【求助】帮忙看看日志,怎样杀毒? bbs.ikaka.com

zhj5460 - 2007-5-16 17:43:00

[CODE]

2007-05-16,17:25:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<zcjs3vvzd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<winform><C:\WINDOWS\winform.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<System><C:\Program Files\Common Files\system\Updaterun.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\system32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[2820B083 / 2820B083][Stopped/Auto Start]
<C:\WINDOWS\system32\B969E693.EXE -d><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iiypqc / iiypqc][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\viypdc\viypdc.dll,Service -s><Microsoft Corporation>
[Fax Client / ms_fax][Running/Auto Start]
<C:\WINDOWS\system32\af2b.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Registry Protect / Security][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ftvhb.dll><Microsoft Corporation>
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
<><N/A>
[Windows zrtk RunThem / zrtk][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\umof\ewyp.dll>< >

zhj5460 - 2007-5-16 17:44:00

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[AEC6210 / AEC6210][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec6210.sys><ACARD Technology Corp.>
[AEC6260 / AEC6260][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA Technology Corporation>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\asc.sys><Advanced System Products, Inc.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[buslogic / buslogic][Stopped/Boot Start]
<\SystemRoot\System32\bird\buslogic.sys><Microsoft Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\BIRD\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Running/Boot Start]
<\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[DMX3191 / DMX3191][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\DMX3191.sys><Microsoft Corporation>
[DMX3194 / DMX3194][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\dmx3194.sys><Microsoft Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\dptscsi.sys><Distributed Processing Technology Corp.>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[fd16_700 / fd16_700][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\fd16_700.sys><Microsoft Corporation>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fireport / fireport][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\fireport.sys><Microsoft Corporation>
[flashpnt / flashpnt][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\flashpnt.sys><Mylex,Corp.>
[FT8300 / FT8300][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ftsata2.sys><N/A>
[GD31244 / GD31244][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>
[IASTOR / IASTOR][Running/Boot Start]
<\SystemRoot\System32\BIRD\iaStor.sys><Intel Corporation>
[IFT2000 / IFT2000][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ift2000.sys><Infortrend Technology, Inc.>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\JRAID.SYS><JMicron Technology Corp.>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\KRegEx.sys><N/A>
[KSysCall Service / KSysCall][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\KSysCall.sys><N/A>
[KvMemon / KvMemon][Stopped/Manual Start]
<\??\C:\PROGRA~1\KV2006\KvMemon.sys><N/A>
[M5228 / M5228][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\m5228.sys><ALi Corporation.>
[M5281 / M5281][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\mraid35x.sys><LSI Logic Corporation>
[NFRD960 / NFRD960][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
<\SystemRoot\System32\BIRD\NVATABUS.SYS><NVIDIA Corporation>
[NVRAID / NVRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\NVRAID.SYS><NVIDIA Corporation>
[perc2 / perc2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\perc2.sys><Adaptec, Inc.>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\pnp649r.sys><CMD Technology, Inc.>
[PNP680 / PNP680][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\pnp680.sys><Silicon Image, Inc.>
[PNP680R / PNP680R][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\pnp680r.sys><Silicon Image, Inc>
[PProtect / PProtect][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\raidsrc.sys><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\rr232x.sys><HighPoint Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]

zhj5460 - 2007-5-16 17:46:00

<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SISRAID / SISRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
<system32\DRIVERS\snpstd3.sys><>
[SPTRAK / SPTRAK][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\trm3x5.sys><Tekram Technology Co., Ltd.>
[ULSATA / ULSATA][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[viagfx / viagfx][Stopped/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
<system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[W2KADV / W2KADV][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\wd7296a.sys><Western Digital Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Abho Class]
{1238F6B9-C123-4049-B07E-7A71AF320032} <C:\WINDOWS\system32\caf.dll, TODO: <公司名>>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Abho Class]
{1238F6B9-C123-4049-B07E-7A71AF320032} <C:\WINDOWS\system32\caf.dll, TODO: <公司名>>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[珊瑚虫超级搜索]
<, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

zhj5460 - 2007-5-16 17:46:00

==================================
正在运行的进程
[PID: 520][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\ftvhb.dll] [Microsoft Corporation, 5.1.2600.0]
[PID: 1032][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1560][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll] [N/A, ]
[C:\Program Files\Media Player Classic\Codecs\mkunicode.dll] [N/A, ]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7181]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[PID: 1780][C:\Program Files\Common Files\system\Updaterun.exe] [N/A, ]
[PID: 1796][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[PID: 984][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ac.dll] [ , 1, 0, 0, 3]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[PID: 500][D:\Program Files\Maxthon\Maxthon.exe] [MY Soft Technology, 1, 2, 4, 18]
[D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 176][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[PID: 3760][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sreng2(1).zip 的临时目录 1\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[c:\progra~1\umof\hzbs.dll] [, 1, 0, 0, 6]
[c:\progra~1\umof\megx.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\COMMON~1\viypdc\wgqxfb.nls] [, 3, 6, 0, 8]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 popwin.9983.com
61.152.169.246 www.kuaiso.com
61.152.169.246 www.my6688.cn
61.152.169.246 www.union123.com
61.152.169.246 www.ktan.cn
61.152.169.246 www.2t2t.cn
61.152.169.246 www.cq530.com
61.152.169.246 www.365tc.com
61.152.169.246 ad.qucha.net
61.152.169.246 www.tan8.cn
61.152.169.246 www.itjj.net
61.152.169.246 www.start188.com
61.152.169.246 www.at58.cn
61.152.169.246 union.yxad.com
61.152.169.246 www.iptan.com
61.152.169.246 www.ip2008.net
61.152.169.246 www.yqif.com
61.152.169.246 www.2t2t.cn
61.152.169.246 www.17tan8.com
61.152.169.246 17tan8.com
61.152.169.246 www.688ip.com
61.152.169.246 www.17tc.com
61.152.169.246 www.zztan.com
61.152.169.246 www.5tanip.com
61.152.169.246 www.16tc.com
61.152.169.246 www.163se.net
61.152.169.246 www.724tc.com
61.152.169.246 www1.6tan.com
61.152.169.246 www2.6tan.com
61.152.169.246 www.6tan.com
61.152.169.246 quxiuu.com
61.152.169.246 www.quxiuu.com
61.152.169.246 www.23b.cn
61.152.169.246 www.ookkw.com
61.152.169.246 www.97725.com
61.152.169.246 down.97725.com
61.152.169.246 www.54699.com
61.152.169.246 web.77276.com
61.152.169.246 www.77276.com
61.152.169.246 d.77276.com
61.152.169.246 do.77276.com
61.152.169.246 i.96981.com
61.152.169.246 wm.103715.com
61.152.169.246 www.138505.com
61.152.169.246 cool.47555.com
61.152.169.246 www.437799.com
61.152.169.246 www.168080.com
61.152.169.246 w.168080.com
61.152.169.246 q.168080.com
61.152.169.246 www.baidu8.org
61.152.169.246 d.qbbd.com
61.152.169.246 w.qbbd.com
61.152.169.246 www.npjxjy.com
61.152.169.246 www.wwwlm.net
61.152.169.246 new2.jixie123.cn
61.152.169.246 www.18dmm.com
61.152.169.246 www.souxse.cn
61.152.169.246 dm1.yiall.com
61.152.169.246 www.nze21.com
61.152.169.246 www.puma163.com
61.152.169.246 www.hyap98.com
61.152.169.246 www.51liulan.cn
61.152.169.246 s.gcuj.com
61.152.169.246 long.down988.cn
61.152.169.246 x.vvcyin.com
61.152.169.246 w.vvcyin.com
61.152.169.246 cc.wzxqy.com
61.152.169.246 ip.315hack.com
61.152.169.246 ip.54liumang.com
61.152.169.246 www.41ip.com
61.152.169.246 xulao.com
61.152.169.246 www.xulao.com
61.152.169.246 www.heixiou.com
61.152.169.246 www.9cyy.com
61.152.169.246 adnx.yygou.cn
61.152.169.246 www1.cw988.cn
61.152.169.246 www2.cw988.cn
61.152.169.246 www.asdwc.com
61.152.169.246 ceoww.com
61.152.169.246 boolom.com
61.152.169.246 www.boolom.com
61.152.169.246 www.tellumore.com
61.152.169.246 www.o1wg.com
61.152.169.246 www.qq756.com
61.152.169.246 ll.chinasese.net
61.152.169.246 www.cnwangmeng.cn
61.152.169.246 0.82211.net
61.152.169.246 rising.whatthishome.com
61.152.169.246 www.canqiou.com
61.152.169.246 www.if56.cn
61.152.169.246 woai777.com
61.152.169.246 www.cz-kc.com
61.152.169.246 www.f1ash8.net
61.152.169.246 new.hackpp.com
61.152.169.246 ad.taoip.cn
61.152.169.246 www.game53.com
61.152.169.246 up.boolom.com
61.152.169.246 t.gcuj.com
61.152.169.246 w.zpx520.com
61.152.169.246 www.08325.cn
61.152.169.246 d.fangni.net
61.152.169.246 psxiaokan1.mei7.com
61.152.169.246 jd.54liumang.com
61.152.169.246 www.ipvip.info
61.152.169.246 www.tao168188.com
61.152.169.246 ww.qqzheng.cn
61.152.169.246 mmm.021mm8.com
61.152.169.246 www.urlad.cn
61.152.169.246 www.810810.org
61.152.169.246 my.pkgame8.com
61.152.169.246 www.chunliao.net
61.152.169.246 www.89622.com
61.152.169.246 at2.810810.org
61.152.169.246 www.qq.goto.60ad.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛