每次登陆完11qq对战平台官方下载以后360体检就出现scrnsave.exe疑似木马
点击联系发帖人
时间:2014-11-04 12:54
很遗憾您无权浏览此版块,请返回论坛首页或登录其他账号(1)请先检查您的网络是否处于连接状态,能否正常上网。
(2)在登陆界面查看服务器选择是否正确,如果正确可能您所选择的登陆点比较繁忙,建议您更换为备用登陆点。
A:如果您拥有360账号,可以直接使用它登陆11对战平台了。请注意下面几点:
1、首次使用360账号登陆时会请您创建一个游戏昵称
2、建议您登陆成功后尽快创建平台通行证和完成防沉迷信息填写,保护您的账号。
3、360的账号密码管理需要您。
请先查询您的IP地址(查询IP:),如果是以255结尾,请您重新拨号上网。电脑突然变卡
荒草及膝牛羊死,乱石委地故交散。查看: 35274|回复: 4
请高手看看SRENG,怀疑中木马
该用户从未签到
[ 本帖最后由 马尔蒂尼 于
20:21 编辑 ]
本帖子中包含更多资源
才可以下载或查看,没有帐号? &
该用户从未签到
System Repair Engineer 2.7.0.1210
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & API HOOK
& & 隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &High Definition Audio Property Page Shortcut&&CHDAudPropShortcut.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &EnergyUtility&&C:\Program Files\Lenovo\EnergyCut\utilty.exe&&&[TODO: &Company name&]
& & &EnergyCut&&C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe&&&[]
& & &QkOnBtn&&C:\PROGRA~1\QBU\QkOnBtn.EXE&&&[Dritek System Inc.]
& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &nwiz&&nwiz.exe /install&&&[]
& &
&C:\WINDOWS\system32\WLTRAY.exe&&&[Broadcom Corporation]
& & &360Safebox&&&C:\Program Files\360Safebox\safeboxTray.exe& /r&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe&&&&[(Verified)Kaspersky Lab]
& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&&&[File is missing]
& & &360Safetray&&D:\Program Files\360safe\safemon\360tray.exe /start&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &TkBellExe&&&C:\Program Files\Common Files\Real\Update_OB\realsched.exe&&&-osboot&&&[(Verified)&RealNetworks, Inc.&]
& & &BsMnt&&C:\WINDOWS\BisonCam\BsMnt.exe&&&[]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&C:\WINDOWS\system32\webcheck.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}]
& &
&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer&&C:\WINDOWS\system32\ie4uinit.exe -BaseSettings&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install&&&[Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\WINDOWS\System32\logon.scr&&&[(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe&&&Autodesk&
[Kaspersky Internet Security / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe& -r&&Kaspersky Lab&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[HistorySvr / HistorySvr][Running/Auto Start]
&&&d:\kingview\HistorySvr.exe&&&
[isrd / isrd][Stopped/Manual Start]
&&&&c:\windows\system32\lenovo\isr\isrd.exe&&&lenovo&
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
&&&C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&
[SIMATIC IEPG Help Service / s7oiehsx][Running/Auto Start]
&&&C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe&&SIEMENS AG&
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
&&&&C:\Program Files\PC Connectivity Solution\ServiceLayer.exe&&&Nokia.&
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
&&&&C:\Program Files\Windows Live\installer\WLSetupSvc.exe&&&Microsoft Corporation&
[Broadcom Wireless LAN Tray Service / wltrysvc][Running/Auto Start]
&&&C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe&&N/A&
==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
&&&system32\DRIVERS\AcpiVpc.sys&&Lenovo Corporation&
[AliIde / AliIde][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aliide.sys&&N/A&
[Brother USB Still Image driver / BrScnUsb][Stopped/Manual Start]
&&&System32\Drivers\BrScnUsb.sys&
[Brother MFC Serial Port Interface WDM Driver / BrSerIf][Stopped/Manual Start]
&&&System32\Drivers\BrSerIf.sys&
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
&&&System32\Drivers\BrUsbSer.sys&
[Lenovo EasyCamera / Cam5603D][Running/Manual Start]
&&&System32\Drivers\BisonCam.sys&&Bison Electronics. Inc.&
[CmdIde / CmdIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\cmdide.sys&&CMD Technology, Inc.&
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
&&&system32\DRIVERS\DKbFltr.sys&&Dritek System Inc.&
[EtwoTouch USB Touchscreen Driver / ETTUSB][Stopped/Manual Start]
&&&system32\DRIVERS\ettusb.sys&&益图电子&
[USB Serial Converter Driver / FTDIBUS][Stopped/Manual Start]
&&&system32\drivers\ftdibus.sys&&FTDI Ltd.&
[USB Serial Port Driver / FTSER2K][Stopped/Manual Start]
&&&system32\drivers\ftser2k.sys&&FTDI Ltd.&
[Hardlock / Hardlock][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\hardlock.sys&&Aladdin Knowledge Systems Ltd.&
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
&&&system32\drivers\CHDAud.sys&&Conexant Systems Inc.&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[HOSTNT / HOSTNT][Stopped/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\hostnt.sys&&N/A&
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
&&&system32\DRIVERS\HSFHWAZL.sys&&Conexant Systems, Inc.&
[HSF_DPV / HSF_DPV][Running/Manual Start]
&&&system32\DRIVERS\HSF_DPV.sys&&Conexant Systems, Inc.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
&&&\SystemRoot\system32\drivers\klbg.sys&&Kaspersky Lab&
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
&&&system32\DRIVERS\klfltdev.sys&&Kaspersky Lab&
[Kaspersky Lab Driver / KLIF][Running/System Start]
&&&system32\DRIVERS\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[KVCom / KVCom][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\KVCom.sys&&asiacontrol&
[KVPORT / KVPORT][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\kvport.sys&&N/A&
[mdmxsdk / mdmxsdk][Running/Auto Start]
&&&system32\DRIVERS\mdmxsdk.sys&&Conexant&
[MegaIDE / MegaIDE][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\MegaIDE.sys&&LSI Logic Corporation.&
[MHDRV / MHDRV][Stopped/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\mhdrv.sys&&N/A&
[USB-USB Network Bridge Adapter / NIC2000][Stopped/Manual Start]
&&&system32\DRIVERS\NIC2000.sys&&N/A&
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
&&&system32\drivers\nmwcd.sys&&Nokia&
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
&&&system32\drivers\nmwcdc.sys&&Nokia&
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
&&&system32\drivers\nmwcdcj.sys&&Nokia&
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
&&&system32\drivers\nmwcdcm.sys&&Nokia&
[npkcrypt / npkcrypt][Stopped/Auto Start]
&&&\??\D:\Program Files\QQ2006\npkcrypt.sys&&N/A&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[OX16C95x Serial port driver / oxser][Stopped/System Start]
&&&system32\DRIVERS\oxser.sys&&OEM&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\Rockeynt.sys&&FeiTian Tech Co.,Ltd&
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
&&&system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&
[Siemens PC/PPI Cable / S7oppilx][Running/Manual Start]
&&&System32\Drivers\S7oppilx.sys&&SIEMENS AG&
[s7oppitx / s7oppitx][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\S7oppitx.sys&&SIEMENS AG&
[s7otranx / s7otranx][Running/Auto Start]
&&&\SystemRoot\System32\Drivers\s7otranx.sys&&SIEMENS AG&
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[Sentinel / Sentinel][Stopped/Auto Start]
&&&\SystemRoot\System32\Drivers\SENTINEL.SYS&&&
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
&&&system32\DRIVERS\ser2pl.sys&&Prolific Technology Inc.&
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
&&&system32\DRIVERS\smcirda.sys&&SMC&
[SIMATIC Industrial Ethernet (ISO) / SNTIE][Running/Auto Start]
&&&system32\DRIVERS\sntie.sys&&Siemens AG&
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
&&&system32\DRIVERS\SynTP.sys&&Synaptics, Inc.&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[tifm21 / tifm21][Running/Manual Start]
&&&system32\drivers\tifm21.sys&&Texas Instruments&
[Conexant Setup API / UIUSys][Stopped/Manual Start]
&&&system32\DRIVERS\UIUSYS.SYS&&N/A&
[USBSER34 / USBSER34][Stopped/Manual Start]
&&&System32\Drivers\USBSER34.SYS&&WCH&
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
&&&system32\DRIVERS\w39n51.sys&&Intel? Corporation&
[winachsf / winachsf][Running/Manual Start]
&&&system32\DRIVERS\HSF_CNXT.sys&&Conexant Systems, Inc.&
[WinDriver6 / WinDriver6][Running/Manual Start]
&&&system32\drivers\windrvr6.sys&&Jungo&
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
&&&system32\DRIVERS\yk51x86.sys&&Marvell&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A&
[RealPlayer Download and Record Plugin for Internet Explorer]
&&{-B461-4BC5-46192CA} &C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &d:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &d:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD&
[浩方对战平台]
&&{0A155D3C-68E2-4215-A47A-E800A446447A} &D:\Program Files\浩方对战平台\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司&
[Web 流量保护状态]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab&
[JUJU猫]
&&{AC1--75DFA92FB32F} &http://www.jujumao.net, N/A&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &, &
[163Uploader Control]
&&{-DC01-4E8F-BDE3-DCC7DBBAD6AE} &C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[Submit Class]
&&{A3CD7F74-93C9-4BC4-B892-CCDF} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[SoftDoctor Class]
&&{C2C-10B3B9A594} &C:\WINDOWS\system32\lenovo\isr\isr.dll, lenovo&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.&
[safeInput Class]
&&{ECCBA953-80E5-11D3-ADB811C5} &C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[]
&&{0A155D3C-68E2-4215-A47A-E800A446447A} &, &
[]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &, &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[RealPlayer Download and Record Plugin for Internet Explorer]
&&{-B461-4BC5-46192CA} &C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer&
[]
&&{C5--0819E2EAAC93} &, &
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab&
[WiFiOCX Control]
&&{5EE6BFED-B016-4FE4-16391} &C:\WINDOWS\system32\WiFiOCX.ocx, TODO: &广东亿迅科技有限公司&&
[]
&&{AC1--75DFA92FB32F} &, &
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD&
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, (Signed) Thunder Networking Technologies,LTD&
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[163Uploader Control]
&&{-DC01-4E8F-BDE3-DCC7DBBAD6AE} &C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司&
[360SafeLive]
&&{C--D416CB8059E3} &d:\Program Files\360safe\live.dll, (Signed) &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[XML DOM Document 4.0]
&&{88D969C0-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML HTTP 4.0]
&&{88D969C5-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML DOM 文档 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XML HTTP 5.0]
&&{88D969EA-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[Submit Class]
&&{A3CD7F74-93C9-4BC4-B892-CCDF} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[]
&&{ACA-11D3-9CD9-B} &, &
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.0).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.&
[]
&&{AE7CD045-E861-484F-EE161910} &, &
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &d:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[QQPlayerCtrl Class]
&&{CD4-43E6-AA90-8} &D:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[]
&&{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} &, &
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.&
[Microsoft Silverlight]
&&{DFEAF541-F3E1-4C24-ACAC-99CA} &C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)&&Microsoft Corporation&
[PlayerCtrl Class]
&&{E05BC2A3-9A46-4A32-80C9-023A473F5B23} &D:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技&
[]
&&{EBE-407F-BA67-AA16ADA5D0C5} &C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation&
[safeInput Class]
&&{ECCBA953-80E5-11D3-ADB811C5} &C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd&
[safeInput Class]
&&{ECCBA956-80E5-11D3-ADB811C9} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.9).dll, (Signed) Xunlei Networking Technologies,LTD&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[Free Threaded XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XSL Template 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[]
&&{FB5FD2-BB9E-00C04F795683} &, &
[使用迅雷下载]
&&&d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A&
[使用迅雷下载全部链接]
&&&d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
[添加到QQ表情]
&&&D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A&
[添加到卡巴斯基反广告]
&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A&
==================================
正在运行的进程
[PID: 1352][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1420][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1444][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 8.0.0.454]
& & [C:\WINDOWS\System32\BCMLogon.dll]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\System32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\System32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
[PID: 1488][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1500][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1664][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1764][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1960][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 288][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 680][C:\WINDOWS\System32\WLTRYSVC.EXE]&&[N/A, ]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
[PID: 724][C:\WINDOWS\System32\bcmwltry.exe]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\System32\bcm1xsup.dll]&&[N/A, ]
& & [C:\WINDOWS\System32\bcmwlpkt.dll]&&[CACE Technologies, 3, 1, 0, 27]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\System32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\atl71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\wltrynt.dll]&&[Broadcom Corporation, 4.10.47.0]
[PID: 968][C:\WINDOWS\system32\spoolsv.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\AdobePDF.dll]&&[Adobe Systems Incorporated., 6.0.000]
& & [D:\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]&&[, ]
[PID: 1400][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\AcSignIcon.dll]&&[Autodesk, 17.0.54.0]
& & [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]&&[Autodesk, 17.0.54.110]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 7.0.0.0]
& & [C:\WINDOWS\system32\nvcpl.dll]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\NVRSZHC.DLL]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\nvshell.dll]&&[, ]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
& & [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 120]
& & [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 20]
& & [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 16]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]&&[Kaspersky Lab, 8.0.0.454]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll]&&[Autodesk, Inc., 1.1.0.278]
& & [D:\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll]&&[Adobe Systems Inc., 1.0.0.]
& & [D:\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs]&&[Adobe Systems Inc., 1.0.0.]
[PID: 1900][C:\Program Files\Lenovo\EnergyCut\utilty.exe]&&[TODO: &Company name&, 1.0.0.1]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\Program Files\Lenovo\EnergyCut\kbdhook.dll]&&[N/A, ]
[PID: 1912][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]&&[N/A, ]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1944][C:\PROGRA~1\QBU\QkOnBtn.EXE]&&[Dritek System Inc., 1, 0, 0, 421]
& & [C:\PROGRA~1\QBU\ComFnUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\Wnd2File.dll]&&[Dritek System Inc., 3.00]
& & [C:\PROGRA~1\QBU\SzUPFUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\OSDUtl.dll]&&[Dritek System Inc., 1, 1, 1, 309]
& & [C:\PROGRA~1\QBU\RgnMaker.dll]&&[Dritek System Inc., 12.07.1999 ( VC60 )]
& & [C:\PROGRA~1\QBU\CDRomUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\MixerUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\LgKCUtl.dll]&&[Dritek System Inc., 2, 0, 1, 1]
& & [C:\PROGRA~1\QBU\MMDUtl.dll]&&[Dritek System Inc., 1, 2, 4, 4914]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\NvCpl.dll]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\NVRSZHC.DLL]&&[NVIDIA Corporation, 6.14.10.8415]
[PID: 236][C:\WINDOWS\system32\WLTRAY.exe]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\atl71.dll]&&[Microsoft Corporation, 7.10.3077.0]
[PID: 440][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]&&[RealNetworks, Inc., 0.1.0.4279]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 540][C:\WINDOWS\BisonCam\BsMnt.exe]&&[, 1, 0, 0, 1]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 592][C:\WINDOWS\system32\ctfmon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 640][d:\kingview\HistorySvr.exe]&&[, 65, 20, ]
& & [d:\kingview\King.dll]&&[, 65, 30, ]
& & [d:\kingview\nettransdll.dll]&&[, 65, 20, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 948][C:\WINDOWS\system32\nvsvc32.exe]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1028][C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe]&&[SIEMENS AG, V06.02.00.00_01.07.00.01 release]
[PID: 1244][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2588][C:\WINDOWS\System32\alg.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3848][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2624][D:\sreng2\SREngLdr.EXE]&&[Smallfrogs Studio, 2.7.0.1210]
[PID: 2908][D:\sreng2\SRE313744bc.EXE]&&[Smallfrogs Studio, 2.7.0.1210]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
& & [D:\sreng2\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&Error. [C:\WINDOWS\notepad.exe %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI&&Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 724, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1900, C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1912, C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1944, C:\PROGRA~1\QBU\QKONBTN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 236, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 540, C:\WINDOWS\BISONCAM\BSMNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2624, D:\SRENG2\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================复制代码
该用户从未签到
你怀疑的理由是什么?
日志无明显异常
该用户从未签到
前几天突然弹出一个窗口,写本地不能执行远程代码,怀疑成肉鸡了。。。
该用户从未签到
如是想对电脑体检,可自己清理一下IE临时文件夹,系统临时文件夹。然后运行杀软全盘扫描就可。}
(2)在登陆界面查看服务器选择是否正确,如果正确可能您所选择的登陆点比较繁忙,建议您更换为备用登陆点。
A:如果您拥有360账号,可以直接使用它登陆11对战平台了。请注意下面几点:
1、首次使用360账号登陆时会请您创建一个游戏昵称
2、建议您登陆成功后尽快创建平台通行证和完成防沉迷信息填写,保护您的账号。
3、360的账号密码管理需要您。
请先查询您的IP地址(查询IP:),如果是以255结尾,请您重新拨号上网。电脑突然变卡
荒草及膝牛羊死,乱石委地故交散。查看: 35274|回复: 4
请高手看看SRENG,怀疑中木马
该用户从未签到
[ 本帖最后由 马尔蒂尼 于
20:21 编辑 ]
本帖子中包含更多资源
才可以下载或查看,没有帐号? &
该用户从未签到
System Repair Engineer 2.7.0.1210
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & API HOOK
& & 隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &High Definition Audio Property Page Shortcut&&CHDAudPropShortcut.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &EnergyUtility&&C:\Program Files\Lenovo\EnergyCut\utilty.exe&&&[TODO: &Company name&]
& & &EnergyCut&&C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe&&&[]
& & &QkOnBtn&&C:\PROGRA~1\QBU\QkOnBtn.EXE&&&[Dritek System Inc.]
& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &nwiz&&nwiz.exe /install&&&[]
& &
&C:\WINDOWS\system32\WLTRAY.exe&&&[Broadcom Corporation]
& & &360Safebox&&&C:\Program Files\360Safebox\safeboxTray.exe& /r&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe&&&&[(Verified)Kaspersky Lab]
& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&&&[File is missing]
& & &360Safetray&&D:\Program Files\360safe\safemon\360tray.exe /start&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &TkBellExe&&&C:\Program Files\Common Files\Real\Update_OB\realsched.exe&&&-osboot&&&[(Verified)&RealNetworks, Inc.&]
& & &BsMnt&&C:\WINDOWS\BisonCam\BsMnt.exe&&&[]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&C:\WINDOWS\system32\webcheck.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}]
& &
&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer&&C:\WINDOWS\system32\ie4uinit.exe -BaseSettings&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install&&&[Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\WINDOWS\System32\logon.scr&&&[(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe&&&Autodesk&
[Kaspersky Internet Security / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe& -r&&Kaspersky Lab&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[HistorySvr / HistorySvr][Running/Auto Start]
&&&d:\kingview\HistorySvr.exe&&&
[isrd / isrd][Stopped/Manual Start]
&&&&c:\windows\system32\lenovo\isr\isrd.exe&&&lenovo&
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
&&&C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&
[SIMATIC IEPG Help Service / s7oiehsx][Running/Auto Start]
&&&C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe&&SIEMENS AG&
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
&&&&C:\Program Files\PC Connectivity Solution\ServiceLayer.exe&&&Nokia.&
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
&&&&C:\Program Files\Windows Live\installer\WLSetupSvc.exe&&&Microsoft Corporation&
[Broadcom Wireless LAN Tray Service / wltrysvc][Running/Auto Start]
&&&C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe&&N/A&
==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
&&&system32\DRIVERS\AcpiVpc.sys&&Lenovo Corporation&
[AliIde / AliIde][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aliide.sys&&N/A&
[Brother USB Still Image driver / BrScnUsb][Stopped/Manual Start]
&&&System32\Drivers\BrScnUsb.sys&
[Brother MFC Serial Port Interface WDM Driver / BrSerIf][Stopped/Manual Start]
&&&System32\Drivers\BrSerIf.sys&
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
&&&System32\Drivers\BrUsbSer.sys&
[Lenovo EasyCamera / Cam5603D][Running/Manual Start]
&&&System32\Drivers\BisonCam.sys&&Bison Electronics. Inc.&
[CmdIde / CmdIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\cmdide.sys&&CMD Technology, Inc.&
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
&&&system32\DRIVERS\DKbFltr.sys&&Dritek System Inc.&
[EtwoTouch USB Touchscreen Driver / ETTUSB][Stopped/Manual Start]
&&&system32\DRIVERS\ettusb.sys&&益图电子&
[USB Serial Converter Driver / FTDIBUS][Stopped/Manual Start]
&&&system32\drivers\ftdibus.sys&&FTDI Ltd.&
[USB Serial Port Driver / FTSER2K][Stopped/Manual Start]
&&&system32\drivers\ftser2k.sys&&FTDI Ltd.&
[Hardlock / Hardlock][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\hardlock.sys&&Aladdin Knowledge Systems Ltd.&
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
&&&system32\drivers\CHDAud.sys&&Conexant Systems Inc.&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[HOSTNT / HOSTNT][Stopped/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\hostnt.sys&&N/A&
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
&&&system32\DRIVERS\HSFHWAZL.sys&&Conexant Systems, Inc.&
[HSF_DPV / HSF_DPV][Running/Manual Start]
&&&system32\DRIVERS\HSF_DPV.sys&&Conexant Systems, Inc.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
&&&\SystemRoot\system32\drivers\klbg.sys&&Kaspersky Lab&
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
&&&system32\DRIVERS\klfltdev.sys&&Kaspersky Lab&
[Kaspersky Lab Driver / KLIF][Running/System Start]
&&&system32\DRIVERS\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[KVCom / KVCom][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\KVCom.sys&&asiacontrol&
[KVPORT / KVPORT][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\kvport.sys&&N/A&
[mdmxsdk / mdmxsdk][Running/Auto Start]
&&&system32\DRIVERS\mdmxsdk.sys&&Conexant&
[MegaIDE / MegaIDE][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\MegaIDE.sys&&LSI Logic Corporation.&
[MHDRV / MHDRV][Stopped/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\mhdrv.sys&&N/A&
[USB-USB Network Bridge Adapter / NIC2000][Stopped/Manual Start]
&&&system32\DRIVERS\NIC2000.sys&&N/A&
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
&&&system32\drivers\nmwcd.sys&&Nokia&
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
&&&system32\drivers\nmwcdc.sys&&Nokia&
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
&&&system32\drivers\nmwcdcj.sys&&Nokia&
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
&&&system32\drivers\nmwcdcm.sys&&Nokia&
[npkcrypt / npkcrypt][Stopped/Auto Start]
&&&\??\D:\Program Files\QQ2006\npkcrypt.sys&&N/A&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[OX16C95x Serial port driver / oxser][Stopped/System Start]
&&&system32\DRIVERS\oxser.sys&&OEM&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\Rockeynt.sys&&FeiTian Tech Co.,Ltd&
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
&&&system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&
[Siemens PC/PPI Cable / S7oppilx][Running/Manual Start]
&&&System32\Drivers\S7oppilx.sys&&SIEMENS AG&
[s7oppitx / s7oppitx][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\S7oppitx.sys&&SIEMENS AG&
[s7otranx / s7otranx][Running/Auto Start]
&&&\SystemRoot\System32\Drivers\s7otranx.sys&&SIEMENS AG&
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[Sentinel / Sentinel][Stopped/Auto Start]
&&&\SystemRoot\System32\Drivers\SENTINEL.SYS&&&
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
&&&system32\DRIVERS\ser2pl.sys&&Prolific Technology Inc.&
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
&&&system32\DRIVERS\smcirda.sys&&SMC&
[SIMATIC Industrial Ethernet (ISO) / SNTIE][Running/Auto Start]
&&&system32\DRIVERS\sntie.sys&&Siemens AG&
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
&&&system32\DRIVERS\SynTP.sys&&Synaptics, Inc.&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[tifm21 / tifm21][Running/Manual Start]
&&&system32\drivers\tifm21.sys&&Texas Instruments&
[Conexant Setup API / UIUSys][Stopped/Manual Start]
&&&system32\DRIVERS\UIUSYS.SYS&&N/A&
[USBSER34 / USBSER34][Stopped/Manual Start]
&&&System32\Drivers\USBSER34.SYS&&WCH&
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
&&&system32\DRIVERS\w39n51.sys&&Intel? Corporation&
[winachsf / winachsf][Running/Manual Start]
&&&system32\DRIVERS\HSF_CNXT.sys&&Conexant Systems, Inc.&
[WinDriver6 / WinDriver6][Running/Manual Start]
&&&system32\drivers\windrvr6.sys&&Jungo&
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
&&&system32\DRIVERS\yk51x86.sys&&Marvell&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A&
[RealPlayer Download and Record Plugin for Internet Explorer]
&&{-B461-4BC5-46192CA} &C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &d:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &d:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD&
[浩方对战平台]
&&{0A155D3C-68E2-4215-A47A-E800A446447A} &D:\Program Files\浩方对战平台\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司&
[Web 流量保护状态]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab&
[JUJU猫]
&&{AC1--75DFA92FB32F} &http://www.jujumao.net, N/A&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &, &
[163Uploader Control]
&&{-DC01-4E8F-BDE3-DCC7DBBAD6AE} &C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[Submit Class]
&&{A3CD7F74-93C9-4BC4-B892-CCDF} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[SoftDoctor Class]
&&{C2C-10B3B9A594} &C:\WINDOWS\system32\lenovo\isr\isr.dll, lenovo&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.&
[safeInput Class]
&&{ECCBA953-80E5-11D3-ADB811C5} &C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[]
&&{0A155D3C-68E2-4215-A47A-E800A446447A} &, &
[]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &, &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[RealPlayer Download and Record Plugin for Internet Explorer]
&&{-B461-4BC5-46192CA} &C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer&
[]
&&{C5--0819E2EAAC93} &, &
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[IEVkbdBHO Class]
&&{5D3-40F9-A1A8-6FA9CCA1862C} &C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab&
[WiFiOCX Control]
&&{5EE6BFED-B016-4FE4-16391} &C:\WINDOWS\system32\WiFiOCX.ocx, TODO: &广东亿迅科技有限公司&&
[]
&&{AC1--75DFA92FB32F} &, &
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD&
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, (Signed) Thunder Networking Technologies,LTD&
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[163Uploader Control]
&&{-DC01-4E8F-BDE3-DCC7DBBAD6AE} &C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司&
[360SafeLive]
&&{C--D416CB8059E3} &d:\Program Files\360safe\live.dll, (Signed) &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[XML DOM Document 4.0]
&&{88D969C0-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML HTTP 4.0]
&&{88D969C5-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML DOM 文档 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XML HTTP 5.0]
&&{88D969EA-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[Submit Class]
&&{A3CD7F74-93C9-4BC4-B892-CCDF} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[CBBrowerBuddy Class]
&&{A412E581-59B2-485E-834F-C5F0C0268C79} &d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.&
[]
&&{ACA-11D3-9CD9-B} &, &
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.0).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.&
[]
&&{AE7CD045-E861-484F-EE161910} &, &
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &d:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[QQPlayerCtrl Class]
&&{CD4-43E6-AA90-8} &D:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[]
&&{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} &, &
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.&
[Microsoft Silverlight]
&&{DFEAF541-F3E1-4C24-ACAC-99CA} &C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)&&Microsoft Corporation&
[PlayerCtrl Class]
&&{E05BC2A3-9A46-4A32-80C9-023A473F5B23} &D:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技&
[]
&&{EBE-407F-BA67-AA16ADA5D0C5} &C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation&
[safeInput Class]
&&{ECCBA953-80E5-11D3-ADB811C5} &C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd&
[safeInput Class]
&&{ECCBA956-80E5-11D3-ADB811C9} &C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd&
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.9).dll, (Signed) Xunlei Networking Technologies,LTD&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[Free Threaded XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XSL Template 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, (Signed) N/A&
[]
&&{FB5FD2-BB9E-00C04F795683} &, &
[使用迅雷下载]
&&&d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A&
[使用迅雷下载全部链接]
&&&d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
[添加到QQ表情]
&&&D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A&
[添加到卡巴斯基反广告]
&&&C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A&
==================================
正在运行的进程
[PID: 1352][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1420][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1444][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 8.0.0.454]
& & [C:\WINDOWS\System32\BCMLogon.dll]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\System32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\System32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
[PID: 1488][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1500][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1664][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1764][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1960][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 288][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 680][C:\WINDOWS\System32\WLTRYSVC.EXE]&&[N/A, ]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
[PID: 724][C:\WINDOWS\System32\bcmwltry.exe]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\System32\bcm1xsup.dll]&&[N/A, ]
& & [C:\WINDOWS\System32\bcmwlpkt.dll]&&[CACE Technologies, 3, 1, 0, 27]
& & [C:\WINDOWS\System32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\System32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\atl71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\System32\wltrynt.dll]&&[Broadcom Corporation, 4.10.47.0]
[PID: 968][C:\WINDOWS\system32\spoolsv.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\AdobePDF.dll]&&[Adobe Systems Incorporated., 6.0.000]
& & [D:\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]&&[, ]
[PID: 1400][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\AcSignIcon.dll]&&[Autodesk, 17.0.54.0]
& & [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]&&[Autodesk, 17.0.54.110]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 7.0.0.0]
& & [C:\WINDOWS\system32\nvcpl.dll]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\NVRSZHC.DLL]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\nvshell.dll]&&[, ]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
& & [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 120]
& & [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 20]
& & [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 16]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]&&[Kaspersky Lab, 8.0.0.454]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll]&&[Autodesk, Inc., 1.1.0.278]
& & [D:\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll]&&[Adobe Systems Inc., 1.0.0.]
& & [D:\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs]&&[Adobe Systems Inc., 1.0.0.]
[PID: 1900][C:\Program Files\Lenovo\EnergyCut\utilty.exe]&&[TODO: &Company name&, 1.0.0.1]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\Program Files\Lenovo\EnergyCut\kbdhook.dll]&&[N/A, ]
[PID: 1912][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]&&[N/A, ]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1944][C:\PROGRA~1\QBU\QkOnBtn.EXE]&&[Dritek System Inc., 1, 0, 0, 421]
& & [C:\PROGRA~1\QBU\ComFnUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\Wnd2File.dll]&&[Dritek System Inc., 3.00]
& & [C:\PROGRA~1\QBU\SzUPFUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\OSDUtl.dll]&&[Dritek System Inc., 1, 1, 1, 309]
& & [C:\PROGRA~1\QBU\RgnMaker.dll]&&[Dritek System Inc., 12.07.1999 ( VC60 )]
& & [C:\PROGRA~1\QBU\CDRomUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\MixerUtl.dll]&&[Dritek System Inc., 1.00]
& & [C:\PROGRA~1\QBU\LgKCUtl.dll]&&[Dritek System Inc., 2, 0, 1, 1]
& & [C:\PROGRA~1\QBU\MMDUtl.dll]&&[Dritek System Inc., 1, 2, 4, 4914]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\NvCpl.dll]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\NVRSZHC.DLL]&&[NVIDIA Corporation, 6.14.10.8415]
[PID: 236][C:\WINDOWS\system32\WLTRAY.exe]&&[Broadcom Corporation, 4.10.47.0]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\atl71.dll]&&[Microsoft Corporation, 7.10.3077.0]
[PID: 440][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]&&[RealNetworks, Inc., 0.1.0.4279]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 540][C:\WINDOWS\BisonCam\BsMnt.exe]&&[, 1, 0, 0, 1]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 592][C:\WINDOWS\system32\ctfmon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
[PID: 640][d:\kingview\HistorySvr.exe]&&[, 65, 20, ]
& & [d:\kingview\King.dll]&&[, 65, 30, ]
& & [d:\kingview\nettransdll.dll]&&[, 65, 20, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 948][C:\WINDOWS\system32\nvsvc32.exe]&&[NVIDIA Corporation, 6.14.10.8415]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1028][C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe]&&[SIEMENS AG, V06.02.00.00_01.07.00.01 release]
[PID: 1244][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2588][C:\WINDOWS\System32\alg.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3848][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2624][D:\sreng2\SREngLdr.EXE]&&[Smallfrogs Studio, 2.7.0.1210]
[PID: 2908][D:\sreng2\SRE313744bc.EXE]&&[Smallfrogs Studio, 2.7.0.1210]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [D:\Program Files\360safe\safemon\safemon.dll]&&[, 4, 2, 0, 1005]
& & [D:\sreng2\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&Error. [C:\WINDOWS\notepad.exe %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI&&Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 724, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1900, C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1912, C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1944, C:\PROGRA~1\QBU\QKONBTN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 236, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 540, C:\WINDOWS\BISONCAM\BSMNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2624, D:\SRENG2\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================复制代码
该用户从未签到
你怀疑的理由是什么?
日志无明显异常
该用户从未签到
前几天突然弹出一个窗口,写本地不能执行远程代码,怀疑成肉鸡了。。。
该用户从未签到
如是想对电脑体检,可自己清理一下IE临时文件夹,系统临时文件夹。然后运行杀软全盘扫描就可。}
我要回帖
更多推荐
- ·粪口新冠会通过粪便传播吗是什么意思_新型冠状病毒存在粪口新冠会通过粪便传播吗吗?
- ·灵芝有什么用处与功效的主要功效是什么?
- ·什么叫木酢贴是国家批准的吗砭贴?
- ·活性复合乳酸菌肠溶胶囊能长期服用吗粉吃了会有什么副作用吗?立适康吃了有副作用吗?
- ·这是什么啊,怎么治疗,买外阴白斑用什么药膏效果好吗?
- ·泰国试管婴儿费用的费用贵吗,整个过程大概要花多少钱呢
- ·腰椎间盘彭出吃什么缓解孕吐药可以缓解疼痛
- ·鲁花花生油油里有嘌呤吗?
- ·我住在昌平小汤山官牛坊路口,去北京协和医院看糖尿病怎么去?
- ·金扬沙复方羊角片颗粒和倍得芬布洛芬软胶囊可以一起吃吗
- ·鸡的症状------ 眼睛吉美广场舞水汪汪汪,便绿屎,啥病急急急急急急急急急急急急急急急急急急急急急急,十万火急
- ·我想了解一下一岁怀孕五个月月大的小男孩为什么腿脚老是发凉
- ·找不到山佳全自动煎药器的地方
- ·想要知道新农合报销范围能报销多少
- ·乳腺炎会引起肝脏点状钙化钙化吗?
- ·脑充血一个馒头引发的血案问题
- ·吃了紧急避孕药 怀孕了二十天不来月经,试纸测了没怀孕
- ·中梅毒有什么症状怎么办?
- ·健儿中药丸怎么吃吃了见血
- ·广州和谐医院治疗儿童自闭症的治疗方法效果好吗?有谁去过?
- ·每次登陆完11qq对战平台官方下载以后360体检就出现scrnsave.exe疑似木马
- ·舒夫达婴儿湿疹会自己好吗能用吗
- ·检查前列腺检查,卵磷脂小体一个加,其它正常需要治疗吗
- ·澳门赌网上赌<>场是什么意思呢,找不到唉
- ·鸡的症状------ 眼睛水汪汪广场舞,便绿屎,啥病,急急急急急急急急急急急急急急急急急急急急急急
- ·宫颈腔内查见大小月3.8*2.2cm的不均匀回声结节,边界尚清,cdfi上岗证考试报名其内见较多血流信号
- ·茶树精油什么牌子好哪个牌子好实惠?
- ·男银性欲强银戒指大了怎么办办?
- ·有胆囊炎有什么症状怎么办?
- ·我是女的却女性尿液很浑浊!
- ·太阳穴一边好痛怎么回事?
- ·有人说眼睛上面有痣克父亲,下面有痣克母亲,眼睛下鼻子旁边有痣克妻子,yy上面的兼职是真的吗吗
- ·向大家求助帮白血病吧病人寻求募捐怎么办
- ·中药调理月经不调调怎么调理呢?
- ·打溶脂针副作用对身体有影响吗? 会影响什么
- ·红豆衫红豆杉的果实能吃吗吗?
