1.VB6+XP环境下,如何使用API函数动态创建菜单?

2.救命,中木马了,msdll.dll和rundll32.exe,然后电脑就没声音了

电脑系统Wndas和xP_xp系统和win系统

3dm2.exe AcctMgr.exe acrobat.exe

acrord32.exe acrotray.exe ACS.exe

acsd.exe adgjdet.exe AdobeUpdateManager.exe

adservice.exe adusermon.exe agent.exe

agrsmmsg.exe AgtServ.exe aim.exe

aim95.exe AIT alogserv.exe

anvshell.exe AOLacsd.exe AOLDial.exe

aom.exe apntex.exe apoint.exe

asfagent.exe ashWebSv.exe astart.exe

ati2evxx.exe ATIevxx.exe atiptaxx.exe

atrack.exe aupdate.exe autochk.exe

consol.exe AVENGINE.EXE gserv.exe

gupsvc.exe gw.exe pcc.exe

synmgr.exe backweb-137903.exe backweb-8876480.exe

bacstray.exe bcmsmmsg.exe blackd.exe

bpcpost.exe BRMFRSMG.EXE brss01a.exe

BRSVC01A.EXE tnserv.exe ca.exe

calc.exe carpserv.exe CCAP.EXE

cc.exe ccevtmgr.exe ccproxy.exe

ccpxysvc.exe ccregvfy.exe cdac11ba.exe

cdantsrv.exe cdplayer.exe cfd.exe

cfgwiz.exe cftmon.exe charmap.exe

cleanup.exe cli.exe cmanager.exe

cu.exe Companion.exe comsmd.exe

cpd.exe crypserv.exe crypserv.exe

cthelper.exe ctnotify.exe ctsvccda.exe

c***d.exe dad.exe dadtray.exe

damon.exe dap.exe DCData.exe

dcfssvc.exe ddcman.exe defwatch.exe

delayrun.exe devenv.exe devldr.exe

devldr16.exe devldr32.exe dfrgntfs.exe

digstream.exe directcd.exe dit.exe

ditexp.exe dkservice.exe dlg.exe

dllcmd32.exe dmadmin.exe dpmw32.exe

dpps2.exe dragdiag.exe drwtsn32.exe

dsentry.exe dvzmsgr.exe dw.exe

dwrcs.exe dwwin.exe dxdllreg.exe

e_s10ic2.exe EasyShare.exe eausbkbd.exe

eEBSvc.exe em_exec.exe essspk.exe

evntsvc.exe excel.exe ezsp_px.exe

findfast.exe firedaemon.exe firefox.exe

flash.exe FrameworkService.exe full.exe

fxssvc.exe fxsvr2.exe gamechannel.exe

gbpoll.exe gcastdtserv.exe gcIPtoHostQueue.exe

gearsec.exe ghost_2.exe gwmdmmsg.exe

hc.exe helpctr.exe helper.exe

helpinst.exe hh.exe hijackthis.exe

hkcmd.exe hl.exe hndlrsvc.exe

hpcmpmgr.exe hpgs2wnd.exe hpgs2wnf.exe

hphmon05.exe hpoevm06.exe hpoevm08.exe

hpoevm09.exe hposts08.exe hpotdd01.exe

HPQTRA08.EXE hpsysdrv.exe hpzipm12.exe

hpztsb01.exe hpztsb02.exe hpztsb04.exe

hpztsb05.exe hpztsb06.exe hpztsb07.exe

hpztsb08.exe htpatch.exe iam.exe

iao.exe iap.exe icepack.exe

ico.exe icq.exe icwconn1.exe

ie5setup.exe ie6setup.exe igfxtray.exe

imgicon.exe InoRT.exe installstub.exe

instantaccess.exe ipmon32.exe iPodManager.exe

ipodservice.exe iPodWatcher.exe irmon.exe

isafe.exe issch.exe ISSVC.exe

isuspm.exe iTunesHelper.exe iw.exe

ja.exe jaw.exe JDBGMGR.EXE

jusched.exe k.exe kazaa.exe

kbd.exe KEM.exe khalmnpr.exe

khost.exe kodakimg.exe kontiki.exe

lexbces.exe lexpps.exe livenote.exe

llssrv.exe loadqm.exe logi_mwx.exe

logon.scr logwatnt.exe ltsmmsg.exe

luall.exe lucoms.exe lucoms~1.exe

lucomserver.exe lvcoms.exe LVCOMSX.EXE

lxsupmon.exe manifestengine.exe mantispm.exe

mcshield.exe mcvsescn.exe mcvsftsn.exe

mcvsrte.exe mdm.exe mediadet.exe

mgabg.exe mghtml.exe mimboot.exe

mixer.exe mm_tray.exe mmjb.exe

mmkeybd.exe mmtask.exe mmx.exe

mnmsrvc.exe mobsync.exe monwow.exe

mosearch.exe motivesb.exe motmon.exe

MpfAgent.exe mplayer.exe mplayer2.exe

mqsvc.exe mrt.exe mrtmngr.exe

msgsys.exe mshta.exe msimn.exe

MSKSrvr.exe msmsgs.exe msnau.exe

msnmsgr.exe mspaint.exe mspmspsv.exe

mssvc.exe mssysmgr.exe mstsc.exe

naimas32.exe naprdmgr.exe napsvc.exe

napw32.exe nw32.exe NclTray.exe

ndetect.exe nerocheck.exe netscape.exe

netscp.exe netscp6.exe nhksrv.exe

nisserv.exe nisum.exe nmain.exe

nmssvc.exe nopdb.exe notepad.exe

notifyalert.exe nprotect.exe nsctop.exe

ntbackup.exe nvsvc32.exe nwiz.exe

ocraware.exe odhost.exe ofcdog.exe

olfsnt40.exe omtsreco.exe opscan.exe

opware32.exe opxp.exe osa.exe

osa9.exe osd.exe OSE.EXE

ossproxy.exe outlook.exe p_981116.exe

patch.exe pccpfw.exe PCMService.exe

pctptt.exe pctspk.exe pdesk.exe

pds.exe pelmiced.exe perl.exe

pinger.exe playlist.exe plib_version

pntiomon.exe point32.exe pop3trap.exe

poproxy.exe precisiontime.exe printray.exe

promon.exe pronomgr.exe prpcui.exe

ps2.exe psfree.exe ptsnoop.exe

putty.exe qagent.exe qserver.exe

qttask.exe quickpar.exe quickset.exe

qwdlls.exe r_server.exe RAMASST.exe

ramsys.exe rar.exe RcMan.exe

realevent.exe realplay.exe realsched.exe

realtime.exe reboot.exe recguard.exe

regedit.exe regshe.exe residence.exe

rmctrl.exe rnathchk.exe rn.exe

rndal.exe rscmpt.exe rsednclient.exe

rtvscan.exe rulaunch.exe rxmon.exe

s3hk.exe sagent2.exe sroam.exe

SAVScan.exe sbhc.exe scandisk.exe

schwizex.exe SDMCP.exe Search.exe

selfcert.exe sentry.exe server.exe

service.exe setup.exe sgtray.exe

shellmon.exe showbehind.exe shstat.exe

Shutdown.exe shwicon2k.exe sk9910dm.exe

sle.exe slmss.exe slrundll.exe

SM1BG.EXE smc.exe SNDMon.exe

SNDSrvc.exe sndvol32.exe soundman.exe

sp.exe srmclean.exe srng.exe

ssdpsrv.exe starteak.exe starter.exe

statemgr.exe steam.exe stimon.exe

stinger.exe stisvc.exe store.exe

stub.exe studio.exe suchost.exe

support.exe swdoctor.exe swEudora.exe

sxgtkbar.exe sychost.exe symproxysvc.exe

symwsc.exe sync.exe syntpenh.exe

syntplpr.exe SysAI.exe sysdoc32.exe

sysdoor.exe sysdown.exe system idle

Sysupd.exe tcaudiag.exe tclock.exe

TeaTimer.exe tfswctrl.exe tfswshx.dll

tgcmd.exe tgfix.exe tkbell.exe

TkBellExe tmlisten.exe tmntsrv.exe

TMOAgent.exe tmproxy.exe tppaldr.exe

tsc.exe TSMSvc.exe type32.exe

UAService7.exe ULCDRSvr.exe uninst.exe

uninstall.exe unrar.exe unwise.exe

updaterui.exe updatestats.exe updreg.exe

uptodate.exe UrlLstCk.exe urlmap.exe

UsrPrmpt.exe vetmsg.exe ViewMgr.exe

vpc32.exe vptray.exe vshwin32.exe

vsmon.exe vsstat.exe vstskmgr.exe

VTTimer.exe W3wp.exe wab.exe

wanmpsvc.exe waol.exe wcescomm.exe

wcmdmgr.exe wcmdmgrl.exe wdfmgr.exe

WEBPROXY.EXE webrebates1.exe webscanx.exe

webshots.scr win32sl.exe winamp.exe

winampa.exe winpopup.exe Winrar.exe

WinSync.exe winword.exe winzip32.exe

WISPTIS.EXE wjview.exe wkcalrem.exe

wkufind.exe wltrysvc.exe wm.exe

wmplayer.exe wordpad.exe wrer.exe

wscript.exe wuser32.exe wwDisp.exe

wzqkpick.exe xfr.exe xl.exe

ybrwicon.exe ycommon.exe ypager.exe

zapro.exe zcfgsvc.exe zlclient.exe

QQ.exe timplatform.exe thunder.exe

tdupdate.exe pig.exe ttreler.exe

nettransport.exe ylive.exe kpfw.exe

r.exe eebagent.exe pfw.exe

duduprosvc.exe kstart.exe kvsrvxp.exe

Maxthon.exe hwhotkey.exe Theworld.exe

flashget.exe flyshuttle.exe fastait.exe

assistse.exe yassistse.exe kvmonxp.kxp

VB6+XP环境下,如何使用API函数动态创建菜单?

winupdate - winupdate.exe - 进程信息

进程文件: winupdate 或者 winupdate.exe

进程名称: RADO virus

描述:

winupdate.exe是RADO的一部分。该木马允许攻击者远程控制你的计算机。这个进程的安全等级是建议立即进行删除。

手工清除方法:

(1)在98下重新启动到DOS下,进入Windows目录,删除掉Windows目录下的winupdate.exe和winver.exe文件,并将regedit.exe文件改名为regedit,然后重新进入Windows,打开注册表编辑器。

(2)在2000下先打开注册表编辑器,然后用任务管理器关掉正在运行的名为winupdate和winver的木马程序,并到winnt目录下将它们删除。

进程查看列表

系统进程列表

actmovie.exe agentsvr.exe

alg.exe ASPNET_WP.exe wdins.exe

ccmexec.exe cidaemon.exe cisvc.exe

clisvcl.exe cmd.exe Control.exe

csrss.exe ctfmon.exe ddhelp.exe

dfssvc.exe dllhost.exe dos4gw.exe

dotnetfx.exe dumprep.exe explorer.exe

fast.exe grpconv.exe hidserv.exe

iexplore.exe imapi.exe inetinfo.exe

internat.exe kernel32.dll launch32.exe

loadwc.exe locator.exe logonui.exe

lsass.exe mad.exe mapisp32.exe

mmc.exe mmtask.tsk mprexe.exe

msconfig.exe msdtc.exe msgsrv32.exe

msiexec.exe msoobe.exe mstask.exe

mstinit.exe ndisuio.sys netdde.exe

ntoskrnl.exe ntvdm.exe pchschd.exe

pstores.exe rasautou.exe rdpclip.exe

regsvc.exe regsvr32.exe rna.exe

rpcss.exe rsvp.exe rundll.exe

rundll32.exe runonce.exe sapisvr.exe

sedump.exe scanregw.exe scardsvr.exe

services.exe smss.exe snmp.exe

spool32.exe spoolss.exe spoolsv.exe

srvany.exe svchost.exe system

System Idle Process systray.exe tapisrv.exe

taskmgr.exe taskmon.exe tcpsvcs.exe

tlntsvr.exe userinit.exe winlogon.exe

winmgmt.exe winoa386.mod WMIADAP.EXE

wmiexe.exe wmiprvse.exe wowexec.exe

wpabaln.exe wscntfy.exe wuaclt.exe

wuauboot.exe wuauclt.exe wuaudt.exe

wucrtupd.exe

应用程序进程列表

返回Dofile首页

000stthk.exe 1xconfig.exe

3dm2.exe AcctMgr.exe acrobat.exe

acrord32.exe acrotray.exe ACS.exe

acsd.exe adgjdet.exe AdobeUpdateManager.exe

adservice.exe adusermon.exe agent.exe

agrsmmsg.exe AgtServ.exe aim.exe

aim95.exe AIT alogserv.exe

anvshell.exe AOLacsd.exe AOLDial.exe

aom.exe apntex.exe apoint.exe

asfagent.exe ashWebSv.exe astart.exe

ati2evxx.exe ATIevxx.exe atiptaxx.exe

atrack.exe aupdate.exe autochk.exe

consol.exe AVENGINE.EXE gserv.exe

gupsvc.exe gw.exe pcc.exe

synmgr.exe backweb-137903.exe backweb-8876480.exe

bacstray.exe bcmsmmsg.exe blackd.exe

bpcpost.exe BRMFRSMG.EXE brss01a.exe

BRSVC01A.EXE tnserv.exe ca.exe

calc.exe carpserv.exe CCAP.EXE

cc.exe ccevtmgr.exe ccproxy.exe

ccpxysvc.exe ccregvfy.exe cdac11ba.exe

cdantsrv.exe cdplayer.exe cfd.exe

cfgwiz.exe cftmon.exe charmap.exe

cleanup.exe cli.exe cmanager.exe

cu.exe Companion.exe comsmd.exe

cpd.exe crypserv.exe crypserv.exe

cthelper.exe ctnotify.exe ctsvccda.exe

c***d.exe dad.exe dadtray.exe

damon.exe dap.exe DCData.exe

dcfssvc.exe ddcman.exe defwatch.exe

delayrun.exe devenv.exe devldr.exe

devldr16.exe devldr32.exe dfrgntfs.exe

digstream.exe directcd.exe dit.exe

ditexp.exe dkservice.exe dlg.exe

dllcmd32.exe dmadmin.exe dpmw32.exe

dpps2.exe dragdiag.exe drwtsn32.exe

dsentry.exe dvzmsgr.exe dw.exe

dwrcs.exe dwwin.exe dxdllreg.exe

e_s10ic2.exe EasyShare.exe eausbkbd.exe

eEBSvc.exe em_exec.exe essspk.exe

evntsvc.exe excel.exe ezsp_px.exe

findfast.exe firedaemon.exe firefox.exe

flash.exe FrameworkService.exe full.exe

fxssvc.exe fxsvr2.exe gamechannel.exe

gbpoll.exe gcastdtserv.exe gcIPtoHostQueue.exe

gearsec.exe ghost_2.exe gwmdmmsg.exe

hc.exe helpctr.exe helper.exe

helpinst.exe hh.exe hijackthis.exe

hkcmd.exe hl.exe hndlrsvc.exe

hpcmpmgr.exe hpgs2wnd.exe hpgs2wnf.exe

hphmon05.exe hpoevm06.exe hpoevm08.exe

hpoevm09.exe hposts08.exe hpotdd01.exe

HPQTRA08.EXE hpsysdrv.exe hpzipm12.exe

hpztsb01.exe hpztsb02.exe hpztsb04.exe

hpztsb05.exe hpztsb06.exe hpztsb07.exe

hpztsb08.exe htpatch.exe iam.exe

iao.exe iap.exe icepack.exe

ico.exe icq.exe icwconn1.exe

ie5setup.exe ie6setup.exe igfxtray.exe

imgicon.exe InoRT.exe installstub.exe

instantaccess.exe ipmon32.exe iPodManager.exe

ipodservice.exe iPodWatcher.exe irmon.exe

isafe.exe issch.exe ISSVC.exe

isuspm.exe iTunesHelper.exe iw.exe

ja.exe jaw.exe JDBGMGR.EXE

jusched.exe k.exe kazaa.exe

kbd.exe KEM.exe khalmnpr.exe

khost.exe kodakimg.exe kontiki.exe

lexbces.exe lexpps.exe livenote.exe

llssrv.exe loadqm.exe logi_mwx.exe

logon.scr logwatnt.exe ltsmmsg.exe

luall.exe lucoms.exe lucoms~1.exe

lucomserver.exe lvcoms.exe LVCOMSX.EXE

lxsupmon.exe manifestengine.exe mantispm.exe

mcshield.exe mcvsescn.exe mcvsftsn.exe

mcvsrte.exe mdm.exe mediadet.exe

mgabg.exe mghtml.exe mimboot.exe

mixer.exe mm_tray.exe mmjb.exe

mmkeybd.exe mmtask.exe mmx.exe

mnmsrvc.exe mobsync.exe monwow.exe

mosearch.exe motivesb.exe motmon.exe

MpfAgent.exe mplayer.exe mplayer2.exe

mqsvc.exe mrt.exe mrtmngr.exe

msgsys.exe mshta.exe msimn.exe

MSKSrvr.exe msmsgs.exe msnau.exe

msnmsgr.exe mspaint.exe mspmspsv.exe

mssvc.exe mssysmgr.exe mstsc.exe

naimas32.exe naprdmgr.exe napsvc.exe

napw32.exe nw32.exe NclTray.exe

ndetect.exe nerocheck.exe netscape.exe

netscp.exe netscp6.exe nhksrv.exe

nisserv.exe nisum.exe nmain.exe

nmssvc.exe nopdb.exe notepad.exe

notifyalert.exe nprotect.exe nsctop.exe

ntbackup.exe nvsvc32.exe nwiz.exe

ocraware.exe odhost.exe ofcdog.exe

olfsnt40.exe omtsreco.exe opscan.exe

opware32.exe opxp.exe osa.exe

osa9.exe osd.exe OSE.EXE

ossproxy.exe outlook.exe p_981116.exe

patch.exe pccpfw.exe PCMService.exe

pctptt.exe pctspk.exe pdesk.exe

pds.exe pelmiced.exe perl.exe

pinger.exe playlist.exe plib_version

pntiomon.exe point32.exe pop3trap.exe

poproxy.exe precisiontime.exe printray.exe

promon.exe pronomgr.exe prpcui.exe

ps2.exe psfree.exe ptsnoop.exe

putty.exe qagent.exe qserver.exe

qttask.exe quickpar.exe quickset.exe

qwdlls.exe r_server.exe RAMASST.exe

ramsys.exe rar.exe RcMan.exe

realevent.exe realplay.exe realsched.exe

realtime.exe reboot.exe recguard.exe

regedit.exe regshe.exe residence.exe

rmctrl.exe rnathchk.exe rn.exe

rndal.exe rscmpt.exe rsednclient.exe

rtvscan.exe rulaunch.exe rxmon.exe

s3hk.exe sagent2.exe sroam.exe

SAVScan.exe sbhc.exe scandisk.exe

schwizex.exe SDMCP.exe Search.exe

selfcert.exe sentry.exe server.exe

service.exe setup.exe sgtray.exe

shellmon.exe showbehind.exe shstat.exe

Shutdown.exe shwicon2k.exe sk9910dm.exe

sle.exe slmss.exe slrundll.exe

SM1BG.EXE smc.exe SNDMon.exe

SNDSrvc.exe sndvol32.exe soundman.exe

sp.exe srmclean.exe srng.exe

ssdpsrv.exe starteak.exe starter.exe

statemgr.exe steam.exe stimon.exe

stinger.exe stisvc.exe store.exe

stub.exe studio.exe suchost.exe

support.exe swdoctor.exe swEudora.exe

sxgtkbar.exe sychost.exe symproxysvc.exe

symwsc.exe sync.exe syntpenh.exe

syntplpr.exe SysAI.exe sysdoc32.exe

sysdoor.exe sysdown.exe system idle

Sysupd.exe tcaudiag.exe tclock.exe

TeaTimer.exe tfswctrl.exe tfswshx.dll

tgcmd.exe tgfix.exe tkbell.exe

TkBellExe tmlisten.exe tmntsrv.exe

TMOAgent.exe tmproxy.exe tppaldr.exe

tsc.exe TSMSvc.exe type32.exe

UAService7.exe ULCDRSvr.exe uninst.exe

uninstall.exe unrar.exe unwise.exe

updaterui.exe updatestats.exe updreg.exe

uptodate.exe UrlLstCk.exe urlmap.exe

UsrPrmpt.exe vetmsg.exe ViewMgr.exe

vpc32.exe vptray.exe vshwin32.exe

vsmon.exe vsstat.exe vstskmgr.exe

VTTimer.exe W3wp.exe wab.exe

wanmpsvc.exe waol.exe wcescomm.exe

wcmdmgr.exe wcmdmgrl.exe wdfmgr.exe

WEBPROXY.EXE webrebates1.exe webscanx.exe

webshots.scr win32sl.exe winamp.exe

winampa.exe winpopup.exe Winrar.exe

WinSync.exe winword.exe winzip32.exe

WISPTIS.EXE wjview.exe wkcalrem.exe

wkufind.exe wltrysvc.exe wm.exe

wmplayer.exe wordpad.exe wrer.exe

wscript.exe wuser32.exe wwDisp.exe

wzqkpick.exe xfr.exe xl.exe

ybrwicon.exe ycommon.exe ypager.exe

zapro.exe zcfgsvc.exe zlclient.exe

QQ.exe timplatform.exe thunder.exe

tdupdate.exe pig.exe ttreler.exe

nettransport.exe ylive.exe kpfw.exe

r.exe eebagent.exe pfw.exe

duduprosvc.exe kstart.exe kvsrvxp.exe

Maxthon.exe hwhotkey.exe Theworld.exe

flashget.exe flyshuttle.exe fastait.exe

assistse.exe yassistse.exe kvmonxp.kxp

rtimer.exe sdoclient.exe

存在安全风险进程Top榜

180ax.exe a.exe actalert.exe

adaware.exe Alchem.exe alevir.exe

aqadcup.exe archive.exe arr.exe

ARUpdate.exe asm.exe .exe

serve.exe serve2.exe backWeb.exe

bargains.exe basfipm.exe belt.exe

Biprep.exe blss.exe bokja.exe

bootconf.exe bpc.exe brasil.exe

BRIDGE.DLL Buddy.exe BUGIX.EXE

bundle.exe bvt.exe cashback.exe

cdaEngine cmd32.exe cmesys.exe

conime.exe conscorr.exe crss.exe

cxtpls.exe datemanager.exe dcomx.exe

Desktop.exe directs.exe divx.exe

dllreg.exe dmserver.exe dpi.exe

dssagent.exe dvdkeyauth.exe emsw.exe

exdl.exe exec.exe EXP.EXE

explore.exe explored.exe Fash.exe

ffisearch.exe fntldr.exe fsg_4104.exe

FVProtect.exe game.exe gator.exe

gmt.exe goidr.exe hbinst.exe

hbsrv.exe hwclock.exe hxdl.exe

hxiul.exe iedll.exe iedriver.exe

IEHost.EXE iexplorer.exe infus.exe

infwin.exe intdel.exe isass.exe

istsvc.exe jawa32.exe jdbgmrg.exe

kazza.exe keenvalue.exe kernel32.exe

lass.exe lmu.exe loader.exe

lssas.exe mapisvc32.exe mario.exe

md.exe mfin32.exe mmod.exe

mostat.exe ms.exe msbb.exe

msblast.exe mscache.exe msccn32.exe

mscman.exe msdm.exe msgfix.exe

msiexec16.exe msinfo.exe mslagent.exe

mslaugh.exe msmc.exe msmgt.exe

msmsgri32.exe MSN.exe msrexe.exe

mssvc32.exe mssys.exe msvxd.exe

mwsoemon.exe mwsvm.exe netd32.exe

nls.exe nssys32.exe nstask32.exe

nsupdate.exe ntfs64.exe NTOSA32.exe

omniscient.exe onsrvr.exe optimize.exe

P2P Networking.exe pcsvc.exe pgmonitr.exe

PIB.exe powerscan.exe prizesurfer.exe

prmt.exe prmvr.exe ray.exe

rb32.exe rcsync.exe rk.exe

run32dll.exe rundll16.exe ruxdll32.exe

saap.exe sahagent.exe saie.exe

sais.exe salm.exe satmat.exe

se.exe senow.exe sc.exe

scam32.exe scrsvr.exe scvhost.exe

SearchUpdate33.exe SearchUpgrader.exe soap.exe

spoler.exe Ssk.exe start.exe

stcloader.exe Susp.exe svc.exe

svchosts.exe svshost.exe SyncroAd.exe

sysfit.exe system.exe system32.exe

tb_setup.exe TBPS.EXE teekids.exe

tibs3.exe trickler.exe ts.exe

ts2.exe tsa.exe tsadbot.exe

tsl.exe tsm2.exe Tvm.exe

tvmd.exe tvtmd.exe update.exe

updater.exe updmgr.exe VVSN.exe

wast.exe web.exe webd.exe

webrebates.exe webrebates0.exe win-bugsfix.exe

win_upd2.exe win32.exe win32us.exe

winactive.exe winad.exe winadalt.exe

winadctl.exe WinAdTools.exe WINdirect.exe

windows.exe wingo.exe wininetd.exe

wininit.exe winlock.exe winlogin.exe

winmain.exe winnet.exe winppr32.exe

winrarshell32.exe WinRatchet.exe WinSched.exe

winservn.exe winshost.exe winssk32.exe

winstart.exe winstart001.exe WinStatKeep.exe

wintaskad.exe Wintime.exe wintsk32.exe

winupdate.exe winupdt.exe winupdtl.exe

winxp.exe wmon32.exe wnad.exe

wo.exe wovax.exe wsup.exe

wsxsvc.exe wtoolsa.exe WToolsA.exe

wtoolss.

救命,中木马了,msdll.dll和rundll32.exe,然后电脑就没声音了

请右击测试效果

动态创建菜单,鼠标右键弹出菜单,执行对应鼠标

'窗体

Option Explicit

Private Sub Form_Load()

hMenu = CreateMenu()

hmenupopup = CreatePopupMenu()

result = AppendMenu(hmenupopup, MF_STRING, 300, "新建")

result = AppendMenu(hmenupopup, MF_STRING, 301, "保存")

result = AppendMenu(hmenupopup, MF_STRING, 302, "另存为")

result = AppendMenu(hMenu, MF_POPUP, hmenupopup, "文件")

oldwinproc = GetWindowLong(Me.hWnd, GWL_WNDPROC)

SetWindowLong Me.hWnd, GWL_WNDPROC, AddressOf OnMenu

End Sub

Private Sub Form_MouseDown(Button As Integer, Shift As Integer, x As Single, y As Single)

Dim r As RECT

Dim p As POINTAPI

If Button = vbRightButton Then

GetCursorPos p

TrackPopupMenu hmenupopup, 0, p.x, p.y, 0, Me.hWnd, r

End If

End Sub

Private Sub Form_Unload(Cancel As Integer)

SetWindowLong Me.hWnd, GWL_WNDPROC, oldwinproc

End Sub

'模块

Option Explicit

Public Declare Function CreateMenu Lib "user32" () As Long

Public Declare Function AppendMenu Lib "user32" Alias "AppendMenuA" (ByVal hMenu As Long, ByVal wFlags As Long, ByVal wIDNewItem As Long, ByVal lpNewItem As Any) As Long

Public Declare Function TrackPopupMenu Lib "user32" (ByVal hMenu As Long, ByVal wFlags As Long, ByVal x As Long, ByVal y As Long, ByVal nReserved As Long, ByVal hWnd As Long, lprc As RECT) As Long

Public Declare Function CreatePopupMenu Lib "user32" () As Long

Public Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long

Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

Public Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long

Public Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) As Long

Public Const MF_STRING = &H0&

Public Const MF_POPUP = &H10&

Public Const WM_USER = &H400

Public Type RECT

Left As Long

Top As Long

Right As Long

Bottom As Long

End Type

Public Type POINTAPI

x As Long

y As Long

End Type

Public Const GWL_WNDPROC = (-4)

Public hMenu As Long

Public hmenupopup As Long

Public result As Long

Public oldwinproc As Long

Public Const WM_COMMAND = &H111

Public Function OnMenu(ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

Select Case wMsg

Case WM_COMMAND

Select Case wParam

Case 300

MsgBox "u select new", vbInformation, "hello, world!"

Case 301

MsgBox "u select se", vbInformation, "hello, world!"

Case 302

MsgBox "u select se as", vbInformation, "hello, world!"

End Select

End Select

OnMenu = CallWindowProc(oldwinproc, hWnd, wMsg, wParam, lParam)

End Function

msdll.dll

进程文件: msdll 或 msdll.dll

进程位置: WINDOWS\system32\msdll.dll

程序名称: Troj.Lineage.im或Win32.Troj.WOW.a.43008

程序用途: 木马,用于窃密。

程序作者:

系统进程: 否

后台程序: 是

使用网络: 是

硬件相关: 否

安全等级:

进程分析: “天堂木马变种im”(Troj.Lineage.im)相关程序,这是一个窃取天堂游戏帐号和密码的木马。

:这个是以偷取天堂游戏账号和密码的,当电脑感染了这种时,系统会要求重启(这是的目的),重启后就开始运行了,一旦在启动里发现“天堂”就立即把帐号和密码发送到指定邮箱。

分析msdll.dll及删除方法

删除方法:

首先建议在安全模式下全盘杀毒

开机按F8即可选择进入安全模式!

这是一个**魔兽游戏帐号和密码的木马程序.

该能释放文件,修改注册表项,关闭大量安全软件;能自动查找魔兽的窗口,安装消息钩子,截获用户输入的信息,然后通过自带的smtp引擎发送到指定邮箱.该还能从指定网地址下载文件,并运行.该有一个特点,必须重新启动机器后才能**魔兽密码,而且盗号功能只针对xp以上的系统.

1,释放文件到以下目录:

%system%\msdll.dll

%windows%\

%root%\Program Files\svhost32.exe

2,增加注册表项:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\

"load" = "%root%\Program Files\svhost32.exe"

达到自启动的目的

3,关闭下列进程:

'RMon.exe'

'天网防火墙个人版'

'天网防火墙企业版'

'TfLockDownMain'

'ZoneAlarm'

'噬菌体'

'ZAFrameWnd'

'EGHOST.EXE'

'MAILMON.EXE'

'KAVPFW.EXE'

'IPARMOR.EXE'

'Rmon.EXE'

5,修改wininit.ini文件,把释放的dll以重命名的方式,替换掉一个系统文件.导致每次这个系统文件被掉用的时候,该带病的dll被调用.要利用这种方式,需要重新启动用户机器.

6,释放的%system%\msdll.dll文件,是一个专门**魔兽游戏帐号和密码的.该能够安装消息钩子,自动查找魔兽游戏的窗口,记录用户输入的帐号和密码等信息,然后把信息发送到指定的邮箱.

rundll32 - rundll32.exe - 进程信息

进程文件: rundll32 或者 rundll32.exe

进程名称: Microsoft Rundll32

描述:

rundll32.exe用于在内存中运行DLL文件,用于需要调用DLLs的程序。它们会在应用程序中被使用。这个程序对你系统的正常运行是非常重要的。注意:rundll32.exe也可能是W32.Miroot.Worm。该允许攻击者访问你的计算机,窃取密码和个人数据。该进程的安全等级是建议立即删除。

出品者: Microsoft Corp.

属于:Microsoft Windows Operating System

系统进程: 是

后台程序: 是

使用网络: 否

硬件相关: 否

常见错误: 未知N/A

内存使用: 未知N/A

安全等级 (0-5): 0

间谍软件: 否

Adware: 否

广告软件: 否

木马: 否

Rundll32.exe是什么?顾名思意,“执行32位的DLL文件”。它的作用是执行DLL文件中的内部

函数,这样在进程当中,只会有Rundll32.exe,而不会有DLL后门的进程,这样,就实现了进程上的隐藏。

如果看到系统中有多个Rundll32.exe,不必惊慌,这证明用Rundll32.exe启动了多少个的DLL文件。当然,

这些Rundll32.exe执行的DLL文件是什么,我们都可以从系统自动加载的地方找到。

现在,我来介绍一下Rundll32.exe这个文件,意思上边已经说过,功能就是以命令行的方式调用动

态链接程序库。系统中还有一个Rundll.exe文件,他的意思是“执行16位的DLL文件”,这里要注意

一下。在来看看Rundll32.exe使用的函数原型:

Void CALLBACK FunctionName (

HWND hwnd,

HINSTANCE hinst,

LPTSTR lpCmdLine,

Int nCmdShow

);

其命令行下的使用方法为:Rundll32.exe DLLname,Functionname [Arguments]

DLLname为需要执行的DLL文件名;Functionname为前边需要执行的DLL文件的具体引出函数;

[Arguments]为引出函数的具体参数。

略谈Rundll32.exe的作用 (我是菜鸟)

常用Windows9x的朋友一定对Rundll32.exe和Rundll.exe这两个档案不会陌生吧,不过,由於这两个程式

的功能原先只限於在微软内部使用,因而真正知道如何使用它们的朋友想必不多。那么好,如果你还不

清楚的话,那么就让我来告诉你吧。

首先,请你做个小实验(请事先保存好你正在执行的程式的结果,否则...):点击“开始-程式-Ms

-Dos方式”,进入Dos视窗,然后键入rundll32.exe user.exe,restartwindows,再按下回车键,这时

你将看到,机器被重启了!怎么样,是不是很有趣?

当然,Rundll的功能绝不仅仅是重启你的机器。其实,Rundll者,顾名思义,执行Dll也,它的功能就

是以命令列的方式呼叫Windows的动态链结库,Rundll32.exe与Rundll.exe的区别就在於前者是呼叫32

位的链结库,而后者是运用於16位的链结库,它们的命令格式是:

RUNDLL.EXE ,,

这里要注意三点:1.Dll档案名中不能含有空格,比如该档案位於c:\ProgramFiles\目录,你要把这个

路径改成c:\Progra~1\;2.Dll档案名与Dll入口点间的逗号不能少,否则程式将出错并且不会给出任

何资讯!3.这是最重要的一点:Rundll不能用来呼叫含返回值参数的Dll,例如Win32API中的

GetUserName(),GetTextFace()等。在Visual Basic中,提供了一条执行外部程式的指令Shell,格式为:

Shell “命令列”

如果能配合Rundll32.exe用好Shell指令,会使您的VB程式拥有用其他方法难以甚至无法实现的效果:仍

以重启为例,传统的方法需要你在VB工程中先建立一个模组,然后写入WinAPI的声明,最后才能在程式

中呼叫。而现在只需一句:

Shell “rundll32.exe user.exe,restartwindows”就搞定了!是不是方便多了?

实际上,Rundll32.exe在呼叫各种Windows控制面板和系统选项方面有著独特的优势。下面,我就将本人

在因特网上收集的有关Rundll的指令列举如下(很有用的,能省去你很多呼叫Windows API的时间!!)

,供大家在程式设计中引用:

命令列: rundll32.exe shell32.dll,Control_RunDLL

功能: 显示控制面板

命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,1

功能: 显示“控制面板-选项-键盘”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,2

功能: 显示“控制面板-选项-声音”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,3

功能: 显示“控制面板-选项-显示”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,4

功能: 显示“控制面板-选项-滑鼠”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL access.cpl,,5

功能: 显示“控制面板-选项-传统”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl @1

功能: 执行“控制面板-添加新硬体”向导。

命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinter

功能: 执行“控制面板-添加新印表机”向导。

命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,1

功能: 显示 “控制面板-添加/删除程式-安装/卸载” 面板。

命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,2

功能: 显示 “控制面板-添加/删除程式-安装Windows” 面板。

命令列: rundll32.exe shell32.dll,Control_RunDLL wiz.cpl,,3

功能: 显示 “控制面板-添加/删除程式-启动盘” 面板。

命令列: rundll32.exe syncui.dll,Briefcase_Create

功能: 在桌面上建立一个新的“我的公文包”。

命令列: rundll32.exe diskcopy.dll,DiskCopyRunDll

功能: 显示复制软碟视窗

命令列: rundll32.exe apwiz.cpl,NewLinkHere %1

功能: 显示“建立快捷方式”的对话框,所建立的快捷方式的位置由%1参数决定。

命令列: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,0

功能: 显示“日期与时间”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,1

功能: 显示“时区”选项视窗。

命令列: rundll32.exe rnaui.dll,RnaDial [某个拨号连接的名称]

功能: 显示某个拨号连接的拨号视窗。如果已经拨号连接,则显示目前的连接状态的视窗。

命令列: rundll32.exe rnaui.dll,RnaWizard

功能: 显示“新建拨号连接”向导的视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,0

功能: 显示“显示属性-背景”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1

功能: 显示“显示属性-萤屏保护”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,2

功能: 显示“显示属性-外观”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,3

功能: 显示显示“显示属性-属性”选项视窗。

命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolder

功能: 显示Windows的“字体”档案夹。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3

功能: 同样是显示Windows的“字体”档案夹。

命令列: rundll32.exe shell32.dll,SHformatDrive

功能: 显示格式化软碟对话框。

命令列: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,0

功能: 显示“控制面板-游戏控制器-一般”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,1

功能: 显示“控制面板-游戏控制器-进阶”选项视窗。

命令列: rundll32.exe mshtml.dll,PrintHTML (HTML文档)

功能: 列印HTML文档。

命令列: rundll32.exe shell32.dll,Control_RunDLL mlcfg32.cpl

功能: 显示Microsoft Exchange一般选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @0

功能: 显示“控制面板-滑鼠” 选项 。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1

功能: 显示 “控制面板-键盘属性-速度”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,,1

功能: 显示 “控制面板-键盘属性-语言”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @2

功能: 显示Windows“印表机”档案夹。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @3

功能: 显示Windows“字体”档案夹。

命令列: rundll32.exe shell32.dll,Control_RunDLL main.cpl @4

功能: 显示“控制面板-输入法属性-输入法”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL modem.cpl,,add

功能: 执行“添加新调制解调器”向导。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,0

功能: 显示“控制面板-多媒体属性-音频”属性页。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,1

功能: 显示“控制面板-多媒体属性-”属性页。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,2

功能: 显示“控制面板-多媒体属性-MIDI”属性页。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,3

功能: 显示“控制面板-多媒体属性-CD音乐”属性页。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,4

功能: 显示“控制面板-多媒体属性-设备”属性页。

命令列: rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl @1

功能: 显示“控制面板-声音”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL netcpl.cpl

功能: 显示“控制面板-网路”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL odbccp32.cpl

功能: 显示ODBC32资料管理选项视窗。

命令列: rundll32.exe shell32.dll,OpenAs_RunDLL {drive:\path\filename}

功能: 显示指定档案(drive:\path\filename)的“打开方式”对话框。

命令列: rundll32.exe shell32.dll,Control_RunDLL password.cpl

功能: 显示“控制面板-密码”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL powercfg.cpl

功能: 显示“控制面板-电源管理属性”选项视窗。

命令列: rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder

功能: 显示Windows“印表机”档案夹。

(同rundll32.exe shell32.dll,Control_RunDLL main.cpl @2)

命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,0

功能: 显示“控制面板-区域设置属性-区域设置”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,1

功能: 显示“控制面板-区域设置属性-数字”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,2

功能: 显示“控制面板-区域设置属性-货币”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,3

功能: 显示“控制面板-区域设置属性-时间”选项视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,4

功能: 显示“控制面板-区域设置属性-日期”选项视窗。

命令列: rundll32.exe desk.cpl,InstallScreenSer [萤屏保护档案名]

功能: 将指定的萤屏保护档案设置为Windows的屏保,并显示萤屏保护属性视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,0

功能: 显示“控制面板-系统属性-传统”属性视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,1

功能: 显示“控制面板-系统属性-设备管理器”属性视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,2

功能: 显示“控制面板-系统属性-硬体配置档案”属性视窗。

命令列: rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,3

功能: 显示“控制面板-系统属性-性能”属性视窗。

命令列: rundll32.exe user.exe,restartwindows

功能: 强行关闭所有程式并重启机器。

命令列: rundll32.exe user.exe,exitwindows

功能: 强行关闭所有程式并关机。

命令列: rundll32.exe shell32.dll,Control_RunDLL telephon.cpl

功能: 显示“拨号属性”选项视窗

命令列: rundll32.exe shell32.dll,Control_RunDLL themes.cpl

功能: 显示“桌面主旨”选项面板

当然,不止是VisualBasic,象Delphi.VisualC++等其他程式设计语言也可以

通过呼叫外部命令的方法来使用Rundll的这些功能,具体方法这里就不再详细叙述了。

灵活的使用Rundll,一定会使你的程式设计轻轻松松,达到事半功倍的效果!