您现在的位置:首页病毒救援 > 电脑中毒,以下是sereng分析报告,请帮我分析下 > 正文

电脑中毒,以下是sereng分析报告,请帮我分析下

2010/01/30 15:32 作者:wolaiye238 点击:1045 评论:9
最近电脑奇慢 查看资源管理器发现多了firefox.exe和VVist.exe进程,但没装firefox,鲁大师一键清理也不能用了显示无法查看firefox,用的卡巴 杀不出来
以下是sereng分析报告:[code]

2010-01-30,23:13:53

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)NVIDIA Corporation]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]
<; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [File is missing]
<; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r>
[Help and Support / helpsvc][Stopped/Disabled]
%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll>
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
%SystemRoot%\System32\mswsock.dll>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]

[ServiceSafe1 / ServiceSafe1][Running/Auto Start]

[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
<"D:\Program Files\360safe\deepscan\zhudongfangyu.exe"><360安全中心>

==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
<360安全中心>
[AMD Processor Driver / AmdK8][Running/System Start]

[BFSDRV / BFSDRV][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
<奇虎网>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]

[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]

[HookPort / HookPort][Running/Boot Start]
<\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]

[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys>
[Kaspersky Lab Driver / KLIF][Running/System Start]

[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]

[Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start]

[msspac / msspac][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msspac.sys>
[nv / nv][Running/Manual Start]

[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]

[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]

[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

[Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\qutmdrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]

[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]

[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesDrvPt.sys>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8}
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110}
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79}
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F}
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233}
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D}
[BDA 调节型号 MPEG2 微调请求]
{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Zyzzyva]
{30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, >
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110}
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555}
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844}
[SkyDrive.Plugin.1]
{4990272A-0655-4D80-90A7-C18D0FF7A4A9}
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851}
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4}
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2}
[]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
{7B434A2A-9E4C-48F2-8373-5801F316A4D5} <, >
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3}
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[TTPlayer ActiveX Control]
{89AE5F82-410A-4040-9387-68D1144EFD03}
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890}
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}
[]
{A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} <, >
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79}
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD}
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[QQCertCtrl Class]
{BAEA0695-03A4-43BB-8495-C7025E1A8F42}
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77}
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F}
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127}
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23}
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8}
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF}
[]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F}
[&U使用米人下载并收藏]

[使用电驴下载]

[使用迅雷下载]

[使用迅雷下载全部链接]

[导出到 Microsoft Office Excel(&X)]

[添加到QQ表情]


==================================
正在运行的进程
[PID: 1184 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1232 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1256 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1488 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 4.00.1381.9562]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1528 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1584 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1724 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1832 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1868 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2044 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 340 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\FreeLaunchBar\flb.dll] [TrueSoft, 1.0.0.0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[PID: 872 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1708 / SYSTEM][C:\WINDOWS\Help\tours\mmtour\svohost.exe] [N/A, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1720 / Administrator][D:\Program Files\Tencent\QQ\Bin\QQ.exe] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\Common.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[D:\Program Files\Tencent\QQ\Bin\KernelUtil.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\GF.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\xGraphic32.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppUtil.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Bin\MainFrame.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[D:\Program Files\Tencent\QQ\Bin\IM.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\TaskTray.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll] [Tencent, 1.26.1.26]
[D:\Program Files\Tencent\QQ\Bin\KernelMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppCtrl.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ChatFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ConfigCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\CustomFace.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\LongCnn.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ContactInfoFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\MsgMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\SkinMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\QInterLive.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\SystemMsg.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Soso\Bin\Soso.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Weather\Bin\Weather.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.taotao\Bin\Taotao.dll] [Tencent, 1, 40, 1390, 0]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.2.0.22]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL] [Tencent, 1.2.0.3]
[D:\Program Files\Tencent\QQ\Bin\BasicCtrlDll.dll] [TENCENT, 8,0,773,1801]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\Bin\GroupApp.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qbar\Bin\QBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.netbar\Bin\NetBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.crm\Bin\CRM.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.vas\Bin\VAS.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\InformationBox.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.2.0.2654]
[C:\Program Files\SogouInput\4.2.0.2654\Resource.dll] [Sogou.com Inc., 4.2.0.2654]
[D:\Program Files\Tencent\QQ\Bin\AddrSearch.dll] [Tencent, 2, 3, 12, 11]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\VVisit.exe] [西安智鑫软件开发公司, 1.9.0.9]
[C:\WINDOWS\system32\SkinFeature.dll] [SkinFeature.Ltd, 1, 3, 0, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1960 / SYSTEM][C:\WINDOWS\system32\browser\pxy\privoxy.exe] [The Privoxy team - www.privoxy.org, 3.0.15]
[C:\WINDOWS\system32\browser\pxy\mgwz.dll] [N/A, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1660 / Administrator][D:\Program Files\Tencent\QQ\Bin\TXPlatform.exe] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[PID: 2572 / SYSTEM][C:\WINDOWS\system32\browser\firefox.exe] [Mozilla Corporation, 1.9.1.3]
[C:\WINDOWS\system32\browser\xul.dll] [Mozilla Foundation, 1.9.1.3]
[C:\WINDOWS\system32\browser\sqlite3.dll] [sqlite.org, 3.6.10]
[C:\WINDOWS\system32\browser\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\WINDOWS\system32\browser\nspr4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\smime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssutil3.dll] [Mozilla Foundation, 3.12.3.1]
[C:\WINDOWS\system32\browser\plc4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\plds4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\ssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\xpcom.dll] [Mozilla Foundation, 1.9.1.3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\browser\softokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\freebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssckbi.dll] [Mozilla Foundation, 1.75]
[PID: 3732 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.438\QQ伴侣.exe] [, 2.05.0004]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\VSListview.ocx] [Mndsoft Studio, 0.00.0009]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\msjetoledb40.dll] [, ]
[C:\WINDOWS\system32\expsrv.dll] [Microsoft Corporation, 6.1.9774]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[PID: 448 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\easyMule\modules\IE2EM.dll] [VeryCD.com, 1.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll] [Kaspersky Lab, 9.0.0.459]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll] [Kaspersky Lab, 9.0.0.464]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblc.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\kltbar.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\winreg.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\propmap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\nfio.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\filemap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbcl.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[C:\WINDOWS\system32\vbscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Common Files\Thunder Network\KanKan\RealMediaSplitter.1.0.2.5.(43).ax] [Gabest, 1, 0, 2, 5]
[PID: 1140 / Administrator][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1520 / Administrator][D:\Program Files\sreng\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1924 / Administrator][D:\Program Files\sreng\SREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[D:\Program Files\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] SEQPACKET 3
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] DATAGRAM 3
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] SEQPACKET 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] DATAGRAM 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] SEQPACKET 4
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] DATAGRAM 4
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] SEQPACKET 5
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] DATAGRAM 5
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1708, C:\WINDOWS\HELP\TOURS\MMTOUR\SVOHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\VVISIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1960, C:\WINDOWS\SYSTEM32\BROWSER\PXY\PRIVOXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2572, C:\WINDOWS\SYSTEM32\BROWSER\FIREFOX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3732, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.438\QQ伴侣.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB943649, Outlook 2003 更新 (KB943649)
KB945185, Office 2003 安全更新 (KB945185) MS08-013
KB907417, Office 2003 更新 (KB907417)
KB943973, Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB925850, Windows Media Player 11
KB950213, Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB953432, Microsoft Office Outlook 2003 更新 (KB953432)
KB902344, 启用了 WMDRM 的 Media Player 更新程序 (KB902344)
KB921598, Microsoft Office 2003 安全更新 (KB921598) MS08-044
KB955439, Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB949810, Office 正版增值计划通知 (KB949810)-CHS
KB951535, Microsoft Office 2003 安全更新 (KB951535) MS08-069
KB905474, Windows Genuine Advantage 通知 (KB905474)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB973924, Microsoft Visual C++ 2008 Redistributable Package 的安全更新 (KB973924) MS09-035
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB971961, 用于 Windows XP 的 Jscript 5.7 的安全更新程序 (KB971961) MS09-045
KB971961, Windows Live 软件包
KB974554, Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB972580, Microsoft Office 2003 安全更新 (KB972580) MS09-062
KB973705, Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB976098, Windows XP 更新程序 (KB976098)
KB931125, 根证书更新 [2009 年 11 月] (KB931125)
KB970430, Windows XP 更新程序 (KB970430)
KB971737, Windows XP 更新程序 (KB971737)
KB955759, Windows XP 更新程序 (KB955759)
KB977840, Outlook 2003 垃圾邮件筛选器更新 (KB977840)
KB978551, Microsoft Office 2003 更新 (KB978551)
KB973688, Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688)
KB971513, Windows XP 更新程序 (KB971513)
KB890830, Windows 恶意软件删除工具 - 2010 年 1 月 (KB890830)
KB979202, Microsoft Silverlight 更新 (KB979202)
KB978207, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB978207) MS10-002

==================================
API HOOK
N/A

==================================
隐藏进程
[565] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

==================================

[ 本帖最后由 wolaiye238 于 2010-2-2 20:13 编辑 ]

发表评论 评论总数:9【论坛浏览】

1楼评论者:不使惹尘埃 于 2010-01-30 15:37 评论道:

请重新上传日志

2楼评论者:不使惹尘埃 于 2010-01-30 15:38 评论道:

依然未见。。。

3楼评论者:不使惹尘埃 于 2010-01-30 15:40 评论道:

仍然没看见日志
以附件形式上传吧

4楼评论者:wolaiye238 于 2010-01-30 15:45 评论道:



代码


2010-01-30,23:13:53

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程


启动项目
注册表
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
<> [N/A]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
[(Verified)NVIDIA Corporation]
<"C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
<%SystemRoot%system32SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%system32SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%system32webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifydimsntfy]
<%SystemRoot%System32dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifytermsrv]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%system32browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%system32browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%system32shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%system32shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4383}]
<%SystemRoot%system32ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USERControl PanelDesktop]
[Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
<; C:WINDOWSIMEimjp8_1IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]
<; C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName> [File is missing]
<; C:WINDOWSIMEimjp8_1IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
<"C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe" -r>
[Help and Support / helpsvc][Stopped/Disabled]
%WINDIR%PCHealthHelpCtrBinariespchsvc.dll>
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%System32hidserv.dll>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
%SystemRoot%System32mswsock.dll>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]

[ServiceSafe1 / ServiceSafe1][Running/Auto Start]

[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
<"D:Program Files360safedeepscanzhudongfangyu.exe"><360安全中心>

==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
<360安全中心>
[AMD Processor Driver / AmdK8][Running/System Start]

[BFSDRV / BFSDRV][Running/System Start]
<??C:WINDOWSsystem32driversbfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Running/System Start]
<??C:WINDOWSsystem32driversbregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
<奇虎网>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]

[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]

[HookPort / HookPort][Running/Boot Start]
<SystemRootSystem32DriversHookport.sys><360安全中心>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]

[kl1 / kl1][Running/Boot Start]
<SystemRootsystem32driverskl1.sys>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<SystemRootsystem32driversklbg.sys>
[Kaspersky Lab Driver / KLIF][Running/System Start]

[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]

[Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start]

[msspac / msspac][Stopped/Boot Start]
<SystemRootsystem32driversmsspac.sys>
[nv / nv][Running/Manual Start]

[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]

[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]

[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<SystemRootsystem32DRIVERSnvrd32.sys>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

[Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start]
<??C:WINDOWSsystem32driversqutmdrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
<??C:WINDOWSsystem32driversqutmipc.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]

[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<SystemRootsystem32DRIVERSSiWinAcc.sys>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]

[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<??C:WINDOWSsystem32TesDrvPt.sys>
[TesSafe / TesSafe][Stopped/Manual Start]
<??C:WINDOWSsystem32TesSafe.sys>
[viamraid / viamraid][Stopped/Boot Start]
<SystemRootsystem32DRIVERSviamraid.sys>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8}
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110}
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79}
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F}
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%Network Diagnosticxpnetdiag.exe, (Signed) N/A>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233}
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D}
[BDA 调节型号 MPEG2 微调请求]
{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%system32mshtml.dll, (Signed) N/A>
[]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Zyzzyva]
{30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, >
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110}
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555}
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844}
[SkyDrive.Plugin.1]
{4990272A-0655-4D80-90A7-C18D0FF7A4A9}
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%system32shdocvw.dll, (Signed) N/A>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851}
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4}
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2}
[]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
{7B434A2A-9E4C-48F2-8373-5801F316A4D5} <, >
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3}
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}
[TTPlayer ActiveX Control]
{89AE5F82-410A-4040-9387-68D1144EFD03}
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890}
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}
[]
{A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} <, >
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79}
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD}
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%system32shdocvw.dll, (Signed) N/A>
[]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[QQCertCtrl Class]
{BAEA0695-03A4-43BB-8495-C7025E1A8F42}
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77}
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F}
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127}
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23}
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8}
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF}
[]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F}
[&U使用米人下载并收藏]

[使用电驴下载]

[使用迅雷下载]

[使用迅雷下载全部链接]

[导出到 Microsoft Office Excel(&X)]

[添加到QQ表情]


==================================
正在运行的进程
[PID: 1184 / SYSTEM][SystemRootSystem32smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1232 / SYSTEM][??C:WINDOWSsystem32csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1256 / SYSTEM][??C:WINDOWSsystem32winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:WINDOWSsystem32sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSsystem32klogon.dll] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1304 / SYSTEM][C:WINDOWSsystem32services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1316 / SYSTEM][C:WINDOWSsystem32lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1488 / SYSTEM][C:WINDOWSsystem32nvsvc32.exe] [NVIDIA Corporation, 4.00.1381.9562]
[C:WINDOWSsystem32nvapi.dll] [NVIDIA Corporation, 6.14.11.9562]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1528 / SYSTEM][C:WINDOWSsystem32svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1584 / NETWORK SERVICE][C:WINDOWSsystem32svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1724 / SYSTEM][C:WINDOWSSystem32svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSSystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:windowssystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSSystem32sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1832 / NETWORK SERVICE][C:WINDOWSsystem32svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:windowssystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1868 / LOCAL SERVICE][C:WINDOWSsystem32svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2044 / SYSTEM][C:WINDOWSsystem32spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:WINDOWSSystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 340 / Administrator][C:WINDOWSExplorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:Program FilesFreeLaunchBarflb.dll] [TrueSoft, 1.0.0.0]
[C:WINDOWSsystem32shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:WINDOWSsystem32MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:Program FilesThunder NetworkThunderComDllsxunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:Documents and SettingsAll UsersApplication DataThunder NetworkThunder_F18010E7-0840-4352-86E9-05B2224D8217_ComponentsResWorkerDsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:Documents and SettingsAll UsersApplication DataThunder NetworkThunder_F18010E7-0840-4352-86E9-05B2224D8217_ComponentsResWorkerDataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prloader.dll] [Kaspersky Lab, 9.0.0.459]
[PID: 872 / Administrator][C:WINDOWSsystem32ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1708 / SYSTEM][C:WINDOWSHelptoursmmtoursvohost.exe] [N/A, ]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1720 / Administrator][D:Program FilesTencentQQBinQQ.exe] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinCommon.dll] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSWinSxSx86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fdATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[D:Program FilesTencentQQBinKernelUtil.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinGF.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinxGraphic32.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinAppUtil.dll] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:Program FilesTencentQQBinMainFrame.dll] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSsystem32MacromedFlashFlash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[D:Program FilesTencentQQBinIM.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinTaskTray.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinTXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.QQShowBinFlashAvatarDll.dll] [Tencent, 1.26.1.26]
[D:Program FilesTencentQQBinKernelMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinAppMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinAppCtrl.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinChatFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinConfigCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinCustomFace.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinLongCnn.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinContactInfoFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinMsgMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinSkinMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinQInterLive.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinSystemMsg.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.PaiPaiBinPaiPai.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.AudioVideoBinAudioVideo.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.MMOGBinMMOG.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.SosoBinSoso.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.QzoneBinQzone.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.WeatherBinWeather.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.SoBarBinSoBar.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.PaiPaiGiftBinPaiPaiGift.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.QQLiveBinQQLive.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.QQMusicBinQQMusic.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPluginCom.Tencent.taotaoBinTaotao.dll] [Tencent, 1, 40, 1390, 0]
[C:Program FilesCommon FilesTencentTXSSOBinSSOPlatform.dll] [Tencent, 1.2.0.22]
[C:Program FilesCommon FilesTencentTXSSOBinSSOCommon.DLL] [Tencent, 1.2.0.3]
[D:Program FilesTencentQQBinBasicCtrlDll.dll] [TENCENT, 8,0,773,1801]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32msdmo.dll] [, ]
[D:Program FilesTencentQQBinGroupApp.dll] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSsystem32shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:Program FilesTencentQQPlugincom.tencent.snsappBinSNSApp.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.paycenterBinPayCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qbarBinQBar.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqvipmiscBinQQVipMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.wenwenBinWenWen.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.netbarBinNetBar.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.wirelessBinWireless.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqshowBinQQShow.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.crmBinCRM.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.vasBinVAS.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQBinInformationBox.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqgameBinQQGame.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqpetBinQQPet.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.mailBinMail.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqvipBinQQVip.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.memoBinMemo.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.filetransferBinFileTransfer.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqringBinQQRing.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.advertisementBinAdvertisement.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.todayBinToday.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.qqwebsiteBinQQWebsite.dll] [Tencent, 1, 40, 1390, 0]
[D:Program FilesTencentQQPlugincom.tencent.gamelifeBinGameLife.dll] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSsystem32jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32SOGOUPY.IME] [Sogou.com Inc., 4.2.0.2654]
[C:Program FilesSogouInput4.2.0.2654Resource.dll] [Sogou.com Inc., 4.2.0.2654]
[D:Program FilesTencentQQBinAddrSearch.dll] [Tencent, 2, 3, 12, 11]
[PID: 1004 / SYSTEM][C:WINDOWSsystem32VVisit.exe] [西安智鑫软件开发公司, 1.9.0.9]
[C:WINDOWSsystem32SkinFeature.dll] [SkinFeature.Ltd, 1, 3, 0, 0]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1960 / SYSTEM][C:WINDOWSsystem32browserpxyprivoxy.exe] [The Privoxy team - www.privoxy.org, 3.0.15]
[C:WINDOWSsystem32browserpxymgwz.dll] [N/A, ]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1660 / Administrator][D:Program FilesTencentQQBinTXPlatform.exe] [Tencent, 1, 40, 1390, 0]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:Program FilesTencentQQBinTXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[PID: 2572 / SYSTEM][C:WINDOWSsystem32browserfirefox.exe] [Mozilla Corporation, 1.9.1.3]
[C:WINDOWSsystem32browserxul.dll] [Mozilla Foundation, 1.9.1.3]
[C:WINDOWSsystem32browsersqlite3.dll] [sqlite.org, 3.6.10]
[C:WINDOWSsystem32browserjs3250.dll] [Netscape Communications Corporation, 4.0]
[C:WINDOWSsystem32browsernspr4.dll] [Mozilla Foundation, 4.8]
[C:WINDOWSsystem32browsersmime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browsernss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browsernssutil3.dll] [Mozilla Foundation, 3.12.3.1]
[C:WINDOWSsystem32browserplc4.dll] [Mozilla Foundation, 4.8]
[C:WINDOWSsystem32browserplds4.dll] [Mozilla Foundation, 4.8]
[C:WINDOWSsystem32browserssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browserxpcom.dll] [Mozilla Foundation, 1.9.1.3]
[C:WINDOWSsystem32uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32browsersoftokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browsernssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browserfreebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:WINDOWSsystem32browsernssckbi.dll] [Mozilla Foundation, 1.75]
[PID: 3732 / Administrator][C:Documents and SettingsAdministratorLocal SettingsTempRar$EX00.438QQ伴侣.exe] [, 2.05.0004]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32VSListview.ocx] [Mndsoft Studio, 0.00.0009]
[C:WINDOWSsystem32shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32msjetoledb40.dll] [, ]
[C:WINDOWSsystem32expsrv.dll] [Microsoft Corporation, 6.1.9774]
[C:WINDOWSsystem32MacromedFlashFlash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[PID: 448 / Administrator][C:Program FilesInternet ExplorerIEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:Program FilesThunder NetworkThunderComDllsTDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:WINDOWSsystem32MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:WINDOWSsystem32MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:Program FileseasyMulemodulesIE2EM.dll] [VeryCD.com, 1.0.0.1]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010ievkbd.dll] [Kaspersky Lab, 9.0.0.459]
[d:Program FilesThunder NetworkThunderComDllsxunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:Documents and SettingsAll UsersApplication DataThunder NetworkThunder_F18010E7-0840-4352-86E9-05B2224D8217_ComponentsResWorkerDsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:Documents and SettingsAll UsersApplication DataThunder NetworkThunder_F18010E7-0840-4352-86E9-05B2224D8217_ComponentsResWorkerDataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbbho.dll] [Kaspersky Lab, 9.0.0.464]
[C:WINDOWSsystem32shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtblc.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010kltbar.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010winreg.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010propmap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010nfio.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010filemap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtbcl.dll] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32MacromedFlashFlash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[C:WINDOWSsystem32vbscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:WINDOWSsystem32msdmo.dll] [, ]
[C:Program FilesCommon FilesThunder NetworkKanKanRealMediaSplitter.1.0.2.5.(43).ax] [Gabest, 1, 0, 2, 5]
[PID: 1140 / Administrator][C:Program FilesKaspersky LabKaspersky Anti-Virus 2010klwtblfs.exe] [Kaspersky Lab, 9.0.0.459]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1520 / Administrator][D:Program FilessrengSREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1924 / Administrator][D:Program FilessrengSREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:WINDOWSsystem32UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:WINDOWSsystem32sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[D:Program FilessrengUpload3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:WINDOWSSystem32mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:WINDOWSsystem32DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

==================================
文件关联
.TXT Error. [C:WINDOWSnotepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%System32winhlp32.exe %1]
.INI Error. [C:WINDOWSSystem32NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%System32NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%System32WScript.exe "%1" %*]
.JS OK. [%SystemRoot%System32WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] SEQPACKET 3
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] DATAGRAM 3
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] SEQPACKET 0
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] DATAGRAM 0
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] SEQPACKET 4
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] DATAGRAM 4
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] SEQPACKET 5
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [DeviceNetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] DATAGRAM 5
C:WINDOWSsystem32mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1708, C:WINDOWSHELPTOURSMMTOURSVOHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1004, C:WINDOWSSYSTEM32VVISIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1960, C:WINDOWSSYSTEM32BROWSERPXYPRIVOXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2572, C:WINDOWSSYSTEM32BROWSERFIREFOX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3732, C:DOCUMENTS AND SETTINGSADMINISTRATORLOCAL SETTINGSTEMPRAR$EX00.438QQ伴侣.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB943649, Outlook 2003 更新 (KB943649)
KB945185, Office 2003 安全更新 (KB945185) MS08-013
KB907417, Office 2003 更新 (KB907417)
KB943973, Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB925850, Windows Media Player 11
KB950213, Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB953432, Microsoft Office Outlook 2003 更新 (KB953432)
KB902344, 启用了 WMDRM 的 Media Player 更新程序 (KB902344)
KB921598, Microsoft Office 2003 安全更新 (KB921598) MS08-044
KB955439, Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB949810, Office 正版增值计划通知 (KB949810)-CHS
KB951535, Microsoft Office 2003 安全更新 (KB951535) MS08-069
KB905474, Windows Genuine Advantage 通知 (KB905474)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB973924, Microsoft Visual C++ 2008 Redistributable Package 的安全更新 (KB973924) MS09-035
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB971961, 用于 Windows XP 的 Jscript 5.7 的安全更新程序 (KB971961) MS09-045
KB971961, Windows Live 软件包
KB974554, Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB972580, Microsoft Office 2003 安全更新 (KB972580) MS09-062
KB973705, Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB976098, Windows XP 更新程序 (KB976098)
KB931125, 根证书更新 [2009 年 11 月] (KB931125)
KB970430, Windows XP 更新程序 (KB970430)
KB971737, Windows XP 更新程序 (KB971737)
KB955759, Windows XP 更新程序 (KB955759)
KB977840, Outlook 2003 垃圾邮件筛选器更新 (KB977840)
KB978551, Microsoft Office 2003 更新 (KB978551)
KB973688, Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688)
KB971513, Windows XP 更新程序 (KB971513)
KB890830, Windows 恶意软件删除工具 - 2010 年 1 月 (KB890830)
KB979202, Microsoft Silverlight 更新 (KB979202)
KB978207, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB978207) MS10-002

==================================
API HOOK
N/A

==================================
隐藏进程
[565] C:Program FilesKaspersky LabKaspersky Anti-Virus 2010avp.exe

==================================



5楼评论者:不使惹尘埃 于 2010-01-31 03:06 评论道:

将这个文件上传上来看看,觉得路径不太对
c:\windows\help\tours\mmtour\svohost.exe
日志里未见firefox.exe和VVist.exe进程

[ 本帖最后由 不使惹尘埃 于 2010-1-31 11:10 编辑 ]

6楼评论者:lg560852 于 2010-01-31 04:45 评论道:

先将该文件C:\WINDOWS\system32\msjetoledb40.dll上传到www.virustotal.com上检测,如果有问题,去找dll网找到正常的该文件,下载替换


用XDELBOX删除下列文件:
C:\WINDOWS\Help\tours\mmtour\svohost.exe
C:\WINDOWS\system32\VVisit.exe
C:\WINDOWS\system32\browser\pxy\mgwz.dll
C:\WINDOWS\system32\browser\pxy\privoxy.exe
C:\WINDOWS\system32\browser\firefox.exe

重启删除后,用SRENG
删除服务:
[ServiceSafe1 / ServiceSafe1][Running/Auto Start]

删除驱动:
[msspac / msspac][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msspac.sys>

最后下载arswp清理一下系统。

7楼评论者:wolaiye238 于 2010-01-31 10:33 评论道:

xdelbox删不了啊

8楼评论者:whzl123 于 2010-01-31 10:54 评论道:

用这个吧

附件: 
费尔木马强力清除助手修改版(7[1].16).rar
2010/1/31 10:54, 158.77 KB, 下载次数: 17

9楼评论者:wolaiye238 于 2010-01-31 15:02 评论道:

已经删除了 谢谢大家

页码 1/1 首页 上一页 1 下一页 末页