IBM Bluemix
点击按钮,开始云上的开发!
developerWorks 社区
Desktop Entry 文件是 Linux 桌面系统中用于描述程序启动配置信息的文件。Desktop Entry 文件实现了类似于 Windows 操作系统中快捷方式的功能。本文详细介绍了 Linux Desktop Entry 文件的定义,编程和使用方式。读者可以通过文章末尾的实例操作进一步加深对 Desktop Entry 文件应用的领会。
(), IBM 中国软件开发中心 WPLC 部,软件工程师
龚奕平,软件工程师,IBM 中国软件开发中心 WPLC 部。现主要从事 Notes Linux 产品的研究及开发。研究兴趣包括 Windows 应用程序跨平台移植、GDI 开发、网络设备开发和调度算法研究。联系方式:.
1.Desktop Entry 文件标准简介在 Windows 平台上,用户可以通过点击位于桌面或菜单上的快捷方式轻松打开目标应用程序。现代 Linux 桌面系统也提供了此项功能。目前,Linux KDE 和 Linux GNOME 桌面系统都使用 Desktop Entry 文件标准来描述程序启动配置信息。Desktop Entry 文件标准是由 FreeDesktop.org(http://freedesktop.org/wiki/) 制定的,目前最新的版本是"Desktop Entry Specification 1.0"[1]。2.Desktop Entry文件图1
Linux GNOME 应用程序浏览器Desktop Entry 文件以".desktop"为后缀名。以 Linux GNOME 桌面系统为例,用户打开应用程序浏览器后(见图1)会看见很多应用程序快捷方式。事实上,每个应用程序快捷方式都和一个 Desktop Entry 文件相对应。这些 Desktop Entry 文件通常被存放在
/usr/share/applications/
/opt/gnome/share/applications/
等目录下。从文件浏览器进入这些目录,点击相应的 Desktop Entry 文件同样可以启动相对应的应用程序。假设当前"/usr/share/applications/"目录下有一文件"cbt.desktop",用任意文件编辑软件(如 vi 或 gedit)打开"cbt.desktop",将得到如下内容:清单1
"cbt.desktop"文件内容[Desktop Entry]
Version = 1.0
Encoding = UTF-8
Name = Quick Start Tour
GenericName = User Tutorial
Comment = Computer Based Training tutorial to \
guide and help you learn how to use the Desktop
gnome-open /usr/share/doc/manual/sled-gnome-cbt_en/index.html
Icon = cbt
StartupNotify = true
Terminal = false
Type = Application
Categories = GNOME;AD
OnlyShowIn = GNOME;
X-SuSE-translate = true
Name[cs] = Rychlá prohlídka systému
Comment[cs] = V?ukov? program seznamující u?ivatele
se základy pracovního prost?edí
GenericName[cs] = U?ivatelsk? tutoriál
Name[hu] = Rendszerbemutató
Comment[hu] = A munkaállomés használatát bemutató segédlet
GenericName[hu] = Felhasználói segédlet本文将在下一节中结合上述"cbt.desktop"文件内容重点解析 Desktop Entry 的文件结构。读者可以从中深入领会上述各条语句的具体含义。3.Desktop Entry 文件结构Desktop Entry 文件通常以字符串"[Desktop Entry]"开始。由清单 1 可以得知,Desktop Entry 文件的内容是由若干{关键字,数值}配对的 Entry 组成的。例如,"Version"就是一个关键字,关键字"Version"对应的数值是"1.0"。Desktop Entry 文件标准定义了一系列标准关键字。标准关键字分为必选和可选两种:必选标准关键字必须在 .desktop 文件中被定义;而可选关键字则不必。以下是对重点关键字的解析。关键字"Version":[可选]
该数值指定了当前 Desktop Entry 文件所遵循的 Desktop Entry 文件标准版本。关键字"Encoding":[1.0 版本不推荐使用]
该数值指定了当前 Desktop Entry 文件中特定字符串所使用的编码方式。尽管Desktop Entry 文件标准 1.0 不再推荐使用该关键字,但由于历史原因该关键字仍然广泛出现在现有的 Desktop Entry 文件中。关键字"Name":[必选]
该数值指定了相关应用程序的名称。比如在清单1中关键字"Name"的数值是"Quick Start Tour"。打开文件浏览器,进入"/usr/share/applications"目录,就可以看见"cbt.desktop"文件所定义的快捷方式的显示样式,如图2所示。其中,快捷方式的显示名称由关键字"Name"的数值所决定,快捷方式所使用的图标由下文中将要介绍的关键字"Icon"的数值来决定。当然,这些定义在应用程序浏览器中同样适用,请参考图3。
"cbt.desktop"文件在文件浏览器中的显示样式关键字"GenericName":[可选]
该数值指定了相关应用程序的通用名称。比如在清单1中关键字"GenericName"的数值是"User Tutorial"。打开应用程序浏览器,就可以看见字符串"User Tutorial"被显示在图标的右侧,如图3所示:图3
"cbt.desktop"文件在应用程序浏览器中的显示样式关键字"Comment":[可选]
该数值是对当前Desktop Entry的简单描述。关键字"Type":[必选]
关键字"Type"定义了Desktop Entry文件的类型。常见的"Type"数值是"Application"和"Link"。"Type = Application"表示当前Desktop Entry文件指向了一个应用程序;而"Type = Link"表示当前Desktop Entry文件指向了一个URL (Uniform Resource Locator)。关键字"Exec":[可选]
关键字"Exec"只有在"Type"类型是"Application"时才有意义。"Exec"的数值定义了启动指定应用程序所要执行的命令,在此命令是可以带参数的。在本例中,关键字"Exec"的数值是字符串"gnome-open /usr/share/doc/manual/sled-gnome-cbt_en/index.html"。在shell中输入该字符串并按回车键同样可以启动指定应用程序。关键字"URL":[可选]
关键字"URL"只有在"Type"类型是"Link"时才有意义。"URL"的数值定义了该Desktop Entry文件指向的URL。例如:清单2
"Type = Link"类型Desktop Entry文件示例Type = Link
URL = /developerworks
双击含有上述内容的Desktop Entry文件将启动web浏览器,并打开指定网页"",运行结果请参考图4。关键字"Icon":[可选]
该数值定义了当前Desktop Entry文件在应用程序浏览器或是在文件浏览器中所显示的图标。如果关键字"Icon"的数值是以绝对路径的格式给出,那么其数值所指定图标文件将被使用;反之,Linux系统将使用"Icon Theme Specification"[2]在系统指定图标目录下定位所需要使用的图标文件。比如在本例中关键字"Icon"的数值是"cbt",它实际对应着系统指定图标目录下的图片文件"cbt.png" 。该图片作为图标的显示效果如图2,图3所示。关键字"StartupNotify":[可选]
关键字"StartupNotify"的数值是布尔值(true 或是 false)。该关键字只有在"Type"类型是"Application"时才有意义。其数值的含义由规范"Startup Notification Protocol Specifications"[3]定义,在此不再详述。关键字"Terminal":[可选]
和"StartupNotify"一样,关键字"StartupNotify"的数值也是布尔值,并且该关键字只有在"Type"类型是"Application"时才有意义。其数值指出了相关应用程序(即关键字"Exec"的数值)是否需要在终端窗口中运行。本文将在下一节中给出关键字"Terminal"的具体使用方法。关键字"Categories":[可选]
关键字"Categories"只有在"Type"类型是"Application"时才有意义。"Categories"的数值指出了相关应用程序在菜单中显示的类别。具体菜单分类由规范"Desktop Specification Menu"具体定义[4]。关键字"OnlyShowIn"和"NotShowIn":[可选]
这两个关键字分别定义了当前Desktop Entry是否在特定Linux 桌面系统(例如:Linux GNOME 或 Linux KDE)下显示(由"OnlyShowIn"定义),或不显示(由"NotShowIn"定义)。具体定义请参考"Desktop Specification Menu"[4]。关键字"X-SuSE-translate":[SUSE Linux特有]
关键字"X-SuSE-translate"是SUSE Linux()特有的。"X-SuSE-translate"符合SUSE RPM Package风格。"X-SuSE-translate"数值表示是否要对关键字"Name"和"GenericName"进行翻译。详情请参考"SUSE Package Conventions"[5]。本地化关键字"[LOCALE]"
根据"Desktop Entry Specification"规范[1],在关键字后加上字符串"[LOCALE]"就可以对该关键字进行特定的本地化定义。"LOCALE"的合法取值为:LOCALE= lang_COUNTRY.ENCODING@MODIFIER
在此,域"_COUNTRY",".ENCODING"和"@MODIFIER"是可以被忽略的。当指定Desktop Entry文件被解析时,解析器应当根据当前POSIX locale来正确获取本地化的关键字数值。例如清单1就分别定义了在"cs"和"hu"语言环境下关键字"Name","Comment"和"GenericName"的不同数值。其余关键字
除了上述在清单1中出现的关键字外,"Desktop Entry Specification"还定义了"Hidden","TryExec","MimeType"等可选关键字。用户可以根据需要进行选取。4.分析运行 Desktop Entry 文件Desktop Entry文件是一种常见的Linux文件格式,很多Linux程序需要对该种文件提供支持。在此,本文给出分析运行 Desktop Entry 文件的基本编成思路。4.1
分析 Desktop Entry 文件内容操作 Desktop Entry 文件的第一步是获取文件的内容。假设有一 Desktop Entry 文件,其路径信息存储在变量 pPath 中:const char* pP下列代码将把该文件内容读入内存"buffer"中。清单3
读取 Desktop Entry 文件内容int file_size = 0;
char *file_contents = NULL;
char *buffer = NULL;
if( eel_read_entire_file ( pPath, &file_size, &file_contents ) == GNOME_VFS_OK )
buffer = (char *)g_realloc ( file_contents, file_size + 1 );
buffer[file_size] = '\0';
}获取 Desktop Entry 文件内容后,就可进一步分析文件内容。在此,分析的重点是获取关键字"Type","Exec"/"URL",以及"Terminal"的数值。首先定义结构 DestopEntryType:清单4
DestopEntryType 结构定义enum DestopEntryType
Application, // Type = Application
// Type = Link
};下列程序将提取关键字"Type","Exec"/"URL"和"Terminal"的数值,并把这些数值分别存储在变量"type","uri"和"bTerminal"中。清单5
获取关键字"Type","Exec"/"URL",以及"Terminal"数值DestopEntryType type = U
char *uri = NULL;
bool bTerminal =
GnomeDesktopItem *desktop_
desktop_file = gnome_desktop_item_new_from_string( NULL, buffer, file_size,
(GnomeDesktopItemLoadFlags)0, NULL );
if ( !desktop_file )
g_free( buffer );
const char *strType = gnome_desktop_item_get_string( desktop_file, "Type" );
if ( !strType )
g_free( buffer );
gnome_desktop_item_unref ( desktop_file );
if ( 0 == strcmp( strType, "Application" ) )
//type = Application
const char *exec_str = gnome_desktop_item_get_string( desktop_file, "Exec" );
if( !exec_str )
g_free( buffer );
gnome_desktop_item_unref( desktop_file );
uri = g_strdup( exec_str );
const char *strTerminal = gnome_desktop_item_get_string( desktop_file, "Terminal" );
if ( strTerminal )
if ( 0 == strcmp( "true", strTerminal ) )
bTerminal =
bTerminal =
else if(strcmp(strType, "Link") == 0)
//type = Link
uri = g_strdup( gnome_desktop_item_get_string( desktop_file, "URL" ) );
g_free( buffer );
gnome_desktop_item_unref( desktop_file );<h3 id="N1
运行"Type = Application"类型Desktop Entry文件有了关键字"Type","Exec"和"Terminal"的数值,就可如下运行Desktop Entry文件。清单6
运行"Type = Application"类型Desktop Entry文件if ( type == Application )
if( bTerminal )
eel_gnome_open_terminal_on_screen( uri, NULL );
eel_gnome_shell_execute_on_screen( uri, NULL);
g_free( uri );
}<h3 id="N1
运行"Type = Link"类型Desktop Entry文件有了关键字"Type","URL"和"Terminal"的数值,就可如下运行Desktop Entry文件。清单7
运行"Type = Link"类型Desktop Entry文件if ( type == Link )
gnome_url_show( uri, NULL );
g_free( uri );
}5.创建Desktop Entry文件实例在这部分中,本文将给出创建Desktop Entry文件的两个具体实例。这两个实例的目标都是要创建自动访问IBM DeveloperWorks网站的快捷方式,具体运行结果如图4所示。这两个实例将使用不同的方法实现这一目标。第一个实例将创建的文件类型是"Application"的Desktop Entry文件"VisitDeveloperWorks-Application.desktop";第二个实例将创建的文件类型是"Link" 的Desktop Entry文件"VisitDeveloperWorks-Link.desktop"。图4
"VisitDeveloperWorks-Application.desktop" / "VisitDeveloperWorks-Link.desktop"运行结果<h3 id="N1
创建"Type = Application"Desktop Entry文件实例假设系统指定图标目录下存有图片文件"gaim.png" 。如图5所示编辑文件"VisitDeveloperWorks-Application.desktop",并把结果存于"/usr/share/applications/"目录下。图5
"VisitDeveloperWorks-Application.desktop"文件内容该文件的核心内容是将应用程序图标设置为"gaim.png"文件,将Desktop Entry文件的类型设置为"Application",并将应用程序所要执行的命令设置为"firefox /developerworks"。编辑完成后,在文件浏览器和应用程序浏览器下(如图6所示)就可以看见该实例的显示样式。图6
"VisitDeveloperWorks-Application.desktop"文件在应用程序浏览器中的显示样式<h3 id="N1
创建"Type = Link"Desktop Entry文件实例对上述"VisitDeveloperWorks-Application.desktop"文件进行如图7所示的修改,并将文件更名为"VisitDeveloperWorks-Link.desktop",保存于"/usr/share/applications/"目录下。图7
"VisitDeveloperWorks-Link.desktop"文件内容该文件的核心内容是将 Desktop Entry 文件的类型设置为"Link",并将 Desktop Entry 文件指向的 URL 设置为"/developerworks"。编辑完成后,在文件浏览器下(如图8所示)就可以看见该实例的显示样式。值得注意的是,由于该实例并不是一个应用程序,因此在应用程序浏览器下是看不到相应快捷方式的。图8
"VisitDeveloperWorks-Link.desktop"文件在文件浏览器中的显示样式6.结束语Desktop Entry文件是Linux KDE 和Linux GNOME桌面系统中标准的程序启动配置描述方式。本文对该文件格式的定义和应用进行了深入的探讨。欲求更详细的使用和编程信息,请查找相关参考文献。
参考资料 [1] ""。[2] ""。[3] ""。[4] ""。[5] ""。
developerWorks: 登录
标有星(*)号的字段是必填字段。
保持登录。
单击提交则表示您同意developerWorks 的条款和条件。 查看条款和条件。
在您首次登录 developerWorks 时,会为您创建一份个人概要。您的个人概要中的信息(您的姓名、国家/地区,以及公司名称)是公开显示的,而且会随着您发布的任何内容一起显示,除非您选择隐藏您的公司名称。您可以随时更新您的 IBM 帐户。
所有提交的信息确保安全。
选择您的昵称
当您初次登录到 developerWorks 时,将会为您创建一份概要信息,您需要指定一个昵称。您的昵称将和您在 developerWorks 发布的内容显示在一起。昵称长度在 3 至 31 个字符之间。
您的昵称在 developerWorks 社区中必须是唯一的,并且出于隐私保护的原因,不能是您的电子邮件地址。
标有星(*)号的字段是必填字段。
(昵称长度在 3 至 31 个字符之间)
单击提交则表示您同意developerWorks 的条款和条件。 .
所有提交的信息确保安全。
文章、教程、演示,帮助您构建、部署和管理云应用。
立即加入来自 IBM 的专业 IT 社交网络。
为灾难恢复构建应用,赢取现金大奖。
static.content.url=/developerworks/js/artrating/SITE_ID=10Zone=LinuxArticleID=240156ArticleTitle=Linux Desktop Entry 文件深入解析publish-date=特洛伊木马,真是变态...
瑞星卡卡安全论坛
dfspcglwyh -
12:48:00用木马分析专家2007查出来的,没有注册,只能查不能杀...C:\WINDOWS\lib& && & & & & & & & & & &
TrojanWB/Kkw.237C:\WINDOWS\SET3.tmp& && & & & & & & TrojanWB/Kkw.30C:\WINDOWS\SET3.tmp& && & & & & & & TrojanWB/Kkw.265C:\WINDOWS\Downloaded Program Files\lianzhong_cns.exe& & Adware/Yahoo.Setup1C:\WINDOWS\Downloaded Program Files\lianzhong_yassist.exe& & Adware/Yahoo.Setup1C:\WINDOWS\Syssj2\Ghook.dll& && & & & & & &
Trojan/PSW.QQpass.vjC:\WINDOWS\Syssj2\svchost.exe& && & & Trojan/Download.Small.eC:\WINDOWS\system32\39B9082C.DLL& && & & Trojan/Ke.梒廳C:\WINDOWS\system32\7C36848.DLL& && & & Trojan/Ke.??C:\WINDOWS\system32\BDGuard.DAT& && & & TrojanBW/Dd.1451C:\WINDOWS\system32\BDGuardS.DAT& && & & TrojanBW/Dd.157C:\WINDOWS\system32\cid_store.dat& && & & TrojanBW/Dd.936C:\WINDOWS\system32\CoMGP32Log.DLL& && & & TrojanBW/Dd.293C:\WINDOWS\system32\GLIEDown2.dll& && & & TrojanWB/Zzv.21C:\WINDOWS\system32\iexp_log.txt& && & & TrojanWB/Kks.1041C:\WINDOWS\system32\KakaTool.dll& && & & TrojanWB/Zzv.5C:\WINDOWS\system32\msccrt.dll& && & & TrojanWB/Zzw.1015C:\WINDOWS\system32\Music_ktv_srv.exe& &
Trojan/BHO.JumpDEC:\WINDOWS\system32\nk.exe& && & & Trojan/Ke.盻?C:\WINDOWS\system32\nortons.dll& && & & Trojan/ROnLine.12288dC:\WINDOWS\system32\Vfp6run.exe& && & & TrojanWB/Kks.1334C:\WINDOWS\system32\drivers\BDGuard.SYS& & TrojanWB/Kkws.310C:\WINDOWS\system32\drivers\ohpjofpc.sys& & TrojanWB/Zzv.214C:\WINDOWS\system32\drivers\U3sHlpDr.sys& & TrojanBW/Dd.114C:\WINDOWS\system32\stsys\Config.ini& && & & TrojanWB/Kkws.401C:\WINDOWS\Syswm3\Ghook.dll& & & & & & Trojan/PSW.QQpass.vjC:\WINDOWS\Syswm3\svchost.exe& & Trojan/Download.Small.eC:\WINDOWS\Tasks\AppleSoftwareUpdate.job& & System/Unknow变419C:\WINDOWS\Tasks\{DE-4E19-9DA0-A3DB538E63E1}_F1C2177CBBD44C3_dfspc.job& & System/Unknow变742我在今天上午9点6分发的贴子,斑竹让我在安全模式用冰刃试试,试完了用木马分析专家一扫描,竟然又出现了这么多新木马,我就纳闷了,这木马也是程序啊,怎么就这么顽固啊,晕晕晕,忽忽
12:53:00请下载SREng(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。下载地址/sreng/sreng2.zip
dfspcglwyh -
13:09:00在安全模式下的扫描日志:[CODE],12:45:40System Repair Engineer 2.4.12.806Smallfrogs ()Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中:& & 所有的启动项目(包括注册表、启动文件夹、服务等)& & 浏览器加载项& & 正在运行的进程(包括进程模块信息)& & 文件关联& & Winsock 提供者& & Autorun.inf& & HOSTS 文件启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&& [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &load&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& & &IMJPMIG8.1&&"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32&& [(Verified)Microsoft Windows Publisher]& & &PHIME2002ASync&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&& [(Verified)Microsoft Windows Publisher]& & &PHIME2002A&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&& [(Verified)Microsoft Windows Publisher]& & &SoundMan&&SOUNDMAN.EXE&& [(Verified)Microsoft Windows Hardware Compatibility Publisher]& & &ISUSScheduler&&"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start&& [InstallShield Software Corporation]& & &TkBellExe&&"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"& -osboot&& [(Verified)"RealNetworks, Inc."]& & &PCSuiteTrayApplication&&C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup&& [Nokia]& & &freekav&&C:\Program Files\木马分析专家\freekav.mmd&& [水晶情缘工作室][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &shell&&Explorer.exe&& [(Verified)Microsoft Windows Publisher]
dfspcglwyh -
13:10:00&Userinit&&C:\WINDOWS\system32\userinit.exe,&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &AppInit_DLLs&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &UIHost&&logonui.exe&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]& & &WinlogonNotify: ScCertProp&&wlnotify.dll&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]& & &WinlogonNotify: termsrv&&wlnotify.dll&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /HideWMP&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&& [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Control Panel\Desktop]& & &SCRNSAVE.EXE&&%SystemRoot%\System32\logon.scr&& [(Verified)Microsoft Windows Publisher]==================================启动文件夹[Adobe Gamma Loader]& &C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --& C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]&&N&[AutoCAD 启动加速器]& &C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --& C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]&&N&[Microsoft Office]& &C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --& C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]&&N&[服务管理器]& &C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --& C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]&&N&
dfspcglwyh -
13:10:00服务[ASP.NET State Service / aspnet_state][Stopped/Manual Start]& &C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe&&Microsoft Corporation&[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]& &"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"&&Autodesk&[Google Updater Service / gusvc][Stopped/Manual Start]& &"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"&&Google&[Human Interface Device Access / HidServ][Stopped/Disabled]& &C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&[iPod 服务 / iPod Service][Stopped/Manual Start]& &"C:\Program Files\iPod\bin\iPodService.exe"&&N/A&[MSSQL$CFIT808 / MSSQL$CFIT808][Stopped/Auto Start]& &C:\Program Files\Microsoft SQL Server\MSSQL$CFIT808\Binn\sqlservr.exe -sCFIT808&&Microsoft Corporation&[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]& &C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe&&Microsoft Corporation&[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]& &"C:\Program Files\Rising\Rav\CCenter.exe"&&Beijing Rising Technology Co., Ltd.&[RsRavMon Service / RsRavMon][Stopped/Auto Start]& &"C:\Program Files\Rising\Rav\Ravmond.exe"&&Beijing Rising Technology Co., Ltd.&[ServiceLayer / ServiceLayer][Stopped/Manual Start]& &"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"&&Nokia.&[SQLAgent$CFIT808 / SQLAgent$CFIT808][Stopped/Manual Start]& &C:\Program Files\Microsoft SQL Server\MSSQL$CFIT808\Binn\sqlagent.EXE -i CFIT808&&Microsoft Corporation&[Ulead Burning Helper / UleadBurningHelper][Stopped/Auto Start]& &C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe&&Ulead Systems, Inc.&==================================
dfspcglwyh -
13:11:00驱动程序[Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]& &system32\drivers\ALCXSENS.SYS&&Sensaura Ltd&[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]& &system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]& &System32\DRIVERS\AvgAsCln.sys&&GRISOFT, s.r.o.&[BdGuard / BdGuard][Running/Boot Start]& &\SystemRoot\system32\drivers\BDGuard.SYS&&&[Cdsys / Cdsys][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\cdcd.sys&&N/A&[hookreg / hookreg][Stopped/Manual Start]& &\??\C:\Program Files\Rising\Rav\hookreg.sys&&&[HSFHWBS2 / HSFHWBS2][Stopped/Manual Start]& &system32\DRIVERS\HSFBS2S2.sys&&Conexant Systems, Inc.&[HSF_DP / HSF_DP][Stopped/Manual Start]& &system32\DRIVERS\HSFDPSP2.sys&&Conexant Systems, Inc.&[mdmxsdk / mdmxsdk][Stopped/Auto Start]& &system32\DRIVERS\mdmxsdk.sys&&Conexant&[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]& &system32\drivers\nmwcdc.sys&&Nokia&[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]& &system32\drivers\nmwcdcm.sys&&Nokia&[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]& &system32\drivers\nmwcd.sys&&Nokia&[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]& &system32\drivers\nmwcdcj.sys&&Nokia&[npkcrypt / npkcrypt][Stopped/Auto Start]& &\??\D:\网络\qq\npkcrypt.sys&&INCA Internet Co., Ltd.&[nv / nv][Stopped/System Start]& &system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&[ohpjofpc / ohpjofpc][Stopped/Boot Start]& &\SystemRoot\\SystemRoot\System32\drivers\ohpjofpc.sys&&N/A&[Padus ASPI Shell / pfc][Running/Manual Start]& &system32\drivers\pfc.sys&&Padus, Inc.&[StarForce Protection Environment Driver v6 / prodrv06][Stopped/System Start]& &\SystemRoot\System32\drivers\prodrv06.sys&&Protection Technology&[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]& &\SystemRoot\System32\drivers\prohlp02.sys&&Protection Technology&[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]& &\SystemRoot\System32\drivers\prosync1.sys&&Protection Technology&[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]& &system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]& &\SystemRoot\system32\drivers\RsBoot.sys&&Beijing Rising&[RsNTGDI / RsNTGDI][Running/Boot Start]& &\SystemRoot\system32\Drivers\RsNTGdi.sys&&Beijing Rising Technology Co., Ltd.&[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]& &system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&[Secdrv / Secdrv][Stopped/Manual Start]& &system32\DRIVERS\secdrv.sys&&N/A&[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]& &\SystemRoot\System32\drivers\sfhlp01.sys&&Protection Technology&[SiS AGP Filter / SISAGP][Running/Boot Start]& &\SystemRoot\system32\DRIVERS\SISAGPX.sys&&Silicon Integrated Systems Corporation&[SiSide / SiSide][Running/Boot Start]& &\SystemRoot\system32\DRIVERS\siside.sys&&Silicon Integrated Systems Corp.&[sisidex / sisidex][Running/Boot Start]& &\SystemRoot\system32\drivers\sisidex.sys&&Windows (R) 2000 DDK provider&[Add Performance Filter Driver / sisperf][Running/Boot Start]& &\SystemRoot\system32\drivers\sisperf.sys&&Silicon Integrated Systems Corp.&[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]& &system32\DRIVERS\SONYPVU1.SYS&&Sony Corporation&[Wordcraft Parallel Driver / WILPAR][Stopped/Auto Start]& &\SystemRoot\System32\Drivers\WILPAR.SYS&&Wordcraft International Ltd.&[winachsf / winachsf][Stopped/Manual Start]& &system32\DRIVERS\HSFCXTS2.sys&&Conexant Systems, Inc.&==================================
dfspcglwyh -
13:11:00浏览器加载项[]& {0005A87C-D626-4B3A-84F9-1D} &D:\网络\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD&[MemoryManager Class]& {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} &C:\WINDOWS\cytdcli.dll, N/A&[BandIE Class]& {77FEF28E-EB96-44FF-B511-3185DEA48697} &C:\PROGRA~1\baidu\bar\baidubar.dll, , Inc.&[Google Toolbar Helper]& {AA58ED58-01DD-4d91-8333-CF} &c:\program files\google\googletoolbar3.dll, Google Inc.&[启动迅雷5]& {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &D:\网络\迅雷\Thunder.exe, Thunder Networking Technologies,LTD&[豪杰超级解霸9]& {367E0A21-C9A-153BF5ACA118} &D:\工具\v9.41\STHSDVD.EXE, herosoft&[QQ]& {c95fe080-8f5d-11d2-a20b-00aa003c157b} &D:\网络\qq\QQ.EXE, TENCENT&[Messenger]& {FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation&[百度超级搜霸]& {B580CF65-E151-49C3-B73F-70B13FCA8E86} &C:\PROGRA~1\baidu\bar\baidubar.dll, , Inc.&[&Google]& {--9B18-CD4F} &c:\program files\google\googletoolbar3.dll, Google Inc.&[卡卡上网安全助手]& {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &C:\WINDOWS\system32\KakaTool.dll, N/A&==================================正在运行的进程[PID: 148][\SystemRoot\System32\smss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 204][\??\C:\WINDOWS\system32\csrss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 716][C:\WINDOWS\Explorer.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\AcSignIcon.dll]& [Autodesk, 16.2.54.0]& & [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]& [Autodesk, 16.2.54.0][PID: 812][G:\影视\zuixin\sreng2\SREng.EXE]& [Smallfrogs Studio, 2.4.12.806]==================================文件关联.TXT& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE& OK. ["%1" %*].COM& OK. ["%1" %*].PIF& OK. ["%1" %*].REG& OK. [regedit.exe "%1"].BAT& OK. ["%1" %*].SCR& OK. ["%1" /S].CHM& Error. ["hh.exe" %1].HLP& OK. [%SystemRoot%\System32\winhlp32.exe %1].INI& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS&
OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK& OK. [{0-}]==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件127.0.0.1& & &
localhost==================================API HOOKN/A==================================隐藏进程N/A==================================[/CODE]
dfspcglwyh -
13:13:00各位老大,帮我查查,把他们彻底解决,我头都大了好几圈,实在是没辙了.
新版小欧 -
13:17:00进程日志不全~
dfspcglwyh -
13:21:00少等,我可能删病毒的时候,把什么文件删了,*.txt的文件打不开,我用word打开的,我再查一查,看缺什么
dfspcglwyh -
13:36:00老大,我重新进了一下安全模式又扫描了一遍,再帮我看看:,13:14:20System Repair Engineer 2.4.12.806Smallfrogs ()Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中:所有的启动项目(包括注册表、启动文件夹、服务等)浏览器加载项正在运行的进程(包括进程模块信息)文件关联Winsock 提供者Autorun.infHOSTS 文件启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run](ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows](load)() [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run](IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher](PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher](PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher](SoundMan)(SOUNDMAN.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher](ISUSScheduler)("C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start) [InstallShield Software Corporation](TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [(Verified)"RealNetworks, Inc."](PCSuiteTrayApplication)(C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup) [Nokia](freekav)(C:\Program Files\木马分析专家\freekav.mmd) [水晶情缘工作室][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon](shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher](Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows](AppInit_DLLs)() [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon](UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp](WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv](WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-e95}](Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /HideWMP) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-C90347FF}MICROS](浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}](Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Control Panel\Desktop](SCRNSAVE.EXE)(%SystemRoot%\System32\logon.scr) [(Verified)Microsoft Windows Publisher]--------------------------------------------------------------------------------启动文件夹[Adobe Gamma Loader](C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --) C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.])(N)[AutoCAD 启动加速器](C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --) C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc])(N)[Microsoft Office](C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --) C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation])(N)[服务管理器](C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --) C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation])(N)
dfspcglwyh -
13:38:00服务[ASP.NET State Service / aspnet_state][Stopped/Manual Start](C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe)(Microsoft Corporation)[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]("C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe")(Autodesk)[Google Updater Service / gusvc][Stopped/Manual Start]("C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe")(Google)[Human Interface Device Access / HidServ][Stopped/Disabled](C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)[iPod 服务 / iPod Service][Stopped/Manual Start]("C:\Program Files\iPod\bin\iPodService.exe")(N/A)[MSSQL$CFIT808 / MSSQL$CFIT808][Stopped/Auto Start](C:\Program Files\Microsoft SQL Server\MSSQL$CFIT808\Binn\sqlservr.exe -sCFIT808)(Microsoft Corporation)[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start](C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe)(Microsoft Corporation)[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)[RsRavMon Service / RsRavMon][Stopped/Auto Start]("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)[ServiceLayer / ServiceLayer][Stopped/Manual Start]("C:\Program Files\PC Connectivity Solution\ServiceLayer.exe")(Nokia.)[SQLAgent$CFIT808 / SQLAgent$CFIT808][Stopped/Manual Start](C:\Program Files\Microsoft SQL Server\MSSQL$CFIT808\Binn\sqlagent.EXE -i CFIT808)(Microsoft Corporation)[Ulead Burning Helper / UleadBurningHelper][Stopped/Auto Start](C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe)(Ulead Systems, Inc.)--------------------------------------------------------------------------------驱动程序[Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start](system32\drivers\ALCXSENS.SYS)(Sensaura Ltd)[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start](system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start](System32\DRIVERS\AvgAsCln.sys)(GRISOFT, s.r.o.)[BdGuard / BdGuard][Running/Boot Start](\SystemRoot\system32\drivers\BDGuard.SYS)()[Cdsys / Cdsys][Stopped/Manual Start](\??\C:\WINDOWS\system32\cdcd.sys)(N/A)[hookreg / hookreg][Stopped/Manual Start](\??\C:\Program Files\Rising\Rav\hookreg.sys)()[HSFHWBS2 / HSFHWBS2][Stopped/Manual Start](system32\DRIVERS\HSFBS2S2.sys)(Conexant Systems, Inc.)[HSF_DP / HSF_DP][Stopped/Manual Start](system32\DRIVERS\HSFDPSP2.sys)(Conexant Systems, Inc.)[mdmxsdk / mdmxsdk][Stopped/Auto Start](system32\DRIVERS\mdmxsdk.sys)(Conexant)[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start](system32\drivers\nmwcdc.sys)(Nokia)[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start](system32\drivers\nmwcdcm.sys)(Nokia)[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start](system32\drivers\nmwcd.sys)(Nokia)[Nokia USB Port / Nokia USB Port][Stopped/Manual Start](system32\drivers\nmwcdcj.sys)(Nokia)[npkycryp / npkycryp][Stopped/Manual Start](\??\D:\网络\qq\npkycryp.sys)(N/A)[nv / nv][Stopped/System Start](system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)[ohpjofpc / ohpjofpc][Stopped/Boot Start](\SystemRoot\\SystemRoot\System32\drivers\ohpjofpc.sys)(N/A)[Padus ASPI Shell / pfc][Running/Manual Start](system32\drivers\pfc.sys)(Padus, Inc.)[StarForce Protection Environment Driver v6 / prodrv06][Stopped/System Start](\SystemRoot\System32\drivers\prodrv06.sys)(Protection Technology)[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start](\SystemRoot\System32\drivers\prohlp02.sys)(Protection Technology)[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start](\SystemRoot\System32\drivers\prosync1.sys)(Protection Technology)[Direct Parallel Link Driver / Ptilink][Running/Manual Start](system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)[RsAntiSpyware / RsAntiSpyware][Running/Boot Start](\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising)[RsNTGDI / RsNTGDI][Running/Boot Start](\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start](system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)[Secdrv / Secdrv][Stopped/Manual Start](system32\DRIVERS\secdrv.sys)(N/A)[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start](\SystemRoot\System32\drivers\sfhlp01.sys)(Protection Technology)[SiS AGP Filter / SISAGP][Running/Boot Start](\SystemRoot\system32\DRIVERS\SISAGPX.sys)(Silicon Integrated Systems Corporation)[SiSide / SiSide][Running/Boot Start](\SystemRoot\system32\DRIVERS\siside.sys)(Silicon Integrated Systems Corp.)[sisidex / sisidex][Running/Boot Start](\SystemRoot\system32\drivers\sisidex.sys)(Windows (R) 2000 DDK provider)[Add Performance Filter Driver / sisperf][Running/Boot Start](\SystemRoot\system32\drivers\sisperf.sys)(Silicon Integrated Systems Corp.)[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start](system32\DRIVERS\SONYPVU1.SYS)(Sony Corporation)[Wordcraft Parallel Driver / WILPAR][Stopped/Auto Start](\SystemRoot\System32\Drivers\WILPAR.SYS)(Wordcraft International Ltd.)[winachsf / winachsf][Stopped/Manual Start](system32\DRIVERS\HSFCXTS2.sys)(Conexant Systems, Inc.)
dfspcglwyh -
13:40:00浏览器加载项[]{0005A87C-D626-4B3A-84F9-1D} (D:\网络\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD)[MemoryManager Class]{2CE7166E-8BBA-4E76-BA7E-02AB3C573011} (C:\WINDOWS\cytdcli.dll, N/A)[BandIE Class]{77FEF28E-EB96-44FF-B511-3185DEA48697} (C:\PROGRA~1\baidu\bar\baidubar.dll, , Inc.)[Google Toolbar Helper]{AA58ED58-01DD-4d91-8333-CF} (c:\program files\google\googletoolbar3.dll, Google Inc.)[启动迅雷5]{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (D:\网络\迅雷\Thunder.exe, Thunder Networking Technologies,LTD)[豪杰超级解霸9]{367E0A21-C9A-153BF5ACA118} (D:\工具\v9.41\STHSDVD.EXE, herosoft)[QQ]{c95fe080-8f5d-11d2-a20b-00aa003c157b} (D:\网络\qq\QQ.EXE, TENCENT)[Messenger]{FB5Fd2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)[百度超级搜霸]{B580CF65-E151-49C3-B73F-70B13FCA8E86} (C:\PROGRA~1\baidu\bar\baidubar.dll, , Inc.)[&Google]{--9B18-CD4F} (c:\program files\google\googletoolbar3.dll, Google Inc.)[卡卡上网安全助手]{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\KakaTool.dll, N/A)--------------------------------------------------------------------------------正在运行的进程[PID: 380][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 440][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 464][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)][C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINSCARD.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\wlnotify.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1. (xpsp.9)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\wldap32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 4.258][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 4.258][C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 508][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)]
13:40:00参照处理/topic.asp?board=67&artid=8193879还是把防火墙安上吧,加载自定义规则.规则上杭州自愿者论坛下载,这东西有口碑.
dfspcglwyh -
13:42:00[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SCESRV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0][C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\secur32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\eventlog.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 520][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LSASRV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\SAMSRV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\cryptdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msprivs.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kerberos.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\netlogon.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\w32time.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0][C:\WINDOWS\system32\schannel.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\wdigest.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1. (xpsp.9)][C:\WINDOWS\system32\setupapi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\scecli.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1440][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
dfspcglwyh -
13:43:00[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 4.258][C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 4.258][C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0][C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEACC.dll] [Microsoft Corporation, 4.2.5406.0 (xpclient.8)][C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0][C:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\themeui.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284][C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LINKINFO.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntshrui.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\Program Files\木马分析专家\hyMenu.dll] [水晶情缘工作室, 2007.00][C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690][C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8988][C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 3.0.][C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msutb.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\drprov.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\ntlanman.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\NETUI0.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\NETUI1.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\NETRAP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\davclnt.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)][C:\WINDOWS\system32\MLANG.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0][PID: 1692][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSUTB.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1724][G:\影视\zuixin\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806][C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.8)][C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.][C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)]
dfspcglwyh -
13:43:00[C:\WINDOWS\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1221][C:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Sensapi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\wsock32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\RASAPI32.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rasman.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\TAPI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1. (xpsp.9)][G:\影视\zuixin\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]--------------------------------------------------------------------------------文件关联.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE OK. ["%1" %*].COM OK. ["%1" %*].PIF OK. ["%1" %*].REG OK. [regedit.exe "%1"].BAT OK. ["%1" %*].SCR OK. ["%1" /S].CHM Error. ["hh.exe" %1].HLP OK. [%SystemRoot%\System32\winhlp32.exe %1].INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK OK. [{0-}]--------------------------------------------------------------------------------Winsock 提供者N/A--------------------------------------------------------------------------------Autorun.infN/A--------------------------------------------------------------------------------HOSTS 文件127.0.0.1 localhost--------------------------------------------------------------------------------API HOOKN/A--------------------------------------------------------------------------------隐藏进程N/A
dfspcglwyh -
13:45:00老大,这下全了,再帮我看看,刚才不好意思了,太心急了
13:48:00杀软了吗,怎么看着像裸奔呢
dfspcglwyh -
13:52:00我开着瑞星呢,只不过监控图表是黄色而不是绿色的..
13:54:00修复一下,如果不行卸载重新安装.不是用光盘啊,是上网站下个安装包,省着升级了.
新版小欧 -
13:58:00不知道下面这些文件有没有问题,等猫叔再看看吧,要是按猫叔的办法还不行,偶也米办法.[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)][C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1. (xpsp_sp2_gdr.2)]C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.80 (xpsp_sp2_rtm.8)
dfspcglwyh -
13:59:00我现在瑞星软件已经更新到19.18.12版本了,只不过从近两天发现木马了以后,监控程序不能自己启动了,我手动打开监控程序,监控图标也是黄色的.我再重新装一下
dfspcglwyh -
14:02:00好的,谢谢啦,等猫叔来了,麻烦您提醒他一下让他帮忙给看看
dfspcglwyh -
14:06:00另外,我想请教一下,联想商用机如何在DOS下格式化,我用format命令不行.还有,格式化了以后,是不是可以把木马清除掉
饭后点心 -
14:22:00如果你确定木马都在C盘下面,那你把C格了,也就基本没什么木马了.如果其他盘有下载器的话,就算你格了,只要你连网,就会自动下马的.还有,你的日志怎么那么长......
dfspcglwyh -
14:25:00我也搞不懂,现在机器木马没清除,系统文件倒是让我日了不少,忽忽
dfspcglwyh -
14:26:00我在D盘装着讯雷,是不是即便C盘格了,D盘仍旧会有,是不是指的这个意思,实在不行我把俩盘都格了,嘿嘿
过客2007 -
14:27:00引用:【dfspcglwyh的贴子】我也搞不懂,现在机器木马没清除,系统文件倒是让我日了不少,忽忽………………晕!啥事,别拿系统文件开刀哇!试试卡卡助手能不能发现一些可疑启动项?
dfspcglwyh -
14:36:00老大,我都搞了好几天了,怎么搞那些木马都像幽灵一样,杀不尽,赶不绝.
查看完整版本:
