[CODE] 2008-07-03,02:37:01 System Repair Engineer 2.6.11.992 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [NVIDIA Corporation] [NVIDIA Corporation] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.] [AMD] <"D:\卡不死你\avp.exe"> [(Verified)Kaspersky Lab] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayerDeamon.exe" /Hide> [南京远古科技有限公司] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\HomeShare\HomeShare.exe> [File is missing] <; nwiz.exe /install> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\SogouInput\OlympicNews.exe"> [(Verified)Sogou.com] <; C:\Program Files\PPStream\ppsap.exe> [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; > [N/A] <; c:\windows\system32\壁纸自动换.exe> [] ================================== 启动文件夹 [腾讯QQ] D:\QQ\QQ.exe [TENCENT]> ================================== 服务 [卡巴斯基反病毒软件 7.0 / AVP][Running/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Qvod Terminal / Qvod Terminal][Running/Auto Start] [Windows Network Media Service / UiPlayer][Running/Auto Start] <> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start] [AEAudio Service / AEAudioService][Running/Manual Start] [AliIde / AliIde][Running/Boot Start] <\SystemRoot\System32\DRIVERS\aliide.sys> [AMD Processor Driver / AmdK8][Running/System Start] [AMD Low Level Device Driver / AmdLLD][Running/Manual Start] [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start] [CmdIde / CmdIde][Running/Boot Start] <\SystemRoot\System32\DRIVERS\cmdide.sys> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] [NetGroup Packet Filter Driver / NPF][Running/Manual Start] [nv / nv][Running/Manual Start] [iNetShare / Passthru][Running/Manual Start] <> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [QKeyServiceDisplay / QKeyService][Running/Boot Start] <\SystemRoot\system32\KeyCrypt.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [SenFilt Service / SenFiltService][Running/Manual Start] [StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start] <\SystemRoot\System32\drivers\sfdrv01a.sys> [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp02.sys> [StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start] <\SystemRoot\System32\drivers\sfsync04.sys> [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start] <\SystemRoot\System32\drivers\sfvfs02.sys> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [VIA AGP Filter / viaagp1][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaagp1.sys> [Sony Ericsson W810 Driver driver (WDM) / w810bus][Stopped/Manual Start] [Sony Ericsson W810 USB WMC Modem Filter / w810mdfl][Stopped/Manual Start] [Sony Ericsson W810 USB WMC Modem Driver / w810mdm][Stopped/Manual Start] [Sony Ericsson W810 USB WMC Device Management Drivers (WDM) / w810mgmt][Stopped/Manual Start] [Sony Ericsson W810 USB WMC OBEX Interface / w810obex][Stopped/Manual Start] [XDva092 / XDva092][Stopped/Manual Start] <\??\C:\WINDOWS\system32\XDva092.sys> [XDva115 / XDva115][Stopped/Manual Start] <\??\C:\WINDOWS\system32\XDva115.sys> ================================== 浏览器加载项 [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Web 反病毒统计] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [启动WEB迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [WebThunder Class] {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A> [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [XSL Template] {2933BF94-7B36-11D2-B20E-00C04F983E60} [Vod Class] {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [WebVGPlayer Class] {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [QQPlayerSvr Proxy Control] {CD108273-D434-43E6-AA90-1469F97EB398} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [RevealTrans] {E31E87C4-86EA-4940-9B8A-5BD5D179A737} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [TimwpDll.TimwpCheck] {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [Scripting.Dictionary] {EE09B103-97E0-11CF-978F-00A02463E06F} [ViewgoodIPMan Class] {F1263FCF-83C7-4CD5-907A-C8B59D0039A9} [QvodCtrl Class] {F3D0D36F-23F8-4682-A195-74C92B03D4AF} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [Free Threaded XML DOM Document] {F6D90F12-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [IERPCtl Class] {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} [使用Web迅雷下载] [使用Web迅雷下载全部链接] [使用快车(Flas&hGet)下载] <, N/A> [使用快车(Flash&Get)下载全部链接] <, N/A> [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 1284 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1344 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1368 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1412 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1424 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 1592 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1716 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1872 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\System32\mscmsr.dll] [N/A, ] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 2004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 220 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 552 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 848 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\卡不死你\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6218] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.6218] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6218] [C:\WINDOWS\system32\nvshell.dll] [, ] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [D:\卡不死你\ShellEx.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\mp3剪切器\wma转mp3\AWMAW\AWMAW_SHELLEXT.DLL] [LitexMedia, Inc., 0.1.0.0 Sincerely thanks the original developer coding such a meaty ware Chinese interface locali] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.5.0.0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.5.0.0] [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 75] [PID: 1000 / Administrator][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6, 0, 0, 20] [C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 4000, 014] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 1056 / Administrator][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 2, 0, 11] [PID: 1188 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 924 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6218] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6218] [PID: 1204 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1632 / SYSTEM][C:\Program Files\UitvDll\msrv.exe] [, 1, 0, 1, 2] [C:\Program Files\UitvDll\UiPlay.dll] [UiTV Corporation, 3.0.4.7] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [PID: 2360 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3432 / Administrator][C:\Program Files\racer-ccn-racerpc-ha\racer.exe] [Putian Runway, 3,3,130,306] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\racer-ccn-racerpc-ha\rwxre.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\nspr4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-ccn-racerpc-ha\xpcom_core.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-ccn-racerpc-ha\plc4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-ccn-racerpc-ha\plds4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-ccn-racerpc-ha\nss3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-ccn-racerpc-ha\softokn3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-ccn-racerpc-ha\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\racer-ccn-racerpc-ha\gkgfx.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-ccn-racerpc-ha\xpcom_compat.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-ccn-racerpc-ha\smime3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-ccn-racerpc-ha\ssl3.dll] [Netscape Communications Corporation, 3.10.2] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\racer-ccn-racerpc-ha\components\racer_base_comp.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\racer_base.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\kbdhook.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\components\jar50.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-ccn-racerpc-ha\components\gklayout.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-ccn-racerpc-ha\nssckbi.dll] [Netscape Communications Corporation, 1.53] [C:\Program Files\racer-ccn-racerpc-ha\components\racer_ad_comp.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\components\racer_access_dhcpplus.dll] [Putian Runway, 3,3,130,325] [C:\Program Files\racer-ccn-racerpc-ha\dhcpplus.dll] [北京润汇科技有限公司, 3, 0, 0, 45] [C:\Program Files\racer-ccn-racerpc-ha\components\racer_nss4_comp.dll] [Putian Runway, 3,3,130,306] [C:\Program Files\racer-ccn-racerpc-ha\nss4.dll] [北京润汇科技有限公司, 1, 0, 0, 4] [C:\Program Files\racer-ccn-racerpc-ha\wpcap.dll] [CACE Technologies, 3, 2, 0, 29] [C:\Program Files\racer-ccn-racerpc-ha\packet.dll] [CACE Technologies, 3, 2, 0, 29] [C:\Program Files\racer-ccn-racerpc-ha\WanPacket.dll] [CACE Technologies, 3, 2, 0, 29] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\racer-ccn-racerpc-ha\plugins\NPSWF32.dll] [, ] [PID: 3656 / Administrator][C:\Program Files\racer-ccn-racerpc-ha\RacerKp.exe] [北京润汇科技有限公司, 1, 0, 0, 1] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 3788 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 3612 / Administrator][C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayerDeamon.exe] [南京远古科技有限公司, 8.0.0.3] [C:\Program Files\VIEWGOOD\WebPlayer 2007\AsyncHttp71.dll] [南京远古科技, 1, 2, 0, 0] [C:\Program Files\VIEWGOOD\WebPlayer 2007\FileOperation.dll] [VIEWGOOD, 8, 0, 0, 0] [C:\Program Files\VIEWGOOD\WebPlayer 2007\zipdll.dll] [N/A, ] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 3468 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\卡不死你\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 75] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\klscav.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\prremote.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\卡不死你\prloader.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\prkernel.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\params.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\pxstub.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\tempfile.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\nfio.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\fsdrvplg.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\basegui.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\thpimpl.ppl] [Kaspersky Lab, 7.0.1.325] [d:\卡不死你\winreg.ppl] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayer5\VGIPMan.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3] [C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayer6\RMAVDecoder.ax] [南京远古科技有限公司, 6, 0, 0, 0] [C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayer6\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\VIEWGOOD\WebPlayer 2007\WebPlayer6\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\VIEWGOOD\WebPlayer 2007\Codecs\ac3\ac3filter.ax] [, 1.01a] [C:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll] [N/A, ] [C:\Program Files\Ringz Studio\Storm Codec\Codecs\Vid1Dec.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\Program Files\QvodPlayer\QvodInsert.dll] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53] [C:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax] [Gabest, 1, 0, 1, 1] [C:\Program Files\VIEWGOOD\WebPlayer 2007\Codecs\rm\COOK.dll] [RealNetworks, Inc., 10.0.0.682] [C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0] [C:\Program Files\VIEWGOOD\WebPlayer 2007\Codecs\rm\drvc.dll] [RealNetworks, Inc., 10.0.0.922] [PID: 1584 / Administrator][C:\Program Files\QvodPlayer\QvodPlayer.exe] [Shenzhen QVODTechnology Co.,Ltd, 2, 5, 0, 53] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\QvodPlayer\QvodInsert.dll] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53] [D:\卡不死你\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 3420 / Administrator][D:\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.11.992] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [PID: 2264 / Administrator][D:\sreng2\SRE9b4eb966.EXE] [Smallfrogs Studio, 2.6.11.992] [D:\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [D:\卡不死你\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [D:\卡不死你\fssync.dll] [Kaspersky Lab, 7.0.5.325] [D:\卡不死你\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [D:\卡不死你\dnsq.dll] [Kaspersky Lab, 7.0.1.325] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn 127.0.0.1 gxgxy.net 127.0.0.1 c0mo.com ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1056, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 924, C:\WINDOWS\SYSTEM32\NVSVC32.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3432, C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACER.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3656, C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACERKP.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3788, C:\PROGRAM FILES\QVODPLAYER\QVODTERMINAL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3612, C:\PROGRAM FILES\VIEWGOOD\WEBPLAYER 2007\WEBPLAYERDEAMON.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1584, C:\PROGRAM FILES\QVODPLAYER\QVODPLAYER.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3420, D:\SRENG2\SRENGLDR.EXE] ================================== API HOOK RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\f.sys笚T) RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\緁.sys) RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\鉋緁.sys) RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\思緁.sys) RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\[櫢f.sys) ================================== 隐藏进程 N/A ================================== [/CODE]