Running processes:
来源:百度知道 编辑:UC知道 时间:2024/05/16 16:25:49
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\讯雷4\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Ra
/*
DLL OCCURENCY FINDER UTILITY
it simply searches in all running process for <DLL_NAME> occurency.
Very useful with malware detecting/removing. Imagine you
find a dll which you can't delete and you need to know
which process is running it...
coded by Piotr Bania <bania.piotr@gmail.com>
Sample usage:
E:\projekty\finddll\Debug>finddll jar50.dll
....
[+] Searching in ping.exe (PID=0x564) for module occurency.
[+] Searching in firefox.exe (PID=0xFC4) for module occurency.
[*] --- MODULE OCCURENCY FOUND ---
[+] jar50.dll found in firefox.exe (PID=0xFC4)
[+] jar50.dll base located at: 0x023c0000
[+] jar50.dll handle in process: 0x23C0000
[+] jar50.dll size of module: 0xD000 bytes
[+] jar50.dll path: C:\Program Files\Mozilla Firefox\components\jar50.dll
[*] --- PRESS ANY KEY T