[CODE]2007-08-11,14:00:51System Repair Engineer 2.5.16.900Smallfrogs (http://www.KZTechs.com)Windows XP Home Edition (Build 2600) - 管理权限用户 - 完整功能以下内容被选中： 所有的启动项目（包括注册表、启动文件夹、服务等） 浏览器加载项 正在运行的进程（包括进程模块信息） 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描

不完全!

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
[]
[N/A]
[N/A]
[N/A]
[N/A]
[]
[N/A]
[N/A]
[Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows XP Publisher]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{12311A42-AC1B-158F-FD32-5674345F23A1}>
[N/A] <0CCE6E12-C2EC-56CD+1A62-AE3FD6EF56E6}><> [N/A] <{4562452F-FA36-BA4F-892A-FF5FBBAC5314}>
[] <{32311A42-AC1B-158F-FD32-5674345F23A3}>
[] <{2F12545B-1212-1314-5679-4512ACEF8902}>
[] <{612BC423-3713-224D-3F55-32B35C62B116}>
[] <{7A65498A-7653-9801-1647-987114AB7F47}>
[] <{54123FF1-8371-9834-9021-184518451FA5}>
[] <{425AB2F3-234A-7469-2F43-E341713ABFA4}>
[] <{759AFD5B-159F-ACD8-954C-ACD545FA6587}>
[] <{1182C1EB-375C-573D-1F5E-234552345211}>
[] <{26368135-64FA-BC34-DA32-DCF4FD431C92}>
[] <{3422FB0F-95EB-458A-8B56-39552017A4EF}>
[] <{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}>
[] <{E952B8F8-D91A-4EDD-851C-EE1A0F944469}>
[] <{71046DD5-E136-4C4B-A6B5-91C30CB15291}>
[] <{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}>
[] <{A3C95A74-638D-4C6B-A856-4B27664A7F47}>
[] <{074616A6-5ADC-4A3F-B252-E1D605228B5C}>
[] <{BD9B003B-0BE6-4528-A9D9-B8DBACAC6B9B}>
[] <{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}>
[] <{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}>
[] <{68F7767A-090C-4BBF-A015-720ACC6706E2}>
[] <{08E909A4-B236-48DD-8BCC-90A604B93E68}>
[] <{D8CC4845-441C-44F8-9053-28F2EF67655B}>
[] <{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}>
[] <{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}>
[][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]

<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows XP Publisher]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[Kaspersky Lab][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows XP Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <自定义浏览器>
[(Verified)Microsoft Windows XP Publisher]

==================================启动文件夹[金山词霸 2002]
D:\Program Files\Kingsoft\XDict\XDICT.EXE [N/A]>
[Microsoft Office]
D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]>
[InterVideo WinCinema Manager]
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [N/A]>


====================================================================浏览器加载项[ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233}
[Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}
[AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Flash Object Class] {109B111C-371B-4267-AF19-BDEB6EDA0970}
[XBTP06568 Class] {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}
[BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697}
[] {A1626E66-B26B-C628-A1DF-BDACCFA26EE1}
[NavigatMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D}
[] {C1626E66-C26B-C628-E1DF-CDACCFA26EE1}
[启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A}
[@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>[金山快译(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C}
[电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467}
[百度超级搜霸] {B580CF65-E151-49C3-B73F-70B13FCA8E86}
[AOL Security Toolbar] {3BB63FD4-3C00-44D7-94A9-5DE211900DEF}
[Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE}
[Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3}
[使用迅雷下载]
[使用迅雷下载全部链接]
[添加到QQ表情]


==================================正在运行的进程[PID: 148][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 200][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\sxs.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 224][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SCESRV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\mydpri.dll] [N/A, ] [C:\WINDOWS\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5014.0] [C:\WINDOWS\system32\OLE32.DLL] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\secur32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\eventlog.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 284][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\LSASRV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\wdigest.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2518.0 (main.010714-2114)] [C:\WINDOWS\system32\scecli.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 444][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148)] [c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\mydpri.dll] [N/A, ] [C:\WINDOWS\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5014.0] [C:\WINDOWS\system32\OLE32.DLL] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2 (xpclient.010817-1148)] [C:\WINDOWS\system32\netman.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MPRAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ACTIVEDS.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\adsldpc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ATL.DLL] [Microsoft Corporation, 3.00.9238] [C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\RASAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\rasman.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\system32\WZCSvc.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WMI.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpclient.010817-1148)] [C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 468][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\mydpri.dll] [N/A, ] [C:\WINDOWS\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5014.0] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [c:\windows\system32\cryptsvc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [c:\windows\system32\certcli.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.00.9238] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [c:\windows\system32\ESENT.dll] [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)] [c:\windows\system32\wbem\wmisvc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\wbem\wbemcomn.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\VSSAPI.DLL] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [c:\windows\system32\srsvc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpclient.010817-1148)] [c:\windows\pchealth\helpctr\binaries\pchsvc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\dmserver.dll] [Microsoft Corp., 2600.0.503.0] [c:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\es.dll] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\System32\wbem\wbemcore.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\esscli.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\FastProx.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\wmiutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\repdrvfs.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\wmiprvsd.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\wbemess.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\wbem\ncprov.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 700][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.109 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.115 (xpclnt_qfe.021108-2107)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5014.0] [C:\WINDOWS\System32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\System32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0407.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\mydpri.dll] [N/A, ] [C:\WINDOWS\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpclient.010817-1148)] [C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\themeui.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\PROGRA~1\WINDOW~3\wmpband.dll] [Microsoft Corporation, 10.00.00.3802] [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\
neta
pi32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ATL.DLL] [Microsoft Corporation, 3.00.9238] [C:\WINDOWS\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\MLANG.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\msi.dll] [Microsoft Corporation, 2.0.2600.0] [C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2 (xpclient.010817-1148)] [C:\WINDOWS\system32\netman.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\MPRAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ACTIVEDS.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\adsldpc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\RASAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\rasman.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WZCSvc.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WMI.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\PDF阅读器\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7801] [C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)] [C:\WINDOWS\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\OLEACC.dll] [Microsoft Corporation, 4.2.5406.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINDOWS\System32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7801] [C:\WINDOWS\System32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2 (xpclient.010817-1148)] [C:\WINDOWS\System32\netman.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\MPRAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ACTIVEDS.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\adsldpc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\ATL.DLL] [Microsoft Corporation, 3.00.9238] [C:\WINDOWS\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\WZCSvc.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\WMI.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\DHCPCSVC.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\utildll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2518.0 (main.010714-2114)]==================================文件关联.TXT Error. [C:\WINDOWS\notepad.exe %1].EXE OK. ["%1" %*].COM OK. ["%1" %*].PIF OK. ["%1" %*].REG OK. [regedit.exe "%1"].BAT OK. ["%1" %*].SCR OK. ["%1" /S].CHM Error. [hh.exe %1].HLP Error. [C:\WINDOWS\winhlp32.exe %1].INI Error. [notepad.exe %1].INF Error. [C:\WINDOWS\NOTEPAD.EXE %1].VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件N/A==================================进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 224, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]==================================API HOOKN/A==================================隐藏进程N/A==================================[/CODE]

这下完全了。。。。。求哪位大虾给分析分析。。

你电脑有问题?说说现象了更好找!

没声音，ctr+alt+del打不开任务管理器，

清除步骤==========1. 结束Explorer.exe进程2. 删除（或重命名/移动）木马文件：%System%\wodoor0.dll3. 运行Explorer.exe进程4. 删除木马创建的ShellExecuteHooks启动项和相关信息：

参考http://hi.baidu.com/newcenturysun/blog/item/ffba1e7b78e9c7f60bd18770.html希望对你有所帮助