[CODE] 2008-07-10,12:28:17 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [(Verified)Google Inc] <"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [] <%systemroot%\system32\dumprep 0 -k> [File is missing] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"> [(Verified)Kaspersky Lab] <360Antiarp> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] [联合证券] [(Verified)Tencent Technology(Shenzhen) Company Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [File is missing] [File is missing] [File is missing] <> [N/A] <> [N/A] [File is missing] [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] [(Verified)Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 [QQ游戏启动加速程序] F:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [卡巴斯基反病毒软件 7.0 / AVP][Stopped/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Java Quick Starter / JavaQuickStarterService][Running/Auto Start] <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"> [wampapache / wampapache][Stopped/Manual Start] <"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice> [wampmysqld / wampmysqld][Stopped/Manual Start] [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [797635 / 797635][Stopped/Manual Start] <\SystemRoot\system32\drivers\797635.sys> [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] [ADProt / ADProt][Running/System Start] <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技(深圳)有限公司> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start] [AliIde / AliIde][Stopped/Disabled] <\SystemRoot\System32\DRIVERS\aliide.sys> [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] [atiide / atiide][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\atiide.sys> [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] [BCM V.92 56K Modem / BCMModem][Stopped/Manual Start] [CmdIde / CmdIde][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\cmdide.sys> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [Hamachi Network Interface / hamachi][Stopped/Manual Start] [ialm / ialm][Running/Manual Start] [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] [mv61xx / mv61xx][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\mv61xx.sys> [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start] [npkcrypt / npkcrypt][Running/Auto Start] <\??\F:\歌曲\51冒险岛055免安装客户端\51冒险岛055免安装客户端\npkcrypt.sys> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [NSC Infrared Device Driver / NSCIRDA][Running/Manual Start] [nv / nv][Stopped/Manual Start] [p2pfilter / p2pfilter][Stopped/Manual Start] <\??\E:\2008-2-26\p2p 在 192.168.1.102 上\(2)运行P2P终结者\p2pfilter.sys> [DDK PACKET Protocol / Packet][Running/Manual Start] <360安全中心> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [rspp / rspp][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\Rspp.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [skgeonhz / skgeonhz][Running/Boot Start] <\SystemRoot\System32\DRIVERS\skgeonhz.sys> [Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start] [txvmnlu / txvmnlu][Running/Boot Start] <\SystemRoot\system32\drivers\txvmnlu.sys><> ================================== 浏览器加载项 [Java Plug-in 1.6.0_10] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [Web 反病毒统计] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [BlogThisToolbarButton Class] {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [解霸] {367E0A21-8601-4986-9C9A-153BF5ACA118} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [] {2496941B-49AA-447D-8548-9DF72C6F0BFF} <, > [CellWeb5 Control] {3F166327-8030-4881-8BD2-EA25350E574A} [Java Plug-in 1.6.0_10] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_10] {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [Java Plug-in 1.6.0_10] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {0A155D3C-68E2-4215-A47A-E800A446447A} <, > [] {0C7C23EF-A848-485B-873C-0ED954731014} <, > [IESuperHelper] {1A49F431-2A2E-41A5-9080-0F41D1A3AEC1} [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, > [] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A> [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [] {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [] {367E0A21-8601-4986-9C9A-153BF5ACA118} <, > [CellWeb5 Control] {3F166327-8030-4881-8BD2-EA25350E574A} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, > [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [] {669751ED-D558-49AE-B01A-3B374CC7910E} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A> [Java(tm) Plug-In SSV Helper] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [] {77910CD3-5447-4CCB-92DE-35BA8198BE81} <, > [] {77FEF28E-EB96-44FF-B511-3185DEA48697} <, > [] {7AA32FC7-133B-4AE7-998E-CED0D9829B12} <, > [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [] {889D2FEB-5411-4565-8998-1DD2C5261283} <, > [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <, > [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [] {B7BBD0D6-5E3A-4BC3-935E-B5AD0B1D1380} <, > [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Java Plug-in 1.4.2_05] {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D741F092-E567-46CA-9FCE-1C244BA755F0} <, > [] {D7B21266-AA85-44B8-B516-3B1A69827400} <, > [Java(tm) Plug-In 2 SSV Helper] {DBC80044-A445-435B-BC74-9C25C1C588A9} [] {E24B9E23-58CF-4938-B383-49C6D744D728} <, > [JQSIEStartDetectorImpl Class] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [SrchHook Class] {F08555B0-9CC3-11D2-AA8E-000000000000} <, > [FG2CatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [&Windows Live Search] [&使用快车(FlashGet)下载] [&使用快车(FlashGet)下载全部链接] [&使用超级旋风下载] [&使用超级旋风下载全部链接] [Add to Windows &Live Favorites] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] [解霸实时播放] ================================== 正在运行的进程 [PID: 792 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1164 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1188 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1236 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 1248 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1416 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1524 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1676 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1944 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 432 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1592 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 1756 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.100.14] [C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)] [PID: 2652 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1668 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll] [Kaspersky Lab, 7.0.0.125] [C:\PROGRA~1\Wopti\WOPTIE~1.DLL] [共软网络, 1.0.8.103] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 2936 / Administrator][C:\Program Files\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 2404 / Administrator][D:\Program Files\易发\bin\yfdown.exe] [联合证券, 1.0.0.725] [D:\Program Files\易发\bin\rtl70.bpl] [Borland Software Corporation, 7.0.4.453] [D:\Program Files\易发\bin\vcl70.bpl] [Borland Software Corporation, 7.0.4.453] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 3680 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 4, 11] [PID: 3916 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3068 / Administrator][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 3672 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 3852 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 3616 / Administrator][C:\DZH5\internet\hypwise.exe] [N/A, ] [C:\DZH5\internet\olepro32.dll] [Microsoft Corporation, 5.0.4275] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [PID: 2756 / Administrator][C:\Program Files\KWMUSIC\KwMV.exe] [N/A, ] [C:\Program Files\KWMUSIC\KwLogSvr.dll] [N/A, ] [C:\Program Files\KWMUSIC\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\KWMUSIC\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\KWMUSIC\lidx.dll] [N/A, ] [PID: 864 / Administrator][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [D:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [D:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,777,1805] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,776,1805] [D:\Program Files\Tencent\QQ\WizardCtrl.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ] [D:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,777,1805] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2] [D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [D:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 8,0,777,1805] [D:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 8,0,777,1805] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\AddrSearch.dll] [腾讯科技(深圳)有限公司, 2, 2, 1, 15] [C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll] [ Microsoft Corporation, 1.0.30401.0] [C:\Program Files\Microsoft Silverlight\agcore.dll] [Microsoft Corporation, 1.0.30401.0] [D:\Program Files\Tencent\QQ\QQMagicFace.dll] [TENCENT, 8,0,777,1805] [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0] [PID: 1004 / Administrator][D:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 324 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.125] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] [C:\Program Files\Tencent\QQToolbar\IEBar.dll] [TENCENT, 2, 1, 5, 13] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll] [TENCENT, 2, 1, 5, 13] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\TBAddr.dll] [TENCENT, 1, 0, 2, 10] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\QQMail.dll] [TENCENT, 2, 1, 2, 20] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Shuqian.dll] [TENCENT, 2, 1, 2, 10] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Wenwen.dll] [TENCENT, 2, 1, 3, 11] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Weather.dll] [TENCENT, 2, 1, 2, 10] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\PopupBlocker.dll] [TENCENT, 2, 1, 1, 11] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\HighLight.dll] [TENCENT, 2, 1, 1, 10] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\QQDoctor.dll] [TENCENT, 2, 1, 1, 10] [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Hot.dll] [TENCENT, 1, 0, 1, 13] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.125] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 908 / Administrator][D:\新建文件夹 (3)\sreng1018\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [PID: 2204 / Administrator][D:\新建文件夹 (3)\sreng1018\SRE9b4eb966.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.125] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.125] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS Error. [超级解霸3000] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1188, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1756, C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2404, D:\PROGRAM FILES\易发\BIN\YFDOWN.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3616, C:\DZH5\INTERNET\HYPWISE.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2756, C:\PROGRAM FILES\KWMUSIC\KWMV.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 908, D:\新建文件夹 (3)\SRENG1018\SRENGLDR.EXE] ================================== API HOOK RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== 隐藏进程 N/A ================================== [/CODE]