各位大哥大姐帮小弟看下是怎么回事。。。！（附日记） bbs.ikaka.com

肥肥阿 - 2010-9-15 12:16:00

[CODE]

2010-09-15,12:09:39

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<PPS Accelerator><E:\pps\ppsap.exe> [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"> [(Verified)Google Inc]
<360sd><"C:\Program Files\360\360sd\360sd.exe" /autorun> [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [(Verified)Tencent Technology(Shenzhen) Company Limited]
<KAV><C:\WINDOWS\system32\kav.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.5; TencentTraveler 4.0)

肥肥阿 - 2010-9-15 12:17:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360delays.exe]
<IFEO[360delays.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360realpro.exe]
<IFEO[360realpro.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe]
<IFEO[360rp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
<IFEO[360safe.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safebox.exe]
<IFEO[360Safebox.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe]
<IFEO[360sd.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe]
<IFEO[360SoftMgrSvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alg.exe]
<IFEO[alg.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiarp.exe]
<IFEO[antiarp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
<IFEO[bdagent.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
<IFEO[ccapp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
<IFEO[CCenter.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe]
<IFEO[ccEvtMgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe]
<IFEO[ccSetMgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe]
<IFEO[defwatch.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrUpdate.exe]
<IFEO[DrUpdate.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe]
<IFEO[DSMain.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
<IFEO[ekrn.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\engineserver.exe]
<IFEO[engineserver.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrameworkService.exe]
<IFEO[FrameworkService.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KABackReport.exe]
<IFEO[KABackReport.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
<IFEO[kaccore.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavStart.exe]
<IFEO[KavStart.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISSvc.exe]
<IFEO[KISSvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
<IFEO[kmailmon.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
<IFEO[KPfwSvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kppserv.exe]
<IFEO[kppserv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPTray.exe]
<IFEO[KPPTray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe]
<IFEO[KSafeSvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe]
<IFEO[KSafeTray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe]
<IFEO[KSWebShield.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe]
<IFEO[kwstray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe]
<IFEO[kxedefend.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.exe]
<IFEO[kxesapp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe]
<IFEO[kxescore.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe]
<IFEO[kxeserv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe]
<IFEO[kxetray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
<IFEO[livesrv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LiveUpdate360.exe]
<IFEO[LiveUpdate360.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
<IFEO[mcagent.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinsupd.exe]
<IFEO[mcinsupd.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe]
<IFEO[mcmscsvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe]
<IFEO[mcnasvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
<IFEO[McProxy.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe]
<IFEO[mcshell.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
<IFEO[mcshield.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
<IFEO[mcsysmon.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McTray.exe]
<IFEO[McTray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe]
<IFEO[mcupdmgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe]
<IFEO[mfeann.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe]
<IFEO[mfevtps.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
<IFEO[MpfSrv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe]
<IFEO[MPMon.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe]
<IFEO[MPSVC.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe]
<IFEO[MPSVC1.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe]
<IFEO[MPSVC2.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe]
<IFEO[naPrdMgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbmanti.exe]
<IFEO[nbmanti.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
<IFEO[QQDoctor.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe]
<IFEO[QQDoctorRtp.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDrNetMon.exe]
<IFEO[QQDrNetMon.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe]
<IFEO[qutmserv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]

肥肥阿 - 2010-9-15 12:17:00

<IFEO[Rav.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
<IFEO[RavMon.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
<IFEO[RavMonD.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
<IFEO[RavStub.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
<IFEO[RavTask.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegGuide.exe]
<IFEO[RegGuide.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
<IFEO[RsAgent.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
<IFEO[rsnetsvr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
<IFEO[rssafety.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe]
<IFEO[RsTray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe]
<IFEO[rtvscan.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
<IFEO[safeboxTray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe]
<IFEO[ScanFrm.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe]
<IFEO[SHSTAT.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udaterui.exe]
<IFEO[udaterui.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uplive.exe]
<IFEO[Uplive.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe]
<IFEO[upsvc.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
<IFEO[vptray.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
<IFEO[vsserv.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
<IFEO[vstskmgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
<IFEO[xcommsvr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XsClient.exe]
<IFEO[XsClient.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe]
<IFEO[zhudongfangyu.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\qq\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Google 更新服务 (gupdate) / gupdate][Stopped/Auto Start]
<"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Software Updater / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[HID Input Service / HidServ][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ICBC Daemon Service / ICBC Daemon Service][Stopped/Auto Start]
<E:\QQPinyin\IcbcDaemon.exe><N/A>
[Microsoft .NET Framework v4.2.58373_x86 / MnetFream][Stopped/Auto Start]
<C:\WINDOWS\system32\mrinet.exe><Beijing Rising Information Technology Co., Ltd.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[360 杀毒全盘扫描辅助服务 / scan][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k bdx-->C:\Program Files\360\360sd\Scan.dll><S.C. BitDefender S.R.L>
[Tencent Software Update Service / TSUSVC][Stopped/Auto Start]
<"C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe" -run><Tencent>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Driver for ApsX85 Device / ApsX85][Running/Manual Start]
<system32\DRIVERS\ApsX85.sys><Lenovo.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BAPIDRV / BAPIDRV][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS><360.cn>
[bdfsfltr / bdfsfltr][Running/System Start]
<system32\DRIVERS\bdfsfltr.sys><BitDefender S.R.L. Bucharest, ROMANIA>
[VIA Rhine-Family Fast-Ethernet Adapter Driver Service / FET5X86V][Running/Manual Start]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViBus / ViBus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[DogKiller / DogKiller][Running/System Start]
<2 - 系统找不到指定的文件。
><N/A>

肥肥阿 - 2010-9-15 12:17:00

==================================
浏览器加载项
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\baidu32.dll, Microsoft Corporation>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) ShenZhen Thunder Networking Technologies,LTD>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[百度一下]
{D943E3D8-B612-4F92-A0B6-992EA997B7B3} <http://www.baidu.com/index.php?tn=sayh_1_dg, N/A>
[QQ工具栏]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT>
[Google Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, N/A>
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\InputControl.dll, (Signed) >
[GDGetVer Class]
{7CCE07A5-A590-4554-B5C3-082840D7012E} <C:\WINDOWS\DOWNLO~1\ICBC_G~1.DLL, (Signed) >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\Downloaded Program Files\SubmitControl.dll, (Signed) >
[InfoSecICBCNetSign Class]
{B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <E:\qq\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\QQPhotoDrawEx.dll, (Signed) Tencent>
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Google Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, N/A>
[QQ工具栏]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[QQPYChecker Class]
{5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <E:\QQPinyin\3.2.805.201\QQImeChecker.dll, (Signed) Tencent>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\pps\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, ShenZhen Thunder Networking Technologies,LTD>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5810.141.(257).dll, (Signed) ShenZhen Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, N/A>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\Documents and Settings\Administrator\Application Data\CCTV\tv\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd>
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5810.141.(257).dll, (Signed) ShenZhen Thunder Networking Technologies,LTD>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll, (Signed) Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{B84FBAEF-9539-4244-B096-D6EC142B464D} <, >
[ICBC Anti-Phishing class]
{BB4491A2-D11A-4C6B-91C0-B53246A3122B} <E:\QQPinyin\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\ADMINI~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) CCTV.COM>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[IEHlprObj Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\system32\baidu32.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
{D943E3D8-B612-4F92-A0B6-992EA997B7B3} <, >
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\传美QQ\qq2009\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.58110.250.(258).dll, ShenZhen Thunder Networking Technologies,LTD>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Google 边栏评注...]
<res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html, N/A>
[使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

肥肥阿 - 2010-9-15 12:18:00

==================================
正在运行的进程
[PID: 612 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\2010915114042.dll] [N/A, ]
[PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[C:\WINDOWS\system32\2010915114042.dll] [N/A, ]
[PID: 1212 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1488 / Administrator][C:\WINDOWS\system32\userinit.exe] [(Infected) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\2010915114042.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]
[PID: 1568 / Administrator][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\58531m13.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\baidu32.dll] [Microsoft Corporation, 5.1.2600.2622]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\360\360sd\MenuEx.dll] [360.cn, 1, 1, 0, 1080]
[E:\快播\QvodBand.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
[PID: 1600 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1880 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 1888 / Administrator][C:\WINDOWS\system32\kav.exe] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\progra~1\ATI\ApsX85.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavaa.idx] [N/A, ]
[PID: 1900 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 1908 / Administrator][E:\pps\ppsap.exe] [PPStream Inc, 1, 0, 11, 296]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[E:\pps\Vodnet.dll] [PPStream Inc., 1, 0, 11, 332]
[E:\pps\Vodres.dll] [PPStream Inc., 1, 0, 11, 332]
[E:\pps\fds.dll] [PPStream Inc., 1, 0, 0, 105]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]
[PID: 1936 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 4, 1, 509, 1944]
[C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\gtn.dll] [Google Inc., 5, 5, 5126, 1836]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll] [Google Inc., 5, 5, 5126, 1836]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 228 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15]
[C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\2010915114042.dll] [N/A, ]
[PID: 652 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7189]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7189]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\2010915114042.dll] [N/A, ]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]
[PID: 1228 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1736 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 2860 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\baidu32.dll] [Microsoft Corporation, 5.1.2600.2622]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]
[PID: 1744 / Administrator][D:\qq\bin\TTraveler.exe] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTUtilWidget.dll] [Tencent, 4, 8, 0, 760]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[D:\qq\bin\PlatformWidget.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTMainFrame.dll] [Tencent, 4, 8, 0, 760]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[D:\qq\bin\TTMBrowser.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTabMgr.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTStore.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTSkin.dll] [Tencent, 4, 8, 0, 760]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[D:\qq\bin\TTFilter.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\TTNetwork.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\bin\sqlite3.dll] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[D:\qq\bin\TTPluginMng.dll] [Tencent, 4, 8, 0, 760]
[D:\qq\Plugins\3TTWeather\TTWeather.dll] [Tencent, 1.0.0.1]
[D:\qq\bin\FavoriteLogical.dll] [Tencent, 4, 8, 0, 760]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[PID: 868 / Administrator][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [ShenZhen Thunder Networking Technologies,LTD, 5.8.12.689]
[d:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[d:\Program Files\Thunder Network\Thunder\Program\HookEx.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[d:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 3, 10, 74]
[d:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 2, 333]
[d:\Program Files\Thunder Network\Thunder\Program\mp.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 3, 2, 32]
[d:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[d:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[d:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 1, 13]
[d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 12, 30]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]

肥肥阿 - 2010-9-15 12:18:00

[d:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 27]
[d:\Program Files\Thunder Network\Thunder\Program\zlib1.dll] [, 1.2.3]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[d:\Program Files\Thunder Network\Thunder\Program\p2sp.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 59]
[d:\Program Files\Thunder Network\Thunder\Program\fs.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 17]
[d:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 44]
[d:\Program Files\Thunder Network\Thunder\Program\ptl.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 2, 2, 55]
[d:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 1, 2, 4]
[d:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[d:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [N/A, ]
[d:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,13]
[d:\Program Files\Thunder Network\Thunder\Program\p2p.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,48]
[d:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [ShenZhen Thunder Networking Technologies,LTD, 4, 0, 2, 27]
[d:\Program Files\Thunder Network\Thunder\Program\stream.dll] [ShenZhen Thunder Networking Technologies,LTD, 2, 1, 2, 1039]
[d:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,18]
[d:\Program Files\Thunder Network\Thunder\Program\al.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,31]
[d:\Program Files\Thunder Network\Thunder\Program\media_data.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[d:\Program Files\Thunder Network\Thunder\Program\sl.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.2.2]
[d:\Program Files\Thunder Network\Thunder\Program\p2sp_pd.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[d:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 16]
[d:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [ShenZhen Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[d:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Thunder Network\Thunder\Program\xldcsubtask.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[d:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 18]
[d:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 4, 26]
[d:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[d:\Program Files\Thunder Network\Thunder\Program\bd.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 20]
[d:\Program Files\Thunder Network\Thunder\Program\emule_id.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 12]
[PID: 2632 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.406\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 3564 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.406\SRE23035940.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e752t23.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.406\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\2010915115434.dll] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\2010915115434.dll(, N/A)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\2010915115434.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 dl.youbak.com
127.0.0.1 update.9384.com
127.0.0.1 recommend-zip.kuwo.cn
127.0.0.1 down.koowo.com
127.0.0.1 242375.4440.info
127.0.0.1 202421.4440.info
127.0.0.1 go.90b8.com
127.0.0.1 cq.wwdnsdns.com
127.0.0.1 vv.vv49.com
127.0.0.1 ak01.jf987.com
127.0.0.1 che.kutime.info
127.0.0.1 update.360safe.com
127.0.0.1 dl.360safe.com
127.0.0.1 qd.code.360.cn
127.0.0.1 stat.360safe.com
127.0.0.1 stat.sd.360.cn
127.0.0.1 msginfo.rising.com.cn
127.0.0.1 h.qup.f.360.cn
127.0.0.1 softm.update.360safe.com
127.0.0.1 boxinst.360safe.com
127.0.0.1 center.rising.com.cn
127.0.0.1 rsup10.rising.com.cn
127.0.0.1 register.rising.com.cn
127.0.0.1 d.360safe.com
127.0.0.2 cnzz.1075.info
127.0.0.2 msn.1075.info
127.0.0.1 AdWords.haoom.com
127.0.0.1 Visuals.haoom.com
127.0.0.1 VMwares.haoom.com
127.0.0.1 Studios.haoom.com
127.0.0.1 Manages.haoom.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 700, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1488, C:\WINDOWS\SYSTEM32\USERINIT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1488, C:\WINDOWS\SYSTEM32\USERINIT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1888, C:\WINDOWS\SYSTEM32\KAV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1888, C:\WINDOWS\SYSTEM32\KAV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 868, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 868, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]

==================================
计划任务
[已启用] GoogleUpdateTaskMachineUA.job
C:\Program Files\Google\Update\GoogleUpdate.exe
[已启用] GoogleUpdateTaskMachineCore.job
C:\Program Files\Google\Update\GoogleUpdate.exe
[已启用] SogouImeMgr.job
C:\PROGRA~1\SOGOUI~1\501~1.418\SGTool.exe

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛