修改客户端

叶小落 · 发表于 2010-2-7 15:10:04

原帖由 王子↑漫步 于 2010-2-7 15:06 发表

Google Toolbar （谷歌工具栏）建议卸载
MSN的开机启动可以取消
其他的并没有发现异常！

砖家人物

王子↑漫步 · 发表于 2010-2-7 15:10:23

提示: 该帖被管理员或版主屏蔽

所謂づ傾城 · 发表于 2010-2-7 15:11:48

kcmd.exe

风小吟风小吟当前离线积分 18425 头像被屏蔽今日未签到	沙发发表于 2010-2-7 15:02:42 \| 只看该作者来自：广东提示: 该帖被管理员或版主屏蔽
风小吟风小吟当前离线积分 18425 头像被屏蔽今日未签到
	回复支持反对使用道具举报

王子↑漫步王子↑漫步当前离线积分 9876 头像被屏蔽今日未签到	14楼发表于 2010-2-7 15:10:23 \| 只看该作者来自：江西提示: 该帖被管理员或版主屏蔽
王子↑漫步王子↑漫步当前离线积分 9876 头像被屏蔽今日未签到
	回复支持反对使用道具举报

版主：如何提交可疑程序的Processinfo?

浏览过的版块