电脑系统Wndas和xP_xp系统和win系统
1.VB6+XP环境下,如何使用API函数动态创建菜单?
2.救命,中木马了,msdll.dll和rundll32.exe,然后电脑就没声音了
3dm2.exe AcctMgr.exe acrobat.exe
acrord32.exe acrotray.exe ACS.exe
acsd.exe adgjdet.exe AdobeUpdateManager.exe
adservice.exe adusermon.exe agent.exe
agrsmmsg.exe AgtServ.exe aim.exe
aim95.exe AIT alogserv.exe
anvshell.exe AOLacsd.exe AOLDial.exe
aom.exe apntex.exe apoint.exe
asfagent.exe ashWebSv.exe astart.exe
ati2evxx.exe ATIevxx.exe atiptaxx.exe
atrack.exe aupdate.exe autochk.exe
consol.exe AVENGINE.EXE gserv.exe
gupsvc.exe gw.exe pcc.exe
synmgr.exe backweb-137903.exe backweb-8876480.exe
bacstray.exe bcmsmmsg.exe blackd.exe
bpcpost.exe BRMFRSMG.EXE brss01a.exe
BRSVC01A.EXE tnserv.exe ca.exe
calc.exe carpserv.exe CCAP.EXE
cc.exe ccevtmgr.exe ccproxy.exe
ccpxysvc.exe ccregvfy.exe cdac11ba.exe
cdantsrv.exe cdplayer.exe cfd.exe
cfgwiz.exe cftmon.exe charmap.exe
cleanup.exe cli.exe cmanager.exe
cu.exe Companion.exe comsmd.exe
cpd.exe crypserv.exe crypserv.exe
cthelper.exe ctnotify.exe ctsvccda.exe
c***d.exe dad.exe dadtray.exe
damon.exe dap.exe DCData.exe
dcfssvc.exe ddcman.exe defwatch.exe
delayrun.exe devenv.exe devldr.exe
devldr16.exe devldr32.exe dfrgntfs.exe
digstream.exe directcd.exe dit.exe
ditexp.exe dkservice.exe dlg.exe
dllcmd32.exe dmadmin.exe dpmw32.exe
dpps2.exe dragdiag.exe drwtsn32.exe
dsentry.exe dvzmsgr.exe dw.exe
dwrcs.exe dwwin.exe dxdllreg.exe
e_s10ic2.exe EasyShare.exe eausbkbd.exe
eEBSvc.exe em_exec.exe essspk.exe
evntsvc.exe excel.exe ezsp_px.exe
findfast.exe firedaemon.exe firefox.exe
flash.exe FrameworkService.exe full.exe
fxssvc.exe fxsvr2.exe gamechannel.exe
gbpoll.exe gcastdtserv.exe gcIPtoHostQueue.exe
gearsec.exe ghost_2.exe gwmdmmsg.exe
hc.exe helpctr.exe helper.exe
helpinst.exe hh.exe hijackthis.exe
hkcmd.exe hl.exe hndlrsvc.exe
hpcmpmgr.exe hpgs2wnd.exe hpgs2wnf.exe
hphmon05.exe hpoevm06.exe hpoevm08.exe
hpoevm09.exe hposts08.exe hpotdd01.exe
HPQTRA08.EXE hpsysdrv.exe hpzipm12.exe
hpztsb01.exe hpztsb02.exe hpztsb04.exe
hpztsb05.exe hpztsb06.exe hpztsb07.exe
hpztsb08.exe htpatch.exe iam.exe
iao.exe iap.exe icepack.exe
ico.exe icq.exe icwconn1.exe
ie5setup.exe ie6setup.exe igfxtray.exe
imgicon.exe InoRT.exe installstub.exe
instantaccess.exe ipmon32.exe iPodManager.exe
ipodservice.exe iPodWatcher.exe irmon.exe
isafe.exe issch.exe ISSVC.exe
isuspm.exe iTunesHelper.exe iw.exe
ja.exe jaw.exe JDBGMGR.EXE
jusched.exe k.exe kazaa.exe
kbd.exe KEM.exe khalmnpr.exe
khost.exe kodakimg.exe kontiki.exe
lexbces.exe lexpps.exe livenote.exe
llssrv.exe loadqm.exe logi_mwx.exe
logon.scr logwatnt.exe ltsmmsg.exe
luall.exe lucoms.exe lucoms~1.exe
lucomserver.exe lvcoms.exe LVCOMSX.EXE
lxsupmon.exe manifestengine.exe mantispm.exe
mcshield.exe mcvsescn.exe mcvsftsn.exe
mcvsrte.exe mdm.exe mediadet.exe
mgabg.exe mghtml.exe mimboot.exe
mixer.exe mm_tray.exe mmjb.exe
mmkeybd.exe mmtask.exe mmx.exe
mnmsrvc.exe mobsync.exe monwow.exe
mosearch.exe motivesb.exe motmon.exe
MpfAgent.exe mplayer.exe mplayer2.exe
mqsvc.exe mrt.exe mrtmngr.exe
msgsys.exe mshta.exe msimn.exe
MSKSrvr.exe msmsgs.exe msnau.exe
msnmsgr.exe mspaint.exe mspmspsv.exe
mssvc.exe mssysmgr.exe mstsc.exe
naimas32.exe naprdmgr.exe napsvc.exe
napw32.exe nw32.exe NclTray.exe
ndetect.exe nerocheck.exe netscape.exe
netscp.exe netscp6.exe nhksrv.exe
nisserv.exe nisum.exe nmain.exe
nmssvc.exe nopdb.exe notepad.exe
notifyalert.exe nprotect.exe nsctop.exe
ntbackup.exe nvsvc32.exe nwiz.exe
ocraware.exe odhost.exe ofcdog.exe
olfsnt40.exe omtsreco.exe opscan.exe
opware32.exe opxp.exe osa.exe
osa9.exe osd.exe OSE.EXE
ossproxy.exe outlook.exe p_981116.exe
patch.exe pccpfw.exe PCMService.exe
pctptt.exe pctspk.exe pdesk.exe
pds.exe pelmiced.exe perl.exe
pinger.exe playlist.exe plib_version
pntiomon.exe point32.exe pop3trap.exe
poproxy.exe precisiontime.exe printray.exe
promon.exe pronomgr.exe prpcui.exe
ps2.exe psfree.exe ptsnoop.exe
putty.exe qagent.exe qserver.exe
qttask.exe quickpar.exe quickset.exe
qwdlls.exe r_server.exe RAMASST.exe
ramsys.exe rar.exe RcMan.exe
realevent.exe realplay.exe realsched.exe
realtime.exe reboot.exe recguard.exe
regedit.exe regshe.exe residence.exe
rmctrl.exe rnathchk.exe rn.exe
rndal.exe rscmpt.exe rsednclient.exe
rtvscan.exe rulaunch.exe rxmon.exe
s3hk.exe sagent2.exe sroam.exe
SAVScan.exe sbhc.exe scandisk.exe
schwizex.exe SDMCP.exe Search.exe
selfcert.exe sentry.exe server.exe
service.exe setup.exe sgtray.exe
shellmon.exe showbehind.exe shstat.exe
Shutdown.exe shwicon2k.exe sk9910dm.exe
sle.exe slmss.exe slrundll.exe
SM1BG.EXE smc.exe SNDMon.exe
SNDSrvc.exe sndvol32.exe soundman.exe
sp.exe srmclean.exe srng.exe
ssdpsrv.exe starteak.exe starter.exe
statemgr.exe steam.exe stimon.exe
stinger.exe stisvc.exe store.exe
stub.exe studio.exe suchost.exe
support.exe swdoctor.exe swEudora.exe
sxgtkbar.exe sychost.exe symproxysvc.exe
symwsc.exe sync.exe syntpenh.exe
syntplpr.exe SysAI.exe sysdoc32.exe
sysdoor.exe sysdown.exe system idle
Sysupd.exe tcaudiag.exe tclock.exe
TeaTimer.exe tfswctrl.exe tfswshx.dll
tgcmd.exe tgfix.exe tkbell.exe
TkBellExe tmlisten.exe tmntsrv.exe
TMOAgent.exe tmproxy.exe tppaldr.exe
tsc.exe TSMSvc.exe type32.exe
UAService7.exe ULCDRSvr.exe uninst.exe
uninstall.exe unrar.exe unwise.exe
updaterui.exe updatestats.exe updreg.exe
uptodate.exe UrlLstCk.exe urlmap.exe
UsrPrmpt.exe vetmsg.exe ViewMgr.exe
vpc32.exe vptray.exe vshwin32.exe
vsmon.exe vsstat.exe vstskmgr.exe
VTTimer.exe W3wp.exe wab.exe
wanmpsvc.exe waol.exe wcescomm.exe
wcmdmgr.exe wcmdmgrl.exe wdfmgr.exe
WEBPROXY.EXE webrebates1.exe webscanx.exe
webshots.scr win32sl.exe winamp.exe
winampa.exe winpopup.exe Winrar.exe
WinSync.exe winword.exe winzip32.exe
WISPTIS.EXE wjview.exe wkcalrem.exe
wkufind.exe wltrysvc.exe wm.exe
wmplayer.exe wordpad.exe wrer.exe
wscript.exe wuser32.exe wwDisp.exe
wzqkpick.exe xfr.exe xl.exe
ybrwicon.exe ycommon.exe ypager.exe
zapro.exe zcfgsvc.exe zlclient.exe
QQ.exe timplatform.exe thunder.exe
tdupdate.exe pig.exe ttreler.exe
nettransport.exe ylive.exe kpfw.exe
r.exe eebagent.exe pfw.exe
duduprosvc.exe kstart.exe kvsrvxp.exe
Maxthon.exe hwhotkey.exe Theworld.exe
flashget.exe flyshuttle.exe fastait.exe
assistse.exe yassistse.exe kvmonxp.kxp
VB6+XP环境下,如何使用API函数动态创建菜单?
winupdate - winupdate.exe - 进程信息
进程文件: winupdate 或者 winupdate.exe
进程名称: RADO virus
描述:
winupdate.exe是RADO的一部分。该木马允许攻击者远程控制你的计算机。这个进程的安全等级是建议立即进行删除。
手工清除方法:
(1)在98下重新启动到DOS下,进入Windows目录,删除掉Windows目录下的winupdate.exe和winver.exe文件,并将regedit.exe文件改名为regedit,然后重新进入Windows,打开注册表编辑器。
(2)在2000下先打开注册表编辑器,然后用任务管理器关掉正在运行的名为winupdate和winver的木马程序,并到winnt目录下将它们删除。
进程查看列表
系统进程列表
actmovie.exe agentsvr.exe
alg.exe ASPNET_WP.exe wdins.exe
ccmexec.exe cidaemon.exe cisvc.exe
clisvcl.exe cmd.exe Control.exe
csrss.exe ctfmon.exe ddhelp.exe
dfssvc.exe dllhost.exe dos4gw.exe
dotnetfx.exe dumprep.exe explorer.exe
fast.exe grpconv.exe hidserv.exe
iexplore.exe imapi.exe inetinfo.exe
internat.exe kernel32.dll launch32.exe
loadwc.exe locator.exe logonui.exe
lsass.exe mad.exe mapisp32.exe
mmc.exe mmtask.tsk mprexe.exe
msconfig.exe msdtc.exe msgsrv32.exe
msiexec.exe msoobe.exe mstask.exe
mstinit.exe ndisuio.sys netdde.exe
ntoskrnl.exe ntvdm.exe pchschd.exe
pstores.exe rasautou.exe rdpclip.exe
regsvc.exe regsvr32.exe rna.exe
rpcss.exe rsvp.exe rundll.exe
rundll32.exe runonce.exe sapisvr.exe
sedump.exe scanregw.exe scardsvr.exe
services.exe smss.exe snmp.exe
spool32.exe spoolss.exe spoolsv.exe
srvany.exe svchost.exe system
System Idle Process systray.exe tapisrv.exe
taskmgr.exe taskmon.exe tcpsvcs.exe
tlntsvr.exe userinit.exe winlogon.exe
winmgmt.exe winoa386.mod WMIADAP.EXE
wmiexe.exe wmiprvse.exe wowexec.exe
wpabaln.exe wscntfy.exe wuaclt.exe
wuauboot.exe wuauclt.exe wuaudt.exe
wucrtupd.exe
应用程序进程列表
返回Dofile首页
000stthk.exe 1xconfig.exe
3dm2.exe AcctMgr.exe acrobat.exe
acrord32.exe acrotray.exe ACS.exe
acsd.exe adgjdet.exe AdobeUpdateManager.exe
adservice.exe adusermon.exe agent.exe
agrsmmsg.exe AgtServ.exe aim.exe
aim95.exe AIT alogserv.exe
anvshell.exe AOLacsd.exe AOLDial.exe
aom.exe apntex.exe apoint.exe
asfagent.exe ashWebSv.exe astart.exe
ati2evxx.exe ATIevxx.exe atiptaxx.exe
atrack.exe aupdate.exe autochk.exe
consol.exe AVENGINE.EXE gserv.exe
gupsvc.exe gw.exe pcc.exe
synmgr.exe backweb-137903.exe backweb-8876480.exe
bacstray.exe bcmsmmsg.exe blackd.exe
bpcpost.exe BRMFRSMG.EXE brss01a.exe
BRSVC01A.EXE tnserv.exe ca.exe
calc.exe carpserv.exe CCAP.EXE
cc.exe ccevtmgr.exe ccproxy.exe
ccpxysvc.exe ccregvfy.exe cdac11ba.exe
cdantsrv.exe cdplayer.exe cfd.exe
cfgwiz.exe cftmon.exe charmap.exe
cleanup.exe cli.exe cmanager.exe
cu.exe Companion.exe comsmd.exe
cpd.exe crypserv.exe crypserv.exe
cthelper.exe ctnotify.exe ctsvccda.exe
c***d.exe dad.exe dadtray.exe
damon.exe dap.exe DCData.exe
dcfssvc.exe ddcman.exe defwatch.exe
delayrun.exe devenv.exe devldr.exe
devldr16.exe devldr32.exe dfrgntfs.exe
digstream.exe directcd.exe dit.exe
ditexp.exe dkservice.exe dlg.exe
dllcmd32.exe dmadmin.exe dpmw32.exe
dpps2.exe dragdiag.exe drwtsn32.exe
dsentry.exe dvzmsgr.exe dw.exe
dwrcs.exe dwwin.exe dxdllreg.exe
e_s10ic2.exe EasyShare.exe eausbkbd.exe
eEBSvc.exe em_exec.exe essspk.exe
evntsvc.exe excel.exe ezsp_px.exe
findfast.exe firedaemon.exe firefox.exe
flash.exe FrameworkService.exe full.exe
fxssvc.exe fxsvr2.exe gamechannel.exe
gbpoll.exe gcastdtserv.exe gcIPtoHostQueue.exe
gearsec.exe ghost_2.exe gwmdmmsg.exe
hc.exe helpctr.exe helper.exe
helpinst.exe hh.exe hijackthis.exe
hkcmd.exe hl.exe hndlrsvc.exe
hpcmpmgr.exe hpgs2wnd.exe hpgs2wnf.exe
hphmon05.exe hpoevm06.exe hpoevm08.exe
hpoevm09.exe hposts08.exe hpotdd01.exe
HPQTRA08.EXE hpsysdrv.exe hpzipm12.exe
hpztsb01.exe hpztsb02.exe hpztsb04.exe
hpztsb05.exe hpztsb06.exe hpztsb07.exe
hpztsb08.exe htpatch.exe iam.exe
iao.exe iap.exe icepack.exe
ico.exe icq.exe icwconn1.exe
ie5setup.exe ie6setup.exe igfxtray.exe
imgicon.exe InoRT.exe installstub.exe
instantaccess.exe ipmon32.exe iPodManager.exe
ipodservice.exe iPodWatcher.exe irmon.exe
isafe.exe issch.exe ISSVC.exe
isuspm.exe iTunesHelper.exe iw.exe
ja.exe jaw.exe JDBGMGR.EXE
jusched.exe k.exe kazaa.exe
kbd.exe KEM.exe khalmnpr.exe
khost.exe kodakimg.exe kontiki.exe
lexbces.exe lexpps.exe livenote.exe
llssrv.exe loadqm.exe logi_mwx.exe
logon.scr logwatnt.exe ltsmmsg.exe
luall.exe lucoms.exe lucoms~1.exe
lucomserver.exe lvcoms.exe LVCOMSX.EXE
lxsupmon.exe manifestengine.exe mantispm.exe
mcshield.exe mcvsescn.exe mcvsftsn.exe
mcvsrte.exe mdm.exe mediadet.exe
mgabg.exe mghtml.exe mimboot.exe
mixer.exe mm_tray.exe mmjb.exe
mmkeybd.exe mmtask.exe mmx.exe
mnmsrvc.exe mobsync.exe monwow.exe
mosearch.exe motivesb.exe motmon.exe
MpfAgent.exe mplayer.exe mplayer2.exe
mqsvc.exe mrt.exe mrtmngr.exe
msgsys.exe mshta.exe msimn.exe
MSKSrvr.exe msmsgs.exe msnau.exe
msnmsgr.exe mspaint.exe mspmspsv.exe
mssvc.exe mssysmgr.exe mstsc.exe
naimas32.exe naprdmgr.exe napsvc.exe
napw32.exe nw32.exe NclTray.exe
ndetect.exe nerocheck.exe netscape.exe
netscp.exe netscp6.exe nhksrv.exe
nisserv.exe nisum.exe nmain.exe
nmssvc.exe nopdb.exe notepad.exe
notifyalert.exe nprotect.exe nsctop.exe
ntbackup.exe nvsvc32.exe nwiz.exe
ocraware.exe odhost.exe ofcdog.exe
olfsnt40.exe omtsreco.exe opscan.exe
opware32.exe opxp.exe osa.exe
osa9.exe osd.exe OSE.EXE
ossproxy.exe outlook.exe p_981116.exe
patch.exe pccpfw.exe PCMService.exe
pctptt.exe pctspk.exe pdesk.exe
pds.exe pelmiced.exe perl.exe
pinger.exe playlist.exe plib_version
pntiomon.exe point32.exe pop3trap.exe
poproxy.exe precisiontime.exe printray.exe
promon.exe pronomgr.exe prpcui.exe
ps2.exe psfree.exe ptsnoop.exe
putty.exe qagent.exe qserver.exe
qttask.exe quickpar.exe quickset.exe
qwdlls.exe r_server.exe RAMASST.exe
ramsys.exe rar.exe RcMan.exe
realevent.exe realplay.exe realsched.exe
realtime.exe reboot.exe recguard.exe
regedit.exe regshe.exe residence.exe
rmctrl.exe rnathchk.exe rn.exe
rndal.exe rscmpt.exe rsednclient.exe
rtvscan.exe rulaunch.exe rxmon.exe
s3hk.exe sagent2.exe sroam.exe
SAVScan.exe sbhc.exe scandisk.exe
schwizex.exe SDMCP.exe Search.exe
selfcert.exe sentry.exe server.exe
service.exe setup.exe sgtray.exe
shellmon.exe showbehind.exe shstat.exe
Shutdown.exe shwicon2k.exe sk9910dm.exe
sle.exe slmss.exe slrundll.exe
SM1BG.EXE smc.exe SNDMon.exe
SNDSrvc.exe sndvol32.exe soundman.exe
sp.exe srmclean.exe srng.exe
ssdpsrv.exe starteak.exe starter.exe
statemgr.exe steam.exe stimon.exe
stinger.exe stisvc.exe store.exe
stub.exe studio.exe suchost.exe
support.exe swdoctor.exe swEudora.exe
sxgtkbar.exe sychost.exe symproxysvc.exe
symwsc.exe sync.exe syntpenh.exe
syntplpr.exe SysAI.exe sysdoc32.exe
sysdoor.exe sysdown.exe system idle
Sysupd.exe tcaudiag.exe tclock.exe
TeaTimer.exe tfswctrl.exe tfswshx.dll
tgcmd.exe tgfix.exe tkbell.exe
TkBellExe tmlisten.exe tmntsrv.exe
TMOAgent.exe tmproxy.exe tppaldr.exe
tsc.exe TSMSvc.exe type32.exe
UAService7.exe ULCDRSvr.exe uninst.exe
uninstall.exe unrar.exe unwise.exe
updaterui.exe updatestats.exe updreg.exe
uptodate.exe UrlLstCk.exe urlmap.exe
UsrPrmpt.exe vetmsg.exe ViewMgr.exe
vpc32.exe vptray.exe vshwin32.exe
vsmon.exe vsstat.exe vstskmgr.exe
VTTimer.exe W3wp.exe wab.exe
wanmpsvc.exe waol.exe wcescomm.exe
wcmdmgr.exe wcmdmgrl.exe wdfmgr.exe
WEBPROXY.EXE webrebates1.exe webscanx.exe
webshots.scr win32sl.exe winamp.exe
winampa.exe winpopup.exe Winrar.exe
WinSync.exe winword.exe winzip32.exe
WISPTIS.EXE wjview.exe wkcalrem.exe
wkufind.exe wltrysvc.exe wm.exe
wmplayer.exe wordpad.exe wrer.exe
wscript.exe wuser32.exe wwDisp.exe
wzqkpick.exe xfr.exe xl.exe
ybrwicon.exe ycommon.exe ypager.exe
zapro.exe zcfgsvc.exe zlclient.exe
QQ.exe timplatform.exe thunder.exe
tdupdate.exe pig.exe ttreler.exe
nettransport.exe ylive.exe kpfw.exe
r.exe eebagent.exe pfw.exe
duduprosvc.exe kstart.exe kvsrvxp.exe
Maxthon.exe hwhotkey.exe Theworld.exe
flashget.exe flyshuttle.exe fastait.exe
assistse.exe yassistse.exe kvmonxp.kxp
rtimer.exe sdoclient.exe
存在安全风险进程Top榜
180ax.exe a.exe actalert.exe
adaware.exe Alchem.exe alevir.exe
aqadcup.exe archive.exe arr.exe
ARUpdate.exe asm.exe .exe
serve.exe serve2.exe backWeb.exe
bargains.exe basfipm.exe belt.exe
Biprep.exe blss.exe bokja.exe
bootconf.exe bpc.exe brasil.exe
BRIDGE.DLL Buddy.exe BUGIX.EXE
bundle.exe bvt.exe cashback.exe
cdaEngine cmd32.exe cmesys.exe
conime.exe conscorr.exe crss.exe
cxtpls.exe datemanager.exe dcomx.exe
Desktop.exe directs.exe divx.exe
dllreg.exe dmserver.exe dpi.exe
dssagent.exe dvdkeyauth.exe emsw.exe
exdl.exe exec.exe EXP.EXE
explore.exe explored.exe Fash.exe
ffisearch.exe fntldr.exe fsg_4104.exe
FVProtect.exe game.exe gator.exe
gmt.exe goidr.exe hbinst.exe
hbsrv.exe hwclock.exe hxdl.exe
hxiul.exe iedll.exe iedriver.exe
IEHost.EXE iexplorer.exe infus.exe
infwin.exe intdel.exe isass.exe
istsvc.exe jawa32.exe jdbgmrg.exe
kazza.exe keenvalue.exe kernel32.exe
lass.exe lmu.exe loader.exe
lssas.exe mapisvc32.exe mario.exe
md.exe mfin32.exe mmod.exe
mostat.exe ms.exe msbb.exe
msblast.exe mscache.exe msccn32.exe
mscman.exe msdm.exe msgfix.exe
msiexec16.exe msinfo.exe mslagent.exe
mslaugh.exe msmc.exe msmgt.exe
msmsgri32.exe MSN.exe msrexe.exe
mssvc32.exe mssys.exe msvxd.exe
mwsoemon.exe mwsvm.exe netd32.exe
nls.exe nssys32.exe nstask32.exe
nsupdate.exe ntfs64.exe NTOSA32.exe
omniscient.exe onsrvr.exe optimize.exe
P2P Networking.exe pcsvc.exe pgmonitr.exe
PIB.exe powerscan.exe prizesurfer.exe
prmt.exe prmvr.exe ray.exe
rb32.exe rcsync.exe rk.exe
run32dll.exe rundll16.exe ruxdll32.exe
saap.exe sahagent.exe saie.exe
sais.exe salm.exe satmat.exe
se.exe senow.exe sc.exe
scam32.exe scrsvr.exe scvhost.exe
SearchUpdate33.exe SearchUpgrader.exe soap.exe
spoler.exe Ssk.exe start.exe
stcloader.exe Susp.exe svc.exe
svchosts.exe svshost.exe SyncroAd.exe
sysfit.exe system.exe system32.exe
tb_setup.exe TBPS.EXE teekids.exe
tibs3.exe trickler.exe ts.exe
ts2.exe tsa.exe tsadbot.exe
tsl.exe tsm2.exe Tvm.exe
tvmd.exe tvtmd.exe update.exe
updater.exe updmgr.exe VVSN.exe
wast.exe web.exe webd.exe
webrebates.exe webrebates0.exe win-bugsfix.exe
win_upd2.exe win32.exe win32us.exe
winactive.exe winad.exe winadalt.exe
winadctl.exe WinAdTools.exe WINdirect.exe
windows.exe wingo.exe wininetd.exe
wininit.exe winlock.exe winlogin.exe
winmain.exe winnet.exe winppr32.exe
winrarshell32.exe WinRatchet.exe WinSched.exe
winservn.exe winshost.exe winssk32.exe
winstart.exe winstart001.exe WinStatKeep.exe
wintaskad.exe Wintime.exe wintsk32.exe
winupdate.exe winupdt.exe winupdtl.exe
winxp.exe wmon32.exe wnad.exe
wo.exe wovax.exe wsup.exe
wsxsvc.exe wtoolsa.exe WToolsA.exe
wtoolss.
救命,中木马了,msdll.dll和rundll32.exe,然后电脑就没声音了
请右击测试效果
动态创建菜单,鼠标右键弹出菜单,执行对应鼠标
'窗体
Option Explicit
Private Sub Form_Load()
hMenu = CreateMenu()
hmenupopup = CreatePopupMenu()
result = AppendMenu(hmenupopup, MF_STRING, 300, "新建")
result = AppendMenu(hmenupopup, MF_STRING, 301, "保存")
result = AppendMenu(hmenupopup, MF_STRING, 302, "另存为")
result = AppendMenu(hMenu, MF_POPUP, hmenupopup, "文件")
oldwinproc = GetWindowLong(Me.hWnd, GWL_WNDPROC)
SetWindowLong Me.hWnd, GWL_WNDPROC, AddressOf OnMenu
End Sub
Private Sub Form_MouseDown(Button As Integer, Shift As Integer, x As Single, y As Single)
Dim r As RECT
Dim p As POINTAPI
If Button = vbRightButton Then
GetCursorPos p
TrackPopupMenu hmenupopup, 0, p.x, p.y, 0, Me.hWnd, r
End If
End Sub
Private Sub Form_Unload(Cancel As Integer)
SetWindowLong Me.hWnd, GWL_WNDPROC, oldwinproc
End Sub
'模块
Option Explicit
Public Declare Function CreateMenu Lib "user32" () As Long
Public Declare Function AppendMenu Lib "user32" Alias "AppendMenuA" (ByVal hMenu As Long, ByVal wFlags As Long, ByVal wIDNewItem As Long, ByVal lpNewItem As Any) As Long
Public Declare Function TrackPopupMenu Lib "user32" (ByVal hMenu As Long, ByVal wFlags As Long, ByVal x As Long, ByVal y As Long, ByVal nReserved As Long, ByVal hWnd As Long, lprc As RECT) As Long
Public Declare Function CreatePopupMenu Lib "user32" () As Long
Public Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long
Public Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) As Long
Public Const MF_STRING = &H0&
Public Const MF_POPUP = &H10&
Public Const WM_USER = &H400
Public Type RECT
Left As Long
Top As Long
Right As Long
Bottom As Long
End Type
Public Type POINTAPI
x As Long
y As Long
End Type
Public Const GWL_WNDPROC = (-4)
Public hMenu As Long
Public hmenupopup As Long
Public result As Long
Public oldwinproc As Long
Public Const WM_COMMAND = &H111
Public Function OnMenu(ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Select Case wMsg
Case WM_COMMAND
Select Case wParam
Case 300
MsgBox "u select new", vbInformation, "hello, world!"
Case 301
MsgBox "u select se", vbInformation, "hello, world!"
Case 302
MsgBox "u select se as", vbInformation, "hello, world!"
End Select
End Select
OnMenu = CallWindowProc(oldwinproc, hWnd, wMsg, wParam, lParam)
End Function
msdll.dll
进程文件: msdll 或 msdll.dll
进程位置: WINDOWS\system32\msdll.dll
程序名称: Troj.Lineage.im或Win32.Troj.WOW.a.43008
程序用途: 木马,用于窃密。
程序作者:
系统进程: 否
后台程序: 是
使用网络: 是
硬件相关: 否
安全等级:
进程分析: “天堂木马变种im”(Troj.Lineage.im)相关程序,这是一个窃取天堂游戏帐号和密码的木马。
:这个是以偷取天堂游戏账号和密码的,当电脑感染了这种时,系统会要求重启(这是的目的),重启后就开始运行了,一旦在启动里发现“天堂”就立即把帐号和密码发送到指定邮箱。
分析msdll.dll及删除方法
删除方法:
首先建议在安全模式下全盘杀毒
开机按F8即可选择进入安全模式!
这是一个**魔兽游戏帐号和密码的木马程序.
该能释放文件,修改注册表项,关闭大量安全软件;能自动查找魔兽的窗口,安装消息钩子,截获用户输入的信息,然后通过自带的smtp引擎发送到指定邮箱.该还能从指定网地址下载文件,并运行.该有一个特点,必须重新启动机器后才能**魔兽密码,而且盗号功能只针对xp以上的系统.
1,释放文件到以下目录:
%system%\msdll.dll
%windows%\
%root%\Program Files\svhost32.exe
2,增加注册表项:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = "%root%\Program Files\svhost32.exe"
达到自启动的目的
3,关闭下列进程:
'RMon.exe'
'天网防火墙个人版'
'天网防火墙企业版'
'TfLockDownMain'
'ZoneAlarm'
'噬菌体'
'ZAFrameWnd'
'EGHOST.EXE'
'MAILMON.EXE'
'KAVPFW.EXE'
'IPARMOR.EXE'
'Rmon.EXE'
5,修改wininit.ini文件,把释放的dll以重命名的方式,替换掉一个系统文件.导致每次这个系统文件被掉用的时候,该带病的dll被调用.要利用这种方式,需要重新启动用户机器.
6,释放的%system%\msdll.dll文件,是一个专门**魔兽游戏帐号和密码的.该能够安装消息钩子,自动查找魔兽游戏的窗口,记录用户输入的帐号和密码等信息,然后把信息发送到指定的邮箱.
rundll32 - rundll32.exe - 进程信息
进程文件: rundll32 或者 rundll32.exe
进程名称: Microsoft Rundll32
描述:
rundll32.exe用于在内存中运行DLL文件,用于需要调用DLLs的程序。它们会在应用程序中被使用。这个程序对你系统的正常运行是非常重要的。注意:rundll32.exe也可能是W32.Miroot.Worm。该允许攻击者访问你的计算机,窃取密码和个人数据。该进程的安全等级是建议立即删除。
出品者: Microsoft Corp.
属于:Microsoft Windows Operating System
系统进程: 是
后台程序: 是
使用网络: 否
硬件相关: 否
常见错误: 未知N/A
内存使用: 未知N/A
安全等级 (0-5): 0
间谍软件: 否
Adware: 否
广告软件: 否
木马: 否
Rundll32.exe是什么?顾名思意,“执行32位的DLL文件”。它的作用是执行DLL文件中的内部
函数,这样在进程当中,只会有Rundll32.exe,而不会有DLL后门的进程,这样,就实现了进程上的隐藏。
如果看到系统中有多个Rundll32.exe,不必惊慌,这证明用Rundll32.exe启动了多少个的DLL文件。当然,
这些Rundll32.exe执行的DLL文件是什么,我们都可以从系统自动加载的地方找到。
现在,我来介绍一下Rundll32.exe这个文件,意思上边已经说过,功能就是以命令行的方式调用动
态链接程序库。系统中还有一个Rundll.exe文件,他的意思是“执行16位的DLL文件”,这里要注意
一下。在来看看Rundll32.exe使用的函数原型:
Void CALLBACK FunctionName (
HWND hwnd,
HINSTANCE hinst,
LPTSTR lpCmdLine,
Int nCmdShow
);
其命令行下的使用方法为:Rundll32.exe DLLname,Functionname [Arguments]
DLLname为需要执行的DLL文件名;Functionname为前边需要执行的DLL文件的具体引出函数;
[Arguments]为引出函数的具体参数。
略谈Rundll32.exe的作用 (我是菜鸟)
常用Windows9x的朋友一定对Rundll32.exe和Rundll.exe这两个档案不会陌生吧,不过,由於这两个程式
的功能原先只限於在微软内部使用,因而真正知道如何使用它们的朋友想必不多。那么好,如果你还不
清楚的话,那么就让我来告诉你吧。
首先,请你做个小实验(请事先保存好你正在执行的程式的结果,否则...):点击“开始-程式-Ms
-Dos方式”,进入Dos视窗,然后键入rundll32.exe user.exe,restartwindows,再按下回车键,这时
你将看到,机器被重启了!怎么样,是不是很有趣?
当然,Rundll的功能绝不仅仅是重启你的机器。其实,Rundll者,顾名思义,执行Dll也,它的功能就
是以命令列的方式呼叫Windows的动态链结库,Rundll32.exe与Rundll.exe的区别就在於前者是呼叫32
位的链结库,而后者是运用於16位的链结库,它们的命令格式是:
RUNDLL.EXE ,,
这里要注意三点:1.Dll档案名中不能含有空格,比如该档案位於c:\ProgramFiles\目录,你要把这个
路径改成c:\Progra~1\;2.Dll档案名与Dll入口点间的逗号不能少,否则程式将出错并且不会给出任
何资讯!3.这是最重要的一点:Rundll不能用来呼叫含返回值参数的Dll,例如Win32API中的
GetUserName(),GetTextFace()等。在Visual Basic中,提供了一条执行外部程式的指令Shell,格式为:
Shell “命令列”
如果能配合Rundll32.exe用好Shell指令,会使您的VB程式拥有用其他方法难以甚至无法实现的效果:仍
以重启为例,传统的方法需要你在VB工程中先建立一个模组,然后写入WinAPI的声明,最后才能在程式
中呼叫。而现在只需一句:
Shell “rundll32.exe user.exe,restartwindows”就搞定了!是不是方便多了?
实际上,Rundll32.exe在呼叫各种Windows控制面板和系统选项方面有著独特的优势。下面,我就将本人
在因特网上收集的有关Rundll的指令列举如下(很有用的,能省去你很多呼叫Windows API的时间!!)
,供大家在程式设计中引用:
命令列: rundll32.exe shell32.dll,Control_RunDLL
功能: 显示控制面板
命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1
功能: 显示“控制面板-选项-键盘”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,2
功能: 显示“控制面板-选项-声音”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,3
功能: 显示“控制面板-选项-显示”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,4
功能: 显示“控制面板-选项-滑鼠”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,5
功能: 显示“控制面板-选项-传统”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl @1
功能: 执行“控制面板-添加新硬体”向导。
命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinter
功能: 执行“控制面板-添加新印表机”向导。
命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,1
功能: 显示 “控制面板-添加/删除程式-安装/卸载” 面板。
命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,2
功能: 显示 “控制面板-添加/删除程式-安装Windows” 面板。
命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,3
功能: 显示 “控制面板-添加/删除程式-启动盘” 面板。
命令列: rundll32.exe syncui.dll,Briefcase_Create
功能: 在桌面上建立一个新的“我的公文包”。
命令列: rundll32.exe diskcopy.dll,DiskCopyRunDll
功能: 显示复制软碟视窗
命令列: rundll32.exe apwiz.cpl,NewLinkHere %1
功能: 显示“建立快捷方式”的对话框,所建立的快捷方式的位置由%1参数决定。
命令列: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0
功能: 显示“日期与时间”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1
功能: 显示“时区”选项视窗。
命令列: rundll32.exe rnaui.dll,RnaDial [某个拨号连接的名称]
功能: 显示某个拨号连接的拨号视窗。如果已经拨号连接,则显示目前的连接状态的视窗。
命令列: rundll32.exe rnaui.dll,RnaWizard
功能: 显示“新建拨号连接”向导的视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0
功能: 显示“显示属性-背景”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1
功能: 显示“显示属性-萤屏保护”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2
功能: 显示“显示属性-外观”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3
功能: 显示显示“显示属性-属性”选项视窗。
命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolder
功能: 显示Windows的“字体”档案夹。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
功能: 同样是显示Windows的“字体”档案夹。
命令列: rundll32.exe shell32.dll,SHformatDrive
功能: 显示格式化软碟对话框。
命令列: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,0
功能: 显示“控制面板-游戏控制器-一般”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,1
功能: 显示“控制面板-游戏控制器-进阶”选项视窗。
命令列: rundll32.exe mshtml.dll,PrintHTML (HTML文档)
功能: 列印HTML文档。
命令列: rundll32.exe shell32.dll,Control_RunDLL mlcfg32.cpl
功能: 显示Microsoft Exchange一般选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @0
功能: 显示“控制面板-滑鼠” 选项 。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1
功能: 显示 “控制面板-键盘属性-速度”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,1
功能: 显示 “控制面板-键盘属性-语言”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2
功能: 显示Windows“印表机”档案夹。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3
功能: 显示Windows“字体”档案夹。
命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @4
功能: 显示“控制面板-输入法属性-输入法”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL modem.cpl,,add
功能: 执行“添加新调制解调器”向导。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0
功能: 显示“控制面板-多媒体属性-音频”属性页。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,1
功能: 显示“控制面板-多媒体属性-”属性页。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,2
功能: 显示“控制面板-多媒体属性-MIDI”属性页。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,3
功能: 显示“控制面板-多媒体属性-CD音乐”属性页。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,4
功能: 显示“控制面板-多媒体属性-设备”属性页。
命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl @1
功能: 显示“控制面板-声音”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL netcpl.cpl
功能: 显示“控制面板-网路”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL odbccp32.cpl
功能: 显示ODBC32资料管理选项视窗。
命令列: rundll32.exe shell32.dll,OpenAs_RunDLL {drive:\path\filename}
功能: 显示指定档案(drive:\path\filename)的“打开方式”对话框。
命令列: rundll32.exe shell32.dll,Control_RunDLL password.cpl
功能: 显示“控制面板-密码”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl
功能: 显示“控制面板-电源管理属性”选项视窗。
命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder
功能: 显示Windows“印表机”档案夹。
(同rundll32.exe shell32.dll,Control_RunDLL main.cpl @2)
命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,0
功能: 显示“控制面板-区域设置属性-区域设置”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,1
功能: 显示“控制面板-区域设置属性-数字”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,2
功能: 显示“控制面板-区域设置属性-货币”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,3
功能: 显示“控制面板-区域设置属性-时间”选项视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,4
功能: 显示“控制面板-区域设置属性-日期”选项视窗。
命令列: rundll32.exe desk.cpl,InstallScreenSer [萤屏保护档案名]
功能: 将指定的萤屏保护档案设置为Windows的屏保,并显示萤屏保护属性视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,0
功能: 显示“控制面板-系统属性-传统”属性视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,1
功能: 显示“控制面板-系统属性-设备管理器”属性视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,2
功能: 显示“控制面板-系统属性-硬体配置档案”属性视窗。
命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,3
功能: 显示“控制面板-系统属性-性能”属性视窗。
命令列: rundll32.exe user.exe,restartwindows
功能: 强行关闭所有程式并重启机器。
命令列: rundll32.exe user.exe,exitwindows
功能: 强行关闭所有程式并关机。
命令列: rundll32.exe shell32.dll,Control_RunDLL telephon.cpl
功能: 显示“拨号属性”选项视窗
命令列: rundll32.exe shell32.dll,Control_RunDLL themes.cpl
功能: 显示“桌面主旨”选项面板
当然,不止是VisualBasic,象Delphi.VisualC++等其他程式设计语言也可以
通过呼叫外部命令的方法来使用Rundll的这些功能,具体方法这里就不再详细叙述了。
灵活的使用Rundll,一定会使你的程式设计轻轻松松,达到事半功倍的效果!
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。