您现在的位置:首页病毒救援 > 帮帮 > 正文

帮帮

2010/01/21 20:38 作者:q493145803 点击:617 评论:2
[CODE]
2010-01-21,20:25:41
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Publisher]
[(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
<"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"> [(Verified)Google Inc]
[广州多玩信息技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safebox><"C:\Program Files\360Safebox\SafeBoxTray.exe" /r> [奇虎网]
<"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
[(Verified)Tencent Technology(Shenzhen) Company Limited]
<"E:\金山毒霸\Kingsoft Internet Security\KAVStart.exe" -startup> [(Verified)Zhuhai Kingsoft Software Co.,Ltd]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher]
<{EE9EBB5C-5B4C-48d3-8BDD-0EDBF4F720B4}> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yest]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<; > [N/A]
<; > [N/A]
<; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
[快捷方式]
C:\PROGRA~1\快捷方式\KKjie.exe []>
[y2]
[File is missing]>
[360Safe]
[File is missing]>
[Down(0)]
[File is missing]>
==================================
服务
[tjy / fyh][Stopped/Auto Start]
<><(File is missing)>
[Google Software Updater / gusvc][Stopped/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[hadapju / ias][Running/Auto Start]
C:\WINDOWS\system32\hadap.dll>
[Windows Time1 / irmon][Running/Auto Start]
C:\PROGRA~1\mutyd\mbmse.dll>
[Kingsoft Basic Service / kaccore][Running/Manual Start]
<"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">
[Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start]

[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]

[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<"E:\金山毒霸\Kingsoft Internet Security\KWatch.EXE">
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
<><(File is missing)>
[apfanjs / nwcworkstation][Running/Auto Start]
C:\WINDOWS\system32\apfan.dll>
[qggleeor / qeklwyaj][Running/Auto Start]
C:\DOCUME~1\ADMINI~1\APPLIC~1\ACDSYS~1\ACDSee\Imageqq.ddf>
[Rav Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavMonD.exe">
[snrkkwaa / snrkkwaa][Running/Auto Start]
C:\PROGRA~1\NETMEE~1\shyqj.bmp>
[Tencent Software Update Service / TSUSVC][Stopped/Manual Start]
<><(File is missing)>
[Wivciriuvio / Wivciriuvio][Running/Auto Start]

[juvrige / wmdmpmsp][Running/Auto Start]
C:\WINDOWS\system32\juvri.dll>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]

[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys>
[hookcont / hookcont][Running/System Start]

[hooksys / hooksys][Running/System Start]

[ialdnwxf / ialdnwxf][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\superec9KyX8.sys>
[ialm / ialm][Running/Manual Start]

[KAVBase / KAVBase][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys>
[KLIF / KLIF][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]

[KNetWch / KNetWch][Running/System Start]
<\??\E:\金山毒霸\Kingsoft Internet Security\KNetWch.SYS>
[KRegEx / KRegEx][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\KRegEx.sys>
[KWatch3 / KWatch3][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KWatch3.sys>
[Mkd2kfNt / Mkd2kfNt][Stopped/Manual Start]

[Mkd2Nadr / Mkd2Nadr][Stopped/Manual Start]

[MXD / MXD][Stopped/Manual Start]
<\??\D:\WG\冒险岛外挂\sww.sys>
[nv / nv][Stopped/Manual Start]

[phsysmemread / phsysmemread][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\pfnrersys.sys>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

[Remember1 / Remember1][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX10.093\cf.sys>
[rsassist / rsassist][Running/Auto Start]

[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys>
[RsProtect / RsProtect][Running/System Start]

[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]

[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]

[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
<\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys>
[Secdrv / Secdrv][Stopped/Manual Start]

[TCP/IP Protocol Driver / Tcpip][Running/System Start]

[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesDrvPt.sys>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys>
[vmfilter303 / vmfilter303][Running/Manual Start]

[TOPSPEED 303 PC Camera(Vimicro301 Neptune) / ZSMC303][Running/Manual Start]

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014}
[QQ工具栏]
{29CF293A-1E7D-4069-9E11-E39698D0AF95}
[QvodExtend]
{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}
[Thunder Browser Helper]
{77FEF28D-EB96-44FF-B511-3185DEA48697}
[Baidu Toolbar BHO]
{77FEF28E-EB96-44FF-B511-3185DEA48697}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[网络反病毒统计信息]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b}
[QQ工具栏]
{29CF293A-1E7D-4069-9E11-E39698D0AF95}
[Google Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[Baidu Toolbar]
{B580CF65-E151-49C3-B73F-70B13FCA8E86}
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD}
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2}
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233}
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014}
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3}
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA}
[HallToolkit Class]
{1E36C446-29F0-4773-A3FB-59C5501446EB}
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[Google Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[QQ工具栏]
{29CF293A-1E7D-4069-9E11-E39698D0AF95}
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[]
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555}
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844}
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436}
[QvodExtend]
{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[mkd25aosCtrl Class]
{59B0298B-A7B5-4045-A34E-377EDF7BCB8E}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD}
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2}
[Thunder Browser Helper]
{77FEF28D-EB96-44FF-B511-3185DEA48697}
[Baidu Toolbar BHO]
{77FEF28E-EB96-44FF-B511-3185DEA48697}
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890}
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}
[]
{A412E581-59B2-485E-834F-C5F0C0268C79} <, >
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD}
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7}
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389}
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
[]
{B0CFAB31-D992-420E-85A0-F29BF0EC5A47} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Baidu Toolbar]
{B580CF65-E151-49C3-B73F-70B13FCA8E86}
[]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <, >
[]
{C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127}
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC}
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23}
[]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <, >
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266}
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[QvodCtrl Class]
{F3D0D36F-23F8-4682-A195-74C92B03D4AF}
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F}
[&使用QQ旋风下载]

[&使用QQ旋风下载全部链接]

[Google 边栏评注...]

[上传到QQ网络硬盘]

[使用迅雷下载]

[使用迅雷下载全部链接]

[导出到 Microsoft Office Excel(&X)]

[添加到QQ自定义面板]

[添加到QQ表情]

[添加到火星符号]
<, >
[用QQ彩信发送该图片]

==================================
正在运行的进程
[PID: 516 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.1.325]
[C:\WINDOWS\System32\yest.dll] [N/A, ]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
[C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
[C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.41]
[C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 45]
[C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[C:\Program Files\Rising\Rav\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
[C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1]
[C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 32]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.21]
[C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
[C:\Program Files\Rising\Rav\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
[C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 62]
[C:\Program Files\Rising\Rav\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\Program Files\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\Program Files\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15]
[C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\extsfx.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 188 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\docume~1\admini~1\applic~1\acdsys~1\acdsee\imageqq.ddf] [N/A, ]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[PID: 544 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\progra~1\netmee~1\shyqj.bmp] [N/A, ]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148 / SYSTEM][C:\Program Files\Wivciriuvio\srvany.exe] [N/A, ]
[PID: 2312 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3236 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\hadap.dll] [N/A, ]
[c:\progra~1\mutyd\mbmse.dll] [N/A, ]
[c:\windows\system32\juvri.dll] [N/A, ]
[c:\windows\system32\apfan.dll] [N/A, ]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 1672 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kswebshield.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[E:\金山毒霸\Kingsoft Internet Security\ktaskbar.dll] [Kingsoft Corporation, 2009,08,03,993]
[C:\Program Files\快捷方式\KKjie_safe.hlp] [www.kkjie.com, 1, 0, 0, 3]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926]
[PID: 3616 / Administrator][C:\Program Files\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.10]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\Program Files\Rising\Rav\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15]
[C:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[C:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
[C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57]
[C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[C:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
[C:\Program Files\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
[C:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7]
[C:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.74]
[C:\Program Files\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[C:\Program Files\Rising\Rav\scanleak.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\Program Files\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
[PID: 3640 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 3712 / Administrator][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 6.14.10.4926]
[PID: 3672 / Administrator][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 3716 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 3916 / Administrator][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 6.14.10.4926]
[PID: 3904 / Administrator][E:\PPS\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 226]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[E:\PPS\PPStream\1.1.0.2730\vodnet.dll] [PPStream Inc., 1, 0, 11, 281]
[E:\PPS\PPStream\1.1.0.2730\vodres.dll] [PPStream Inc., 1, 0, 11, 281]
[E:\PPS\PPStream\1.1.0.2730\ppssg.dll] [PPStream Inc., 1, 0, 11, 277]
[E:\PPS\PPStream\1.1.0.2730\fds.dll] [PPStream Inc., 1, 0, 0, 101]
[PID: 3936 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 4, 1, 509, 1944]
[C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\gtn.dll] [Google Inc., 5, 4, 4525, 1752]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll] [Google Inc., 5, 4, 4525, 1752]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 3960 / Administrator][C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\360Safe.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[PID: 3808 / Administrator][C:\Program Files\快捷方式\KKjie_safe.exe] [www.kkjie.com, 1,0,0,3]
[C:\Program Files\快捷方式\Languages\Chinese.lang] [, 1.0.0.5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\Program Files\快捷方式\KKjie_safe.hlp] [www.kkjie.com, 1, 0, 0, 3]
[E:\360安全卫士\360safe\360safe.exe] [奇虎网, 6, 1, 0, 1015]
[PID: 1552 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\Program Files\TENCENT\SSPlus\SAddr1.dll] [腾讯, 5, 1, 14, 10]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kswebshield.dll] [Kingsoft Corporation, 2010,01,11,7]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kswbc.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\Program Files\快捷方式\KKjie_safe.hlp] [www.kkjie.com, 1, 0, 0, 3]
[C:\Program Files\Tencent\QQToolbar\IEBar.dll] [TENCENT, 3, 1, 50, 10]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll] [TENCENT, 3, 1, 50, 10]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\TBAddr.dll] [Tencent, 3, 1, 41, 11]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\QQMail.dll] [TENCENT, 3, 1, 11, 11]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Shuqian.dll] [TENCENT, 3, 1, 22, 10]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Wenwen.dll] [TENCENT, 3, 1, 11, 11]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Weather.dll] [TENCENT, 3, 1, 10, 11]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\QQNews.dll] [TENCENT, 3, 1, 12, 10]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\PrScrn.dll] [TENCENT, 3, 1, 19, 10]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Qzone.dll] [TENCENT, 3, 1, 21, 11]
[C:\Program Files\Baidu\Toolbar\BaiduBarX.dll] [, 2, 0, 5, 31]
[C:\Program Files\Baidu\Toolbar\rc.dll] [ , 1, 0, 0, 14]
[C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll] [Google Inc., 6, 3, 1014, 1517 ]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_E0B3D00E06C2FA01.dll] [Google Inc., 6, 3, 1106, 427 ]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll] [Google Inc., 6, 3, 1106, 427 ]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_ext_zh-CN_32_A8478F8C9C51C437.dll] [Google Inc., 6, 3, 1106, 427 ]
[C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll] [Google Inc., 5, 4, 4525, 1752]
[E:\迅雷\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\WG\QvodPlayer\QvodExtend.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[E:\迅雷\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\userdata\Components\ResWorker\DsBho_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[E:\迅雷\userdata\Components\ResWorker\DataProcessor_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[D:\QQ2009\Bin\TXPFProxy.dll] [Tencent, 1, 41, 1450, 0]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx] [Adobe Systems, Inc., 10,0,32,18]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\WG\QvodPlayer\Codecs\RealMediaSplitter.ax] [Gabest, 1, 0, 1, 1]
[C:\Program Files\Common Files\Thunder Network\KanKan\RealMediaSplitter.1.0.2.5.(58).ax] [Gabest, 1, 0, 2, 5]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[D:\WG\QvodPlayer\Codecs\asfsplliter.ax] [TASK (www.task.com.cn), 0, 0, 0, 1]
[PID: 2496 / Administrator][E:\迅雷\Program\Thunder.exe] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\XLI18NEX.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 1]
[E:\迅雷\Program\libexpat.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\迅雷\Program\minizip.dll] [N/A, ]
[E:\迅雷\Program\zlib1.dll] [, 1.2.3]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\迅雷\Program\XLBugHandler.dll] [深圳市迅雷网络技术有限公司, 2, 1, 0, 8]
[E:\迅雷\Program\liblua.dll] [N/A, ]
[E:\迅雷\Program\XLGraphic.dll] [N/A, ]
[E:\迅雷\Program\libpng13.dll] [, 1.2.38]
[E:\迅雷\Program\UACTool.dll] [N/A, ]
[E:\迅雷\Program\XLLuaRuntime.dll] [N/A, ]
[C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.6101.0]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0]
[E:\迅雷\Program\sqlite3.dll] [N/A, ]
[E:\迅雷\Program\mini_unzip_dll.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[E:\迅雷\Program\SkinEngine2.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\XLGUIPlatform.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\DllNewTask.DLL] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\ThunderStorage.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\Thunders.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\download_interface.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 45]
[C:\Program Files\快捷方式\KKjie_safe.hlp] [www.kkjie.com, 1, 0, 0, 3]
[E:\迅雷\Program\dl_peer_id.dll] [深圳市迅雷网络技术有限公司, 3, 1, 2, 7]
[E:\迅雷\Program\xl_data.dll] [深圳市迅雷网络技术有限公司, 1, 10, 2, 24]
[E:\迅雷\Program\xl_client.dll] [深圳市迅雷网络技术有限公司, 1, 10, 2, 24]
[E:\迅雷\Program\asyn_frame.dll] [深圳市迅雷网络技术有限公司, 1, 4, 2, 39]
[E:\迅雷\Program\mp.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 7]
[E:\迅雷\Program\XLGUIDevEnv.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\GougouSearch.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\GBLCategory.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\ComDlls\ThunderAgent5.9.11.1168.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\userdata\Components\BaseCommunity\BaseCommunity.dll] [深圳市迅雷网络技术有限公司, 1.0.2.42]
[E:\迅雷\Program\libjpeg6b.dll] [N/A, ]
[E:\迅雷\Program\giflib4.dll] [N/A, ]
[E:\迅雷\Program\http.dll] [深圳市迅雷网络技术有限公司, 1.0.2.7]
[E:\迅雷\Program\XLCP.dll] [深圳市迅雷网络技术有限公司, 1.0.2.16]
[E:\迅雷\Program\XLUser.dll] [深圳市迅雷网络技术有限公司, 1.0.2.44]
[E:\迅雷\Program\BaseIM.dll] [深圳市迅雷网络技术有限公司, 1.0.1.9]
[E:\迅雷\Program\UpdateCtrl.dll] [深圳市迅雷网络技术有限公司, 2, 5, 2, 215]
[E:\迅雷\Program\FloatPanel.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\Program\XLWebDownload.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168]
[E:\迅雷\userdata\Components\Despise\Despise.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 18]
[E:\迅雷\userdata\Components\InMedia\iEmbed.dll] [深圳市迅雷网络技术有限公司, 3, 4, 12, 137]
[E:\迅雷\userdata\Components\InMedia\XLIPC.DLL] [深圳市迅雷网络技术有限公司, 1, 0, 0, 4]
[E:\迅雷\userdata\Components\Tips\TipsClient.dll] [深圳市迅雷网络技术有限公司, 3, 0, 3, 152]
[E:\迅雷\userdata\Components\Tips\XLSkin.dll] [深圳市迅雷网络技术有限公司, 1, 0, 1, 4]
[E:\迅雷\Program\XLNetU.dll] [深圳市迅雷网络技术有限公司, 1, 5, 2, 25]
[E:\迅雷\userdata\Components\ResWorker\DsXlCom.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 43]
[E:\迅雷\userdata\Components\ResWorker\DataProcessor_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[E:\迅雷\userdata\Components\ResWorker\MediaWorker.dll] [深圳市迅雷网络技术有限公司, 1, 2, 0, 23]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\迅雷\userdata\Components\XlWnd\XlWnd.dll] [深圳市迅雷网络技术有限公司, 1.0.0.4]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
[E:\迅雷\userdata\Components\XLSafeHost\ThunderKSAV\ThunderKSAV.dll] [N/A, ]
[E:\迅雷\userdata\Components\XLSafeHost\ThunderKSAV\bin\XLScan.dll] [Kingsoft Corporation, 2007,11,30,9]
[E:\迅雷\userdata\Components\Kankan\XMPPlugin.dll] [深圳市迅雷网络技术有限公司, 1.0.0.13]
[E:\迅雷\userdata\Components\Kankan\XMPStatistic.dll] [Thunder Networking Technologies,LTD, 1.0.0.1]
[E:\迅雷\userdata\Components\XLMediaCutter\XLMediaCutter.dll] [深圳市迅雷网络技术有限公司, 4, 0, 0, 42]
[E:\迅雷\userdata\Components\Streamer\Streamer.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 23]
[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx] [Adobe Systems, Inc., 10,0,32,18]
[E:\迅雷\Program\TipsManager.dll] [深圳市迅雷网络技术有限公司, 1.0.2.8]
[PID: 3692 / Administrator][C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\ThunderService.exe] [深圳市迅雷网络技术有限公司, 1, 0, 2, 61]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\XLBugHandler.dll] [深圳市迅雷网络技术有限公司, 2, 1, 0, 8]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\UpdateCtrl.dll] [深圳市迅雷网络技术有限公司, 2, 6, 2, 216]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\download_engine.dll] [深圳市迅雷网络技术有限公司, 3, 4, 2, 365]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\mp.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 7]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\XLCrypto.dll] [N/A, ]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\UACTool.dll] [N/A, ]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\asyn_frame.dll] [深圳市迅雷网络技术有限公司, 1, 4, 2, 39]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\backend_agent.dll] [深圳市迅雷网络技术有限公司, 1, 1, 2, 40]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\zlib1.dll] [, 1.2.3]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\ptl.dll] [深圳市迅雷网络技术有限公司, 3, 2, 2, 81]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\dl_peer_id.dll] [深圳市迅雷网络技术有限公司, 3, 1, 2, 7]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\xl_stat.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 9]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\p2p_upload.dll] [深圳市迅雷网络技术有限公司, 1,1,2,16]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\dphubt.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 30]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\p2p.dll] [深圳市迅雷网络技术有限公司, 1, 1, 2, 91]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\fs.dll] [深圳市迅雷网络技术有限公司, 1, 1, 2, 21]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\xldc.dll] [深圳市迅雷网络技术有限公司, 4, 0, 2, 41]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\stream.dll] [深圳市迅雷网络技术有限公司, 2, 1, 2, 1094]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 112]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\down_dispatcher.dll] [深圳市迅雷网络技术有限公司, 1, 1, 2, 58]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\member_stat.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 8]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\al.dll] [深圳市迅雷网络技术有限公司, 1,1,2,48]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\p2p_local_res.dll] [深圳市迅雷网络技术有限公司, 1,1,2,22]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\p2p_network_com.dll] [深圳市迅雷网络技术有限公司, 3, 0, 2, 47]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\media_data.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 10]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\sl.dll] [深圳市迅雷网络技术有限公司, 1.0.2.2]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\task_report.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 6]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\p2ptl2.dll] [深圳市迅雷网络技术有限公司, 1,1,2,10]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\p2p_session.dll] [深圳市迅雷网络技术有限公司, 1,2,2,36]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\module_downloader.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 16]
[C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\mini_unzip_dll.dll] [N/A, ]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\emule_id.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 17]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\xldcsubtask.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 30]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\xldcagent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 11]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.20\bd.dll] [深圳市迅雷网络技术有限公司, 1, 0, 2, 22]
[PID: 2684 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Temp\HZ$D.465.3983\HZ$D.465.3984\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 2256 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Temp\HZ$D.465.3983\HZ$D.465.3984\SREd4b7c547.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\金山毒霸\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[E:\金山毒霸\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,06,15,929]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[E:\金山毒霸\Kingsoft Internet Security\webshield\kwsui.dll] [Kingsoft Corporation, 2010,01,11,7]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.2.555.201]
[C:\Program Files\快捷方式\KKjie_safe.hlp] [www.kkjie.com, 1, 0, 0, 3]
[C:\Documents and Settings\Administrator\Local Settings\Temp\HZ$D.465.3983\HZ$D.465.3984\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
RSVP UDP Service Provider
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP TCP Service Provider
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 3960, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\「开始」菜单\程序\启动\360SAFE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3960, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\「开始」菜单\程序\启动\360SAFE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3808, C:\PROGRAM FILES\快捷方式\KKJIE_SAFE.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
N/A

发表评论 评论总数:2【论坛浏览】

1楼评论者:Amazing 于 2010-01-22 12:29 评论道:

c:\windows\system32\pfnrersys.sys
c:\program files\wivciriuvio\srvany.exe
上传到http://www.virustotal.com/zh-cn/检测下

建议使用XDelBox删除以下文件
复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,重启删除

c:\windows\system32\yest.dll
c:\docume~1\admini~1\applic~1\acdsys~1\acdsee\imageqq.ddf
c:\progra~1\netmee~1\shyqj.bmp
c:\progra~1\mutyd\mbmse.dll
c:\windows\system32\apfan.dll
c:\windows\system32\hadap.dll
c:\windows\system32\juvri.dll
c:\windows\system32\zkkfzbbs.dll
c:\documents and settings\administrator\「开始」菜单\程序\启动\down(0).chm
c:\documents and settings\administrator\「开始」菜单\程序\启动\y2.jse
c:\windows\system32\juvri.dll

c:\progra~1\netmee~1\shyqj.bmp
c:\docume~1\admini~1\applic~1\acdsys~1\acdsee\imageqq.ddf
c:\windows\system32\apfan.dll
c:\progra~1\mutyd\mbmse.dll
c:\windows\system32\hadap.dll

c:\docume~1\admini~1\locals~1\temp\rar$ex10.093\cf.sys
c:\windows\system32\superec9kyx8.sys


2.删除重启后使用SREng修复下面各项:

启动项目 -- 注册表之如下项删除:
[{EE9EBB5C-5B4C-48d3-8BDD-0EDBF4F720B4}]
[zkkfzbbs.dll]
[WinlogonNotify: yest]

启动项目 -- 启动文件夹之如下项删除:
[Down(0)]
[y2]

启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[juvrige / wmdmpmsp] C:\WINDOWS\system32\juvri.dll>
[Wivciriuvio / Wivciriuvio]
[snrkkwaa / snrkkwaa] C:\PROGRA~1\NETMEE~1\shyqj.bmp>
[qggleeor / qeklwyaj] C:\DOCUME~1\ADMINI~1\APPLIC~1\ACDSYS~1\ACDSee\Imageqq.ddf>
[apfanjs / nwcworkstation] C:\WINDOWS\system32\apfan.dll>
[Windows Time1 / irmon] C:\PROGRA~1\mutyd\mbmse.dll>
[hadapju / ias] C:\WINDOWS\system32\hadap.dll>
[tjy / fyh] <>

启动项目 -- 服务-- 驱动程序之如下项禁用:
[Remember1 / Remember1] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX10.093\cf.sys>
[ialdnwxf / ialdnwxf] <\??\C:\WINDOWS\system32\superec9KyX8.sys>


**************以上分析报告由SREngLog分析助手提供******************
分析:Amazing
时间:2010-1-22
SREngLog分析助手 1.4 BY 草莽书生 (20090209 更新 BY 小金)

2楼评论者:eyeego 于 2010-01-22 21:35 评论道:

那个啥。。。下次请发完整日志

页码 1/1 首页 上一页 1 下一页 末页