[CODE] 2008-06-14,17:38:30 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [EMPIA Technology Corporation] [] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE> [(Verified)"McAfee, Inc."] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 [AutoCAD 启动加速器] C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]> [Adobe Gamma Loader] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]> [Stardock ObjectDock] C:\WINDOWS\OBJECT~1\OBJECT~1.EXE [Stardock]> ================================== 服务 [Microsoft AppLocale / Applocale][Stopped/Auto Start] %SystemRoot%\system32\Applocale.dll> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [McAfee McShield / McShield][Running/Auto Start] <"C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"> [McAfee Task Manager / McTaskManager][Running/Auto Start] <"C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"> [Autoupdate For Windows / Wuauclt][Running/Auto Start] %SystemRoot%\system32\Wuauclt.dll> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] [Apaidi / Apaidi][Running/] <2 - 系统找不到指定的文件。 > [ET USB 2750 Camera / DCamUSBET][Running/Manual Start] [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [ET USB Device Lower Filter / FiltUSBET][Running/Manual Start] [ialm / ialm][Running/Manual Start] [McAfee Inc. / mfeapfk][Running/Manual Start] [McAfee Inc. / mfeavfk][Running/Manual Start] [McAfee Inc. / mfebopk][Running/Manual Start] [McAfee Inc. / mfehidk][Running/Manual Start] [VSCore mferkdk / mferkdk][Running/System Start] <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys> [McAfee Inc. / mfetdik][Running/System Start] [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\C:\Program Files\qq2007\npkcrypt.sys> [nv / nv][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [rimsptsk / rimsptsk][Running/Manual Start] [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [ET USB Still Image Capture Device / ScanUSBET][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [sgkzl5 / sgkzl5s][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\sgkzl5s.sys> [tma2bhqus / tma2bhqus][Stopped/Boot Start] <\SystemRoot\system32\drivers\tma2bhqus.sys> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [AddTask Class] {6A19C29D-ED45-4483-8999-9F939C8161F2} [scriptproxy] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Parameter Class] {FFFFEECE-FD18-8222-2FB0-2935B9EA0515} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} [AddTask Class] {6A19C29D-ED45-4483-8999-9F939C8161F2} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [scriptproxy] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Parameter Class] {FFFFEECE-FD18-8222-2FB0-2935B9EA0515} [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 692 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 704 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 852 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 896 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 980 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1068 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1108 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1404 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 1652 / Administrator][C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll] [McAfee, Inc., VSCORE.13.3.1.100] [C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll] [McAfee, Inc., 8.5.0.781] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [PID: 944 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll] [McAfee, Inc., VSCORE.13.3.1.100] [C:\Program Files\McAfee\VirusScan Enterprise\FTL.Dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll] [N/A, ] [C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\scriptsv.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll] [McAfee, Inc., SYSCORE.13.3.0.116.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.116.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll] [McAfee, Inc., SYSCORE.13.3.0.116.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll] [McAfee, Inc., SYSCORE.13.3.0.116.x86] [C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00] [PID: 1092 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\condl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll] [McAfee, Inc., VSCORE.13.3.1.100] [C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll] [McAfee, Inc., 8.5.0.148] [C:\Program Files\McAfee\VirusScan Enterprise\BBCpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\coptcpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\EmCfgCpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\nvpcpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\OASCpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\QuarCpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\vsodscpl.dll] [McAfee, Inc., 8.5.0.781] [C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll] [N/A, ] [C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\McAfee\VirusScan Enterprise\vsupdcpl.dll] [McAfee, Inc., 8.5.0.781] [PID: 1500 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1552 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wuauclt.dll] [Microsoft Corporation, 1, 0, 0, 1] [PID: 2240 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2784 / Administrator][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\McAfee\VirusScan Enterprise\shext.dll] [McAfee, Inc., 8.5.0.781] [PID: 1672 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [PID: 2688 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.0.4] [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4] [C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 2] [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\eREAD\eREAD\WebHook.dll] [, 1, 0, 0, 1] [C:\Program Files\eREAD\eREAD\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\eREAD\eREAD\ATL80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll] [McAfee, Inc., VSCORE.13.3.1.100.x86] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 20] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 3316 / Administrator][C:\Program Files\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 2, 300] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 21] [C:\Program Files\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85] [C:\Program Files\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [C:\Program Files\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8] [C:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 0, 3] [C:\Program Files\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 26] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Thunder\Components\InMedia\iEmbedShell.dll] [ , 1, 0, 0, 17] [C:\Program Files\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 8, 30] [C:\Program Files\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1.0.0.10] [C:\Program Files\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 12] [C:\Program Files\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 46] [C:\Program Files\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20] [C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15] [C:\Program Files\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 9, 97] [C:\Program Files\Thunder\Components\VPSHELL\VPSHELL.dll] [XunLei, 1, 2, 0, 10] [C:\Program Files\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [C:\Program Files\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 9] [C:\Program Files\Thunder\Components\InMedia\iEmbed09.dll] [ , 3, 3, 0, 80] [C:\Program Files\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 2, 61] [C:\Program Files\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 8] [C:\Program Files\Thunder\Plugins\TingTing\TingTing.dll] [Thunder Networking Technologies,LTD, 1, 2, 2, 13] [C:\Program Files\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0] [C:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll] [深圳市迅雷网络技术有限公司, 1, 2, 0, 4] [C:\Program Files\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 2, 0, 11] [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [C:\Program Files\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 8] [C:\Program Files\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [C:\Program Files\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2] [PID: 2996 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [PID: 4068 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX15.209\SuperKiller.exe] [, 2, 2, 0, 9] [C:\Program Files\360safe\antispy.dll] [奇虎网, 4, 1, 0, 1001] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Newkernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NewAdvapi32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fixfinal2.dll] [N/A, ] [PID: 1848 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [PID: 820 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [PID: 2300 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\PowerRmv.exe] [Filseclab Corp., 2, 0, 3, 961] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\virsubm.dll] [Filseclab Corp., 2, 0, 2, 496] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\W32Tools.dll] [Filseclab Corp., 1, 0, 2, 1772] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\psmgr.dll] [Filseclab Corp., 1, 0, 1, 1071] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\zipexp.dll] [Filseclab Corp., 1, 0, 1, 164] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\emlib.dll] [Filseclab Corp., 1, 0, 2, 1250] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\ctools.dll] [Filseclab Corp., 1, 0, 0, 19] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX60.688\Quarantine.dll] [Filseclab Corp., 2, 0, 0, 581] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [PID: 3004 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [PID: 1080 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.774\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.774\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR Error. [AutoCADScriptFile] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 c0mo.com 127.0.0.1 gxgxy.net 127.0.0.1 fg.pvs360.com 127.0.0.1 cw.pvs360.com 127.0.0.1 ta.pvs360.com 127.0.0.1 dl.pvs360.com 127.0.0.1 ok.sl8cjs.cn 127.0.0.1 nc.mskess.com 127.0.0.1 idc.windowsupdeta.cn 127.0.0.1 pvs360.com 127.0.0.1 sl8cjs.cn 127.0.0.1 windowsupdeta.cn 127.0.0.1 up.22x44.com 127.0.0.1 my.531jx.cn 127.0.0.1 nx.51ylb.cn 127.0.0.1 llboss.com 127.0.0.1 down.malasc.cn 127.0.0.1 d2.llsging.com 127.0.0.1 171817.171817.com 127.0.0.1 wg.47255.com 127.0.0.1 www.tomwg.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 1.joppnqq.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.22aaa.com 127.0.0.1 ilove.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 www.868wg.com 127.0.0.1 2.joppnqq.com 127.0.0.1 1.jopanqc.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopmmqq.com 127.0.0.1 cao.kv8.info 127.0.0.1 xtx.kv8.info 127.0.0.1 new.749571.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 1.jopenkk.com 127.0.0.1 d.93se.com 127.0.0.1 3.joppnqq.com 127.0.0.1 xxx.j41m.com 127.0.0.1 1.jopenqc.com 127.0.0.1 xxx.m111.biz 127.0.0.1 down.18dd.net 127.0.0.1 www.333292.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.cike007.cn ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 648, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3316, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2996, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1848, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2300, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX60.688\POWERRMV.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2300, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX60.688\POWERRMV.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3004, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]