查看: 1505|回复: 4
高手请进,急救
有个病毒win32.alman.b用卡巴杀了一次又一次,每次都7,80个文件中毒,可每次杀了完过几天再扫还是有,不知道是什么原因,急,好多软件文件中毒后删了软件就不能用了,请高手支教
回复 1楼 的帖子
用SREng扫个报告贴上来!
SREng置顶工具帖里有下载和使用方法
回复 2楼 的帖子
System Repair Engineer 2.5.16.900
Smallfrogs ()
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &EnergyCut&&C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe&&&[]
& & &igfxtray&&; C:\WINDOWS\system32\igfxtray.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &igfxhkcmd&&C:\WINDOWS\system32\hkcmd.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &igfxpers&&C:\WINDOWS\system32\igfxpers.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &Storm2Set&&C:\WINDOWS\system32\rundll32.exe &D:\baofeng\StormSet.dll&,CheckEnv&&&[(Verified)Beijing Baofeng Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
& & &UIHost&&logonui.exe&&&[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{57BA-48B2-BAE7-C6DBB3020EB8}&&D:\***G Anti-Spyware 7.5\shellexecutehook.dll&&&[(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &WPDShServiceObj&&C:\WINDOWS\system32\WPDShServiceObj.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
& & &WinlogonNotify: igfxcui&&igfxdev.dll&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
& & &WinlogonNotify: WgaLogon&&WgaLogon.dll&&&[(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &!***G Anti-Spyware&&; &D:\***G Anti-Spyware 7.5\avgas.exe& /minimized&&&[(Verified)GRISOFT LTD]
& & &360Safetray&&; D:\360weishi\safemon\360Tray.exe /start&&&[N/A]
& & &EzButton&&; C:\PROGRA~1\EzButton\EzButton.EXE&&&[Dritek System Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &MSMSGS&&; &C:\Program Files\Messenger\msmsgs.exe& /background&&&[(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &NeroFilterCheck&&; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe&&&[(Verified)Nero AG]
& & &Sony Ericsson PC Suite&&; &C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe& /startoptions&&&[Sony Ericsson Mobile Communications AB]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &UberIcon&&; &C:\WINDOWS\Vista\Spctool\UberIcon\UberIcon Manager.exe&&&&[]
& & &Vagaa&&; &D:\Vagaa\Vagaa.exe& -tray&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &WangWang&&; &D:\WangWang\WangWang.EXE&&&&[N/A]
& & &WebThunder&&; &&&[N/A]
==================================
启动文件夹
==================================
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe&&&Adobe Systems&
[Application Management / AppMgmt][Stopped/Manual Start]
&&&C:\WINDOWS\system32\svchost.exe -k netsvcs--&%SystemRoot%\System32\appmgmts.dll&&N/A&
[***G Anti-Spyware Guard / ***G Anti-Spyware Guard][Running/Auto Start]
&&&D:\***G Anti-Spyware 7.5\guard.exe&&GRISOFT s.r.o.&
[卡巴斯基反病毒6.0 / ***P][Running/Manual Start]
&&&&D:\Kaspersky Anti-Virus 6.0\avp.exe& -r&&Kaspersky Lab&
[Drcom Server / Drcom Server][Stopped/Auto Start]
&&&&C:\WINDOWS\MSDTC.EXE& /service&&N/A&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[Kerberos Key Distribution Centers / kkdc][Stopped/Auto Start]
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe&&&Nero AG&
==================================
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
&&&system32\DRIVERS\AcpiVpc.sys&&Lenovo Corporation&
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
&&&system32\drivers\ADIHdAud.sys&&Analog Devices, Inc.&
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
&&&system32\DRIVERS\AGRSM.sys&&Agere Systems&
[***G Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
&&&System32\DRIVERS\AvgAsCln.sys&&GRISOFT, s.r.o.&
[CMB8100 / CMB8100][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\Drivers\CertClient.dat&&N/A&
[CMBProtector / CMBProtector][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat&&N/A&
[Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start]
&&&System32\Drivers\DKbFltr.sys&&Dritek System Inc.&
[Dritek General Port I/O / DritekPortIO][Running/Auto Start]
&&&\??\C:\PROGRA~1\EzButton\DPortIO.sys&&Dritek System Inc.&
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
&&&system32\drivers\HdAudio.sys&&Windows (R) Server 2003 DDK provider&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[ialm / ialm][Running/Manual Start]
&&&system32\DRIVERS\ialmnt5.sys&&Intel Corporation&
[Sony Ericsson K510 Driver driver (WDM) / k510bus][Stopped/Manual Start]
&&&system32\DRIVERS\k510bus.sys&&MCCI&
[Sony Ericsson K510 USB WMC Modem Filter / k510mdfl][Stopped/Manual Start]
&&&system32\DRIVERS\k510mdfl.sys&&MCCI&
[Sony Ericsson K510 USB WMC Modem Driver / k510mdm][Stopped/Manual Start]
&&&system32\DRIVERS\k510mdm.sys&&MCCI&
[Sony Ericsson K510 USB WMC Device Management Drivers (WDM) / k510mgmt][Stopped/Manual Start]
&&&system32\DRIVERS\k510mgmt.sys&&MCCI&
[Sony Ericsson K510 USB WMC OBEX Interface / k510obex][Stopped/Manual Start]
&&&system32\DRIVERS\k510obex.sys&&MCCI&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[klif / klif][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\klif.sys&&Kaspersky Lab&
[npkcrypt / npkcrypt][Running/Auto Start]
&&&\??\D:\QQ\Tencent\QQ\npkcrypt.sys&&INCA Internet Co., Ltd.&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[rimmptsk / rimmptsk][Running/Manual Start]
&&&system32\DRIVERS\rimmptsk.sys&&REDC&
[rimsptsk / rimsptsk][Running/Manual Start]
&&&system32\DRIVERS\rimsptsk.sys&&REDC&
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
&&&system32\DRIVERS\Rtnicxp.sys&&Realtek Semiconductor Corporation&
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
&&&system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[sptd / sptd][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\sptd.sys&&N/A&
[TSP / TSP][Stopped/Manual Start]
&&&\??\C:\WINDOWS\system32\drivers\klif.sys&&Kaspersky Lab&
[vcs / vcs][Stopped/Auto Start]
&&&\??\D:\*** VCS 3.0\vcs.sys&&N/A&
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
&&&system32\DRIVERS\w39n51.sys&&Intel? Corporation&
==================================
浏览器加载项
[WebThunder Browser Helper]
&&{00000AAA-A363-466E-BEF5-9BB68697AA7F} &D:\WebThunder\WebThunderBHO_Now.dll, N/A&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[Thunder Browser Helper]
&&{B69F34DC-F0F9-42DC-9EDD-8D} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[NavigatMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &D:\360weishi\safemon\safemon.dll, &
[Web反病毒保护]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &D:\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab&
&&{AC1--75DFA92FB32F} &, N/A&
[启动Web迅雷]
&&{962EFB8E--AC74-AAA4C759B9C6} &, N/A&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation&
[PhotoDraw Class]
&&{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} &C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, &
[MofileUploadX Control]
&&{D40-4E7F-B95B-2E68D35668B9} &C:\WINDOWS\DOWNLO~1\MoUpload.ocx, &
[ADODB.Recordset]
&&{0-AA006D2EA4} &C:\Program Files\Common Files\System\ado\msado15.dll, Microsoft Corporation&
[WebThunder Browser Helper]
&&{00000AAA-A363-466E-BEF5-9BB68697AA7F} &D:\WebThunder\WebThunderBHO_Now.dll, N/A&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD&
[WebThunder Class]
&&{03507A1A-E0C5-4404-AA26-2D} &, N/A&
[Thunder Browser Helper]
&&{06849E9D-C8D7-4D59-B87D-784B7D6BE0B3} &D:\xunlei5\ComDlls\XunLeiBHO_006.dll, N/A&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated&
[Edit Class]
&&{0CA54D3F-CEAE-48AF-9A2B-3D} &C:\WINDOWS\system32\CMBEdit.dll, &
[PeerDraw Class]
&&{10072CEC-8CC1-11D1-986E-00A0C955B42E} &%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A&
&&{16B280C5-EE70-11D1-FD9189D} &C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation&
[ThunderServer.WebThunder]
&&{1DE5794D-B609-4A3E-9E40-22594D5BEAAC} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\Faker.dll, &
[iTrusPTA Class]
&&{1E0DFFCF-27FF-007349FEDA} &C:\WINDOWS\system32\aliedit\pta.dll, &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&
[PhotoDraw Class]
&&{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} &C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT&
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &%SystemRoot%\system32\msxml3.dll, N/A&
[DHTML Edit Control Safe for Scripting for IE5]
&&{2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation&
[Vod Class]
&&{2EEDA47E-8D5C-4d7e-B4B6-E16E} &D:\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, N/A&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, &
[HHCtrl Object]
&&{52A2AAAE-085D-4187-97EA-8C30DB990436} &C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation&
[PowerPlayer Control]
&&{5EC7C511-CD0F-42E6-830C-1BD} &C:\DOCUME~1\Owner\APPLIC~1\ppStream\200~1.381\POWERP~1.DLL, PPStream Inc.&
[InfoSecNetSign Class]
&&{62B938C4--8CF0-A92B0A91CC77} &C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[JetCar.Netscape]
&&{69C7BEA7-0A70-4291-81ED-405D19AEE270} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\Faker.dll, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[WangWangObj Class]
&&{6E213FC7-DD5A--D4CE} &D:\WangWang\WangWangX4.dll, N/A&
[MofileUploadX Control]
&&{D40-4E7F-B95B-2E68D35668B9} &C:\WINDOWS\DOWNLO~1\MoUpload.ocx, &
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\system32\INPUTC~1.DLL, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &D:\WebThunder\InMedia\MediaAddin13.dll, N/A&
[Microsoft Web Browser]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[XML DOM Document 4.0]
&&{88D969C0-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[Free Threaded XML DOM Document 4.0]
&&{88D969C1-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XSL Template 4.0]
&&{88D969C3-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML HTTP 4.0]
&&{88D969C5-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation&
[XML DOM 文档 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[Free Threaded XML DOM Document 5.0]
&&{88D969E6-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XSL Template 5.0]
&&{88D969E8-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[XML HTTP 5.0]
&&{88D969EA-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\system32\SUBMIT~1.DLL, &
[WebPlayer Control]
&&{90203FFD-EF7F-4059-BC56-369E4D6D3824} &D:\sai\VerySee\WEBPLA~1.OCX, N/A&
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, N/A&
[Messenger Object]
&&{BE-4B48-836C-BC} &C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation&
[Thunder Browser Helper]
&&{B69F34DC-F0F9-42DC-9EDD-8D} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD&
[NavigatMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &D:\360weishi\safemon\safemon.dll, &
[RDS.DataSpace]
&&{BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation&
[Tencent Safety Online Base Module]
&&{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} &C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation&
[QQPlayerSvr Proxy Control]
&&{CD4-43E6-AA90-8} &D:\QQ\Tencent\QQ\QQPlayerProxy.dll, Tencent&
[AUDIO__MID Moniker Class]
&&{CD3AFA74-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[AUDIO__W*** Moniker Class]
&&{CD3AFA7B-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__***I Moniker Class]
&&{CD3AFA88-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.&
[QQLive Class]
{D9EBCF5D-3F8F-4B6A-89BA-7} &D:\QQlive\LiveAPI.dll, Tencent&
[QuickTimeCheck Class]
&&{DE4AF3B0-F4D4-11D3-B41A-C21} &D:\baofeng\Codec\QTSystem\QTCheck.ocx, Apple Computer, Inc.&
[RevealTrans]
&&{E31E87C4-86EA-A-5BD5D179A737} &C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation&
[QQIEHelper.QQRightClick]
&&{EE4-47BC-A309-4CAD96A096E6} &D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\Faker.dll, &
[PasswordEditCtrl Class]
&&{E787FD25-8D7C-4693-AE67-DF} &D:\QQ\Tencent\QQ\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司&
[TimwpDll.TimwpCheck]
&&{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} &D:\QQ\Tencent\QQ\Timwp.dll, &
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &%SystemRoot%\system32\msxml3.dll, N/A&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, N/A&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &%SystemRoot%\system32\msxml3.dll, N/A&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, N/A&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &%SystemRoot%\system32\msxml3.dll, N/A&
[Messenger Application]
&&{FB7199AB-79BF-11D2-8D94-} &C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation&
[上传到QQ网络硬盘]
&&&199AB-79BF-11D2-8D94-}, N/A&
[使用Web迅雷下载]
[使用Web迅雷下载全部链接]
[使用迅雷下载]
&&&D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\getallurl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://D:\office\OFFICE11\EXCEL.EXE/3000, N/A&
[添加到QQ自定义面板]
[添加到QQ表情]
[用QQ彩信发送该图片]
&&&D:\QQ\Tencent\QQ\SendMMS.htm, N/A&
[用比特精灵下载(&B)]
&&&D:\BitSpirit\比特精灵(BitSpirit)_V3.2.2.215\bsurl.htm, N/A&
==================================
正在运行的进程
[PID: 752 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 812 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 840 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [C:\WINDOWS\system32\WgaLogon.dll]&&[Microsoft Corporation, 1.7.0018.5]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\WINDOWS\system32\igfxdev.dll]&&[Intel Corporation, 3.0.0.4497]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\AppPatch\AcAdProc.dll]&&[Microsoft Corporation, 5.1. (xpsp.7)]
[PID: 896 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1060 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1108 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1180 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\wups2.dll]&&[Microsoft Corporation, 7.0. (winmain(wmbla).0)]
[PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1352 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\mdimon.dll]&&[Microsoft Corporation, 11.3.2175.0]
& & [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]&&[Microsoft Corporation, 11.3.2175.0]
[PID: 1772 / SYSTEM][D:\***G Anti-Spyware 7.5\guard.exe]&&[GRISOFT s.r.o., 7, 5, 1, 22]
& & [D:\***G Anti-Spyware 7.5\engine.dll]&&[GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 232 / Owner][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\ieframe.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\WPDShServiceObj.dll]&&[Microsoft Corporation, 5.2. (WMP_11.6)]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\WINDOWS\system32\PortableDeviceTypes.dll]&&[Microsoft Corporation, 5.2. (WMP_11.6)]
& & [C:\WINDOWS\system32\PortableDeviceApi.dll]&&[Microsoft Corporation, 5.2. (WMP_11.6)]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
& & [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 7.0.0.0]
& & [C:\WINDOWS\system32\igfxpph.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxress.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\Vista\Rtback\ContextBG.dll]&&[Grigri, 1, 0, 0, 1]
& & [D:\***G Anti-Spyware 7.5\shellexecutehook.dll]&&[GRISOFT s.r.o., 7, 5, 1, 36]
& & [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll]&&[Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll]&&[Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
& & [C:\WINDOWS\system32\icm32.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.8)]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.2.9]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 5, 13]
& & [D:\360weishi\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [D:\office\OFFICE11\msohev.dll]&&[Microsoft Corporation, 11.0.5510]
& & [D:\RAR\rarext.dll]&&[N/A, ]
& & [D:\***G Anti-Spyware 7.5\context.dll]&&[GRISOFT s.r.o., 7, 5, 1, 36]
& & [D:\Kaspersky Anti-Virus 6.0\shellex.dll]&&[Kaspersky Lab, 6.0.0.299]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1864 / Owner][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]&&[N/A, ]
& & [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]&&[N/A, ]
[PID: 1900 / Owner][C:\WINDOWS\system32\hkcmd.exe]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.4497]
[PID: 2008 / Owner][C:\WINDOWS\system32\igfxpers.exe]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4497]
[PID: 316 / Owner][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1660 / Owner][C:\WINDOWS\system32\conime.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 944 / Owner][C:\WINDOWS\system32\igfxsrvc.exe]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.4497]
& & [C:\WINDOWS\system32\igfxdev.dll]&&[Intel Corporation, 3.0.0.4497]
[PID: 2680 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 3188 / Owner][C:\Program Files\Internet Explorer\iexplore.exe]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\IEFRAME.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\IEUI.dll]&&[Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\xmllite.dll]&&[Microsoft Corporation, 1.00.1018.0]
& & [D:\office\OFFICE11\msohev.dll]&&[Microsoft Corporation, 11.0.5510]
& & [C:\Program Files\Internet Explorer\ieproxy.dll]&&[Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).5)]
[C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.2.9]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 5, 13]
& & [D:\360weishi\safemon\safemon.dll]&&[, 3, 4, 0, 1001]
& & [C:\WINDOWS\system32\ieapfltr.dll]&&[Microsoft Corporation, 7.0.]
& & [D:\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]&&[Kaspersky Lab, 1.0.6.299]
& & [D:\Kaspersky Anti-Virus 6.0\klscav.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [D:\Kaspersky Anti-Virus 6.0\prloader.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll]&&[Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll]&&[Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
& & [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]&&[Adobe Systems, Inc., 9,0,28,0]
& & [D:\Kaspersky Anti-Virus 6.0\pr_remote.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [D:\Kaspersky Anti-Virus 6.0\prkernel.ppl]&&[Kaspersky Lab, 6.0.0.304]
& & [d:\kaspersky anti-virus 6.0\params.ppl]&&[Kaspersky Lab, 6.0.0.299]
& & [d:\kaspersky anti-virus 6.0\pxstub.ppl]&&[Kaspersky Lab, 6.0.0.299]
& & [d:\kaspersky anti-virus 6.0\tempfile.ppl]&&[Kaspersky Lab, 6.0.0.299]
& & [D:\QQ\Tencent\QQ\SCCore.dll]&&[TENCENT, 2, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\gdiplus.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [D:\QQ\Tencent\QQ\QQSpace.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\vbscript.dll]&&[Microsoft Corporation, 5.6.0.8825]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
& & [D:\QQ\Tencent\QQ\QQGroupMng.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\UserDefinedHead.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\QQPlugin.dll]&&[N/A, ]
& & [D:\QQ\Tencent\QQ\QQConfigPlugin.dll]&&[, 1, 0, 0, 1]
& & [C:\WINDOWS\system32\ieframe.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]&&[Adobe Systems, Inc., 9,0,28,0]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [D:\QQ\Tencent\QQ\QQCustomFace.dll]&&[N/A, ]
& & [D:\QQ\Tencent\QQ\QQPet.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\QRingMng.dll]&&[N/A, ]
& & [D:\QQ\Tencent\QQ\FlashAvatarDll.dll]&&[, 1, 4, 0, 1]
& & [D:\QQ\Tencent\QQ\ImageOle.dll]&&[TODO: &Company name&, 1.0.0.1]
& & [D:\QQ\Tencent\QQ\QQMagicFace.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\QQSceneMng.dll]&&[N/A, ]
& & [D:\QQ\Tencent\QQ\QQAvatar.dll]&&[N/A, ]
& & [D:\QQ\Tencent\QQ\LongConnection.dll]&&[tencent, 5, 0, 200, 160]
& & [D:\QQ\Tencent\QQ\GroupConnection.dll]&&[Tencent, 0, 3, 3, 5]
& & [D:\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]&&[Kaspersky Lab, 1.0.6.299]
& & [D:\Kaspersky Anti-Virus 6.0\klscav.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [D:\QQ\Tencent\QQ\QQZip.dll]&&[tencent, 0, 3, 2, 4]
& & [D:\QQ\Tencent\QQ\QQSysMsgMng.dll]&&[N/A, ]
& & [D:\Kaspersky Anti-Virus 6.0\prloader.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]&&[Microsoft Corporation, 11.0.5510]
& & [D:\QQ\Tencent\QQ\QQSettingCtrl.dll]&&[, 1, 0, 0, 1]
& & [C:\WINDOWS\system32\WINABCX.IME]&&[PKUETI, 5.22.216]
& & [D:\QQ\Tencent\QQ\CommercesMng.dll]&&[, 1, 0, 0, 1]
& & [D:\QQ\Tencent\QQ\PersonalDesktop.dll]&&[深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
& & [D:\QQ\Tencent\QQ\QQAddr.dll]&&[深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
& & [D:\QQ\Tencent\QQ\npkcntc.dll]&&[INCA Internet Co., Ltd., , 1]
& & [D:\QQ\Tencent\QQ\npkpdb.dll]&&[INCA Internet Co., Ltd., , 1]
& & [D:\QQ\Tencent\QQ\QQPhoneHelper.dll]&&[腾讯科技(深圳)有限公司, 2, 1, 9, 95]
& & [D:\Kaspersky Anti-Virus 6.0\pr_remote.dll]&&[Kaspersky Lab, 6.0.0.299]
& & [D:\Kaspersky Anti-Virus 6.0\prkernel.ppl]&&[Kaspersky Lab, 6.0.0.304]
& & [d:\kaspersky anti-virus 6.0\params.ppl]&&[Kaspersky Lab, 6.0.0.299]
& & [d:\kaspersky anti-virus 6.0\pxstub.ppl]&&[Kaspersky Lab, 6.0.0.299]
& & [d:\kaspersky anti-virus 6.0\tempfile.ppl]&&[Kaspersky Lab, 6.0.0.299]
[PID: 3476 / Owner][D:\QQ\Tencent\QQ\TIMPlatform.exe]&&[tencent, 0, 3, 1, 8]
& & [D:\QQ\Tencent\QQ\TIMProxy.dll]&&[tencent, 0, 3, 2, 4]
[PID: 2436 / Owner][D:\QQ\Tencent\QQ\QZone\Qzone.exe]&&[腾讯公司, 1, 9, 103, 20]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [D:\QQ\Tencent\QQ\QZone\MFC42.DLL]&&[Microsoft Corporation, 6.00.8665.0]
[PID: 3196 / Owner][D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\Thunder5.exe]&&[Thunder Networking Technologies,LTD, 5, 7, 1, 338]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\ThunderEx.dll]&&[, 1, 1, 6, 12]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\TaskManager.dll]&&[Thunder Networking Technologies,LTD, 1, 2, 1, 26]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\download_interface.dll]&&[Thunder Networking Technologies,LTD, 2, 17, 2, 124]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\stlport_vc646.dll]&&[STLport Consulting, Inc., 4.6.]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\asyn_dns.dll]&&[Thunder Networking Technologies,LTD, 2, 17, 2, 124]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\BHOStub.dll]&&[Thunder Networking Technologies,LTD, 1, 1, 0, 8]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Components\DownAndPlay\DownAndPlay.dll]&&[, 1, 0, 2, 20]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\iTargetAD.dll]&&[N/A, ]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Components\Community\XLCommunity.dll]&&[Thunder Networking Technologies,LTD, 1, 3, 0, 7]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\RegisterDll.dll]&&[Thunder Networking Technologies,LTD, 2, 13, 5, 59]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\MSVCIRT.dll]&&[Microsoft Corporation, 7.0. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\ieframe.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Components\Security\ThunderSafe.dll]&&[深圳市迅雷网络技术有限公司, 1, 0, 5, 29]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Program\XLNet.Dll]&&[Thunder Networking Technologies,LTD, 1, 2, 1, 9]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Components\Search\XLSearch.dll]&&[Thunder Networking Technologies,LTD, 1, 1, 3, 13]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Components\ExplorerHelper\ExplorerHelper.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 4, 15]
& & [D:\xunlei\Thunder.v5.7.1.338\Thunder.v5.7.1.338\Plugins\BhoAdv\bho_adv.dll]&&[深圳市迅雷网络技术有限公司, 1.0.1.0]
[PID: 2164 / Owner][D:\sreng\SREngPS.EXE]&&[Smallfrogs Studio, 2.5.16.900]
& & [C:\WINDOWS\system32\Normaliz.dll]&&[Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).5)]
& & [C:\WINDOWS\system32\iertutil.dll]&&[Microsoft Corporation, 7.00. (vista_gdr.2)]
& & [D:\sreng\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
.TXT&&Error. [C:\WINDOWS\notepad.exe %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&Error. []
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1864, C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1756, D:\QQ\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3476, D:\QQ\TENCENT\QQ\TIMPLATFORM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3196, D:\XUNLEI\THUNDER.V5.7.1.338\THUNDER.V5.7.1.338\PROGRAM\THUNDER5.EXE]
==================================
RVA&&错误: LoadLibraryA (危险等级: 高,&&被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA&&错误: LoadLibraryExA (危险等级: 高,&&被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA&&错误: LoadLibraryExW (危险等级: 高,&&被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA&&错误: LoadLibraryW (危险等级: 高,&&被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA&&错误: GetProcAddress (危险等级: 高,&&被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
==================================
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,
