这个BFAD的怎么样才算了解一个人啊?有了解的吗?
点击联系发帖人
时间:2015-12-16 07:16
查看: 2011|回复: 12
有什么方法知道svchost.exe有无被中马?
如题,最近发现这个进程时不时CPU占用100%
可以使用wsyscheck等工具查看它的注入情况
System Repair Engineer 2.6.10.990
Smallfrogs ()
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &SRS Audio Sandbox&&&C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe& /hideme&&&[SRS Labs, Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &NvMediaCenter&&RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &SoundMan&&SOUNDMAN.EXE&&&[Realtek Semiconductor Corp.]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe&&&&[(Verified)Kaspersky Lab]
& & &SecNotifier&&C:\Program Files\Sucop\SecPlugin\SecNotifier.exe&&&[超级巡警]
& & &Adobe Reader Speed Launcher&&&C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe&&&&[(Verified)&Adobe Systems, Incorporated&]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Kaspersky Internet Security / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe& -r&&Kaspersky Lab&
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
&&&C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
&&&system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
&&&\SystemRoot\system32\drivers\klbg.sys&&Kaspersky Lab&
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
&&&system32\DRIVERS\klfltdev.sys&&Kaspersky Lab&
[Kaspersky Lab Driver / KLIF][Running/System Start]
&&&system32\DRIVERS\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[nvata / nvata][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\nvata.sys&&NVIDIA Corporation&
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
&&&system32\DRIVERS\NVENETFD.sys&&NVIDIA Corporation&
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
&&&system32\DRIVERS\nvnetbus.sys&&NVIDIA Corporation&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[PxHelp20 / PxHelp20][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\PxHelp20.sys&&Sonic Solutions&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Running/Manual Start]
&&&system32\drivers\srs_sscfilter_i386.sys&&&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[畅游巡警]
&&{C2EB616C-BFB0-8F869A0E97} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[Web traffic protection statistics]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, Kaspersky Lab&
[IESecExtern Class]
&&{7B71B9D0-7A6B-4CD4-BFAD-AD9} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[畅游巡警]
&&{B057BF9C-55B4-4AA4-938A-FE} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated&
[Windows Genuine Advantage Validation Tool]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation&
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD&
[IE2EMUrlTaker Class]
&&{F-4CA0-B8CD-6F496C997FAF} &C:\Program Files\eMule\IE2EM.dll, &
[Shell Name Space]
&&{DE-11D1-B9F2-00A0C98BC547} &C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[XDRM]
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[MUWebControl Class]
&&{6E3D-4EE6-879C-DC1FA91D2FC3} &C:\WINDOWS\system32\muweb.dll, Microsoft Corporation&
[Microsoft Web Browser]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[XML DOM 文档 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XML DOM Document 6.0]
&&{88D96A05-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml6.dll, Microsoft Corporation&
[XML HTTP 6.0]
&&{88D96A0A-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml6.dll, Microsoft Corporation&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5).dll, ShenZhen Thunder Networking Technologies Ltd.&
[畅游巡警]
&&{B057BF9C-55B4-4AA4-938A-FE} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[畅游巡警]
&&{C2EB616C-BFB0-8F869A0E97} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[Adobe PDF Reader]
&&{CA8ACF-A24D-} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.&
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\macromed\flash\Flash.ocx, Adobe Systems, Inc.&
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[Thunder DapPlayer]
&&{EEDD6FF9-13DE-496B-9A1C-D78B} &d:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0..dll, ShenZhen Thunder Networking Technologies Ltd.&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(875).dll, Thunder&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[&添加到广告拦截器&]
&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A&
[使用迅雷下载]
&&&D:\Program Files\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\Program Files\Thunder\Program\getallurl.htm, N/A&
==================================
正在运行的进程
[PID: 876][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 932][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 956][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1000][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1012][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1160][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1208][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1256][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1596][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp.5)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 96]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 8.1.0.0]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]&&[Adobe Systems, Inc., 8.0.0.0]
& & [D:\backup\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1908][C:\WINDOWS\SOUNDMAN.EXE]&&[Realtek Semiconductor Corp., 5, 1, 0, 48]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1924][C:\Program Files\Sucop\SecPlugin\SecNotifier.exe]&&[超级巡警, 1, 0, 0, 7]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1944][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1984][C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe]&&[SRS Labs, Inc., 2.2.1.0]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 376][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp.2)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1896][C:\Documents and Settings\Administrator\桌面\sreng990\SREngLdr.EXE]&&[Smallfrogs Studio, 2.6.10.990]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1892][C:\Documents and Settings\Administrator\桌面\sreng990\SREea32bfed.EXE]&&[Smallfrogs Studio, 2.6.10.990]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & & about.blank.la
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.
127.0.0.1 gxgxy.net
127.0.0.1
127.0.0.
127.0.0.
127.0.0.
127.0.0.1
127.0.0.
127.0.0.1
127.0.0.
127.0.0.1 xxx.mmma.biz
127.0.0.1
127.0.0.1 yu.8s7.net
127.0.0.1
127.0.0.1 xxx.vh7.biz
127.0.0.1
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 956, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1908, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\SUCOP\SECPLUGIN\SECNOTIFIER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1984, C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1896, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG990\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
回复 4楼 v147369 的帖子
日志没看出异常。只开一卡巴呢,情况如何?
[ 本帖最后由 lztl2006 于
23:49 编辑 ]
先卸载超级巡警看看
日志看不出什么
用金山清理专家清理恶意软件
下载windows清理助手清理一遍
你关闭自动更新了么?
你关闭自动更新了么?
没有关闭自动更新。卡巴09的保护报告(正常?): 9:56:03& & & & 结果:已被允许: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown& & & & 程序:Generic Host Process for Win32 Services& & & & 操作:关闭 Windows& & & & & & & & 原因:KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,BFAD教你如何选择更好的人才
我有话说(0人参与)
每年的三月份都是很多企业的招聘旺季,找工作的人非常的多,很多企业的部门也在大力的尽行招聘工作,HR部门每天疯狂的筛简历、打电话,在三月份的招聘旺季,很多企业都想招到合适满意的人才,大家都一致的观点认为这个时间段找工作的人非常的多,肯定会有很有优秀的人才也在求职,但是我们常常忽略一个问题,有能力的有经验的,为什么会选择在这个集中的时间段换工作呢,既然有能力又有工作经验,他们什么时间换工作,很多企业都非常的愿意要,其实往往我们所说的旺季,无非就是一些跳槽专业户、职业求职者、一些没有工作经验的应届毕业生,这些难道就是我们企业所说的人才吗?下面BFAD告诉你如何选择正确的人才。首先,我们要进行总体的招聘计划。这项工作每个公司都在有,但是又有多少公司能正确的掌握,很多公司都处于计划赶不上变化的时候,不能做出很好的招聘计划,导致很多部门出现“运转不下去了”的情况发生。BFAD的年度招聘计划从来都不分淡旺季,我们按照我们各部门人员既定的目标,按照我们公司的最小建制标准找到我们需要的人才。而不是盲目的按照最大建制的招聘。其次,我们应该确定阶段性招聘重点。我们应该分出公司重点的岗位是什么,哪些人是我们目前需要的,哪些人可以现在先不要,先到多少人,后到多少人,最迟什么时间到岗,只有这样我们才能分轻重缓急。我们应该根据部门的需求随时的进行招聘条件的设置,发布的招聘消息最详细越准确越好,不要跟别的公司一样,因为每个企业有每个企业的岗位职责,工作内容肯定不一样。我们应该做到具体问题具体分析。最后,招聘渠道的运用。招聘局面打不开的原因往往是招聘渠道发生了阻塞,招聘的一项重要工作是如何寻找人才,寻找人才的关键无非在于渠道的选择。在当前各种渠道对每家企业都开放的情况下,没有哪一种渠道是绝对有效的,不能有“毕其功于一役”的心理。要善于运用招聘渠道的组合。
已有0条评论
沙发空缺中~~~~~
BFAD创意广告艺术总监Airsiren,针对互联网广告时代
创意犹如一滴清水,绝不可能从一池污水取出。当你要问BFAD为
广告策划案最先看到的是标题,不宜长也不宜短,最重要的是要提炼
Copyright BFAD Creation Worldwide inc. 2015
京ICP备号-11BFAD北影创意广告团队是怎样炼成的?_百度知道
BFAD北影创意广告团队是怎样炼成的?
提问者采纳
谓是一点一滴的历练出来的,过去的艰难困苦成就了今天的BFAD坚韧不拔,BFAD团队在最初是吃过很多苦头为此交过不少学费,每一个团队的成长都不是一帆风顺,相信BFAD明天会更好,一丝不苟的行事作风
提问者评价
其他类似问题
为您推荐:
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁}
有什么方法知道svchost.exe有无被中马?
如题,最近发现这个进程时不时CPU占用100%
可以使用wsyscheck等工具查看它的注入情况
System Repair Engineer 2.6.10.990
Smallfrogs ()
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &SRS Audio Sandbox&&&C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe& /hideme&&&[SRS Labs, Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &NvMediaCenter&&RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &SoundMan&&SOUNDMAN.EXE&&&[Realtek Semiconductor Corp.]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe&&&&[(Verified)Kaspersky Lab]
& & &SecNotifier&&C:\Program Files\Sucop\SecPlugin\SecNotifier.exe&&&[超级巡警]
& & &Adobe Reader Speed Launcher&&&C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe&&&&[(Verified)&Adobe Systems, Incorporated&]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Kaspersky Internet Security / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe& -r&&Kaspersky Lab&
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
&&&C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
&&&system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
&&&\SystemRoot\system32\drivers\klbg.sys&&Kaspersky Lab&
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
&&&system32\DRIVERS\klfltdev.sys&&Kaspersky Lab&
[Kaspersky Lab Driver / KLIF][Running/System Start]
&&&system32\DRIVERS\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[nvata / nvata][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\nvata.sys&&NVIDIA Corporation&
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
&&&system32\DRIVERS\NVENETFD.sys&&NVIDIA Corporation&
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
&&&system32\DRIVERS\nvnetbus.sys&&NVIDIA Corporation&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[PxHelp20 / PxHelp20][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\PxHelp20.sys&&Sonic Solutions&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Running/Manual Start]
&&&system32\drivers\srs_sscfilter_i386.sys&&&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[畅游巡警]
&&{C2EB616C-BFB0-8F869A0E97} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[Web traffic protection statistics]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, Kaspersky Lab&
[IESecExtern Class]
&&{7B71B9D0-7A6B-4CD4-BFAD-AD9} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[畅游巡警]
&&{B057BF9C-55B4-4AA4-938A-FE} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated&
[Windows Genuine Advantage Validation Tool]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation&
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD&
[IE2EMUrlTaker Class]
&&{F-4CA0-B8CD-6F496C997FAF} &C:\Program Files\eMule\IE2EM.dll, &
[Shell Name Space]
&&{DE-11D1-B9F2-00A0C98BC547} &C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[XDRM]
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[MUWebControl Class]
&&{6E3D-4EE6-879C-DC1FA91D2FC3} &C:\WINDOWS\system32\muweb.dll, Microsoft Corporation&
[Microsoft Web Browser]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[XML DOM 文档 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XML DOM Document 6.0]
&&{88D96A05-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml6.dll, Microsoft Corporation&
[XML HTTP 6.0]
&&{88D96A0A-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml6.dll, Microsoft Corporation&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5).dll, ShenZhen Thunder Networking Technologies Ltd.&
[畅游巡警]
&&{B057BF9C-55B4-4AA4-938A-FE} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[畅游巡警]
&&{C2EB616C-BFB0-8F869A0E97} &C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, 超级巡警&
[Adobe PDF Reader]
&&{CA8ACF-A24D-} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, Adobe Systems, Inc.&
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\macromed\flash\Flash.ocx, Adobe Systems, Inc.&
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[Thunder DapPlayer]
&&{EEDD6FF9-13DE-496B-9A1C-D78B} &d:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0..dll, ShenZhen Thunder Networking Technologies Ltd.&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(875).dll, Thunder&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation&
[&添加到广告拦截器&]
&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A&
[使用迅雷下载]
&&&D:\Program Files\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\Program Files\Thunder\Program\getallurl.htm, N/A&
==================================
正在运行的进程
[PID: 876][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 932][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 956][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1000][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1012][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1160][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1208][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1256][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1596][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp.5)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [d:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 96]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 8.1.0.0]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]&&[Adobe Systems, Inc., 8.0.0.0]
& & [D:\backup\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1908][C:\WINDOWS\SOUNDMAN.EXE]&&[Realtek Semiconductor Corp., 5, 1, 0, 48]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1924][C:\Program Files\Sucop\SecPlugin\SecNotifier.exe]&&[超级巡警, 1, 0, 0, 7]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1944][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1984][C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe]&&[SRS Labs, Inc., 2.2.1.0]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 376][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp.2)]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll]&&[Kaspersky Lab, 8.0.0.422]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1896][C:\Documents and Settings\Administrator\桌面\sreng990\SREngLdr.EXE]&&[Smallfrogs Studio, 2.6.10.990]
& & [C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]&&[Kaspersky Lab, 8.0.0.422]
[PID: 1892][C:\Documents and Settings\Administrator\桌面\sreng990\SREea32bfed.EXE]&&[Smallfrogs Studio, 2.6.10.990]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.1& & & & about.blank.la
127.0.0.1& & & &
127.0.0.1& & & &
127.0.0.
127.0.0.1 gxgxy.net
127.0.0.1
127.0.0.
127.0.0.
127.0.0.
127.0.0.1
127.0.0.
127.0.0.1
127.0.0.
127.0.0.1 xxx.mmma.biz
127.0.0.1
127.0.0.1 yu.8s7.net
127.0.0.1
127.0.0.1 xxx.vh7.biz
127.0.0.1
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 956, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1908, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\SUCOP\SECPLUGIN\SECNOTIFIER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1984, C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1896, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG990\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
回复 4楼 v147369 的帖子
日志没看出异常。只开一卡巴呢,情况如何?
[ 本帖最后由 lztl2006 于
23:49 编辑 ]
先卸载超级巡警看看
日志看不出什么
用金山清理专家清理恶意软件
下载windows清理助手清理一遍
你关闭自动更新了么?
你关闭自动更新了么?
没有关闭自动更新。卡巴09的保护报告(正常?): 9:56:03& & & & 结果:已被允许: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown& & & & 程序:Generic Host Process for Win32 Services& & & & 操作:关闭 Windows& & & & & & & & 原因:KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,BFAD教你如何选择更好的人才
我有话说(0人参与)
每年的三月份都是很多企业的招聘旺季,找工作的人非常的多,很多企业的部门也在大力的尽行招聘工作,HR部门每天疯狂的筛简历、打电话,在三月份的招聘旺季,很多企业都想招到合适满意的人才,大家都一致的观点认为这个时间段找工作的人非常的多,肯定会有很有优秀的人才也在求职,但是我们常常忽略一个问题,有能力的有经验的,为什么会选择在这个集中的时间段换工作呢,既然有能力又有工作经验,他们什么时间换工作,很多企业都非常的愿意要,其实往往我们所说的旺季,无非就是一些跳槽专业户、职业求职者、一些没有工作经验的应届毕业生,这些难道就是我们企业所说的人才吗?下面BFAD告诉你如何选择正确的人才。首先,我们要进行总体的招聘计划。这项工作每个公司都在有,但是又有多少公司能正确的掌握,很多公司都处于计划赶不上变化的时候,不能做出很好的招聘计划,导致很多部门出现“运转不下去了”的情况发生。BFAD的年度招聘计划从来都不分淡旺季,我们按照我们各部门人员既定的目标,按照我们公司的最小建制标准找到我们需要的人才。而不是盲目的按照最大建制的招聘。其次,我们应该确定阶段性招聘重点。我们应该分出公司重点的岗位是什么,哪些人是我们目前需要的,哪些人可以现在先不要,先到多少人,后到多少人,最迟什么时间到岗,只有这样我们才能分轻重缓急。我们应该根据部门的需求随时的进行招聘条件的设置,发布的招聘消息最详细越准确越好,不要跟别的公司一样,因为每个企业有每个企业的岗位职责,工作内容肯定不一样。我们应该做到具体问题具体分析。最后,招聘渠道的运用。招聘局面打不开的原因往往是招聘渠道发生了阻塞,招聘的一项重要工作是如何寻找人才,寻找人才的关键无非在于渠道的选择。在当前各种渠道对每家企业都开放的情况下,没有哪一种渠道是绝对有效的,不能有“毕其功于一役”的心理。要善于运用招聘渠道的组合。
已有0条评论
沙发空缺中~~~~~
BFAD创意广告艺术总监Airsiren,针对互联网广告时代
创意犹如一滴清水,绝不可能从一池污水取出。当你要问BFAD为
广告策划案最先看到的是标题,不宜长也不宜短,最重要的是要提炼
Copyright BFAD Creation Worldwide inc. 2015
京ICP备号-11BFAD北影创意广告团队是怎样炼成的?_百度知道
BFAD北影创意广告团队是怎样炼成的?
提问者采纳
谓是一点一滴的历练出来的,过去的艰难困苦成就了今天的BFAD坚韧不拔,BFAD团队在最初是吃过很多苦头为此交过不少学费,每一个团队的成长都不是一帆风顺,相信BFAD明天会更好,一丝不苟的行事作风
提问者评价
其他类似问题
为您推荐:
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁}
我要回帖
更多关于 怎么样了解汽车 的文章
更多推荐
- ·马峰老师的理论法学体系怎么样?
- ·“TW”作为“台湾在国际上叫什么英文”的英文缩写,其背后有何法律依据?
- ·高考要求口语的专业口语考什么?
- ·福建南平八中是怎样的学校第四届学生会主席选举
- ·框架每平米建筑面积填充1立方砌块砌墙多少平方多少方?
- ·格力五匹风管冰箱压缩机不停机报故鄣几分钟压机先停机,风机在停过几分钟又自动开机
- ·求推荐一款看电影的软件10寸平板电脑只看电影。千元以下的。
- ·苹果手机短信删除了怎么怎样恢复被删除短信
- ·鹐g8012次列车hb86s的童锁怎么解开
- ·脳脥虏漏脢脨脳枚脠脣脕梅脫脩脪锚禄脻脰酶脙没
- ·小米4上网时别人来怎么ios返回上一个页面页面接电
- ·没有没宝马在家用手机电脑怎么才能赚钱补贴家用的呀,
- ·苹果手机苹果怎么设置锁屏密码码为四位
- ·有拆换酷派7251开机定屏手机屏的视频吗?
- ·三星smg5308109反映有点慢
- ·尼康d750套机报价最新报价多少?
- ·电脑win10开机后键盘失灵屏幕黑,其它一切正常,键盘指示灯还亮。拿去修,修电脑的说百分之八十的几率是显卡烧了,因为
- ·海信55xt91065寸xt910和lgoled哪个好
- ·小米空气净化器过滤甲醛的活性炭滤网可以清洗吗还要单独购买是吗
- ·这个BFAD的怎么样才算了解一个人啊?有了解的吗?
- ·卡西欧tr200一部,急需用钱时的最佳办法,赔钱售出
- ·手机iphone6s照相自动美颜美颜后拍的那么垃圾
- ·EIAeia数据是什么意思么
- ·sony z5 premium刚买照相为什么不清楚
- ·称重义有多少类 我想知道 英文
- ·我是移动卡啊,怎么领不了啊???好纳闷造句啊
- ·园林景观设计专业成才杯总结1000字,设计微景观的。感谢各位大神
- ·北师大版5三年级上册多音字汇总的七八九十单元的多音字有哪些
- ·记叙文插叙的作用用是反衬吗
- ·邯东石家庄驾校课时查询询怎么查?
- ·屄芡实有大小之分分吗
- ·在电力线附近作业的起重作业安全操作规程有哪些
- ·天津日语翻译培训培训机构有哪些家
