[CODE] 2008-10-07,22:42:43 System Repair Engineer 2.6.18.1205 Smallfrogs (http://www.KZTechs.com) Windows Vista Home Basic Edition (Build 6000) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows] <; rundll32.exe oobefldr.dll,ShowWelcomeCenter> [(Verified)Microsoft Windows] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Corporation] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <; C:\ProgramData\Lenovo\nsp\bin\autotask.exe> [(Verified)Lenovo (Beijing) Limited] <"C:\kav2007\KAVStart.exe" -startup> [Kingsoft Corporation] <; C:\Program Files\Lenovo\LenovoStudy\autorun.exe> [File is missing] <; > [N/A] <; C:\Program Files\Lenovo\LiveUpdate\UiServer.exe> [] <; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; C:\Program Files\联想\联想标准键盘驱动\SkDaemond.exe> [] <; C:\Windows\test.bat> [File is missing] <; %ProgramFiles%\Windows Defender\MSASCui.exe -hide> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows] ================================== 启动文件夹 N/A ================================== 服务 [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start] [lenovo live update / Lenovo Upgrade Service.bis.release][Running/Auto Start] <新思软件技术有限公司> [Stormser / Stormser][Stopped/Auto Start] <暴风网际> [system privilege agent / sysagent][Running/Auto Start] ================================== 驱动程序 [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start] [adp94xx / adp94xx][Stopped/Disabled] <\SystemRoot\system32\drivers\adp94xx.sys> [adpahci / adpahci][Stopped/Disabled] <\SystemRoot\system32\drivers\adpahci.sys> [adpu160m / adpu160m][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu160m.sys> [adpu320 / adpu320][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu320.sys> [aic78xx / aic78xx][Stopped/Disabled] <\SystemRoot\system32\drivers\djsvs.sys> [aliide / aliide][Stopped/Disabled] <\SystemRoot\system32\drivers\aliide.sys> [arc / arc][Stopped/Disabled] <\SystemRoot\system32\drivers\arc.sys> [arcsas / arcsas][Stopped/Disabled] <\SystemRoot\system32\drivers\arcsas.sys> [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start] [blbdrive / blbdrive][Stopped/Disabled] <\SystemRoot\system32\drivers\blbdrive.sys> [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltlo.sys> [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltup.sys> [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled] <\SystemRoot\system32\drivers\brserid.sys> [Brother WDM Serial driver / BrSerWdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brserwdm.sys> [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brusbmdm.sys> [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start] <\SystemRoot\system32\drivers\brusbser.sys> [cmdide / cmdide][Stopped/Disabled] <\SystemRoot\system32\drivers\cmdide.sys> [Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start] [elxstor / elxstor][Stopped/Disabled] <\SystemRoot\system32\drivers\elxstor.sys> [HpCISSs / HpCISSs][Stopped/Disabled] <\SystemRoot\system32\drivers\hpcisss.sys> [Intel RAID Controller Vista / iaStorV][Stopped/Disabled] <\SystemRoot\system32\drivers\iastorv.sys> [iirsp / iirsp][Stopped/Disabled] <\SystemRoot\system32\drivers\iirsp.sys> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [ITEATAPI_Service_Install / iteatapi][Stopped/Disabled] <\SystemRoot\system32\drivers\iteatapi.sys> [ITERAID_Service_Install / iteraid][Stopped/Disabled] <\SystemRoot\system32\drivers\iteraid.sys> [KWatch3 / KWatch3][Running/System Start] <\??\C:\Windows\system32\drivers\KWatch3.SYS> [LSI_FC / LSI_FC][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_fc.sys> [LSI_SAS / LSI_SAS][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_sas.sys> [LSI_SCSI / LSI_SCSI][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_scsi.sys> [megasas / megasas][Stopped/Disabled] <\SystemRoot\system32\drivers\megasas.sys> [Mraid35x / Mraid35x][Stopped/Disabled] <\SystemRoot\system32\drivers\mraid35x.sys> [nfrd960 / nfrd960][Stopped/Disabled] <\SystemRoot\system32\drivers\nfrd960.sys> [N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled] <\SystemRoot\system32\drivers\ntrigdigi.sys> [nvlddmkm / nvlddmkm][Running/Manual Start] [nvraid / nvraid][Stopped/Disabled] <\SystemRoot\system32\drivers\nvraid.sys> [nvstor / nvstor][Stopped/Disabled] <\SystemRoot\system32\drivers\nvstor.sys> [IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start] [IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start] [QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled] <\SystemRoot\system32\drivers\ql2300.sys> [QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled] <\SystemRoot\system32\drivers\ql40xx.sys> [R300 / R300][Stopped/Manual Start] [SiSRaid2 / SiSRaid2][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid2.sys> [SiSRaid4 / SiSRaid4][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid4.sys> [Symc8xx / Symc8xx][Stopped/Disabled] <\SystemRoot\system32\drivers\symc8xx.sys> [Sym_hi / Sym_hi][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_hi.sys> [Sym_u3 / Sym_u3][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_u3.sys> [uliahci / uliahci][Stopped/Disabled] <\SystemRoot\system32\drivers\uliahci.sys> [UlSata / UlSata][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata.sys> [ulsata2 / ulsata2][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata2.sys> [viaide / viaide][Running/Boot Start] <\SystemRoot\system32\drivers\viaide.sys> [vsmraid / vsmraid][Stopped/Disabled] <\SystemRoot\system32\drivers\vsmraid.sys> [Look 312P / ZSMC301b][Running/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [IEHlprObj Class] {B919AD4A-652B-4fdc-BF30-CB3C660E5477} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [CBrowseStakeout Class] {55302805-482E-470E-8A57-6795A1487F90} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [IEHlprObj Class] {B919AD4A-652B-4FDC-BF30-CB3C660E5477} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [] {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, > [] {F79B2338-A6E7-46D4-9202-422AA6E74F43} <, > [&Windows Live Search] [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ自定义面板] [添加到QQ表情] [用QQ彩信发送该图片] ================================== 正在运行的进程 [PID: 368 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 504 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 552 / SYSTEM][C:\Windows\system32\wininit.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 564 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 596 / SYSTEM][C:\Windows\system32\services.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 608 / SYSTEM][C:\Windows\system32\lsass.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 616 / SYSTEM][C:\Windows\system32\lsm.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 692 / SYSTEM][C:\Windows\system32\winlogon.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 808 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 864 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 896 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 988 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1016 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1048 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1164 / LOCAL SERVICE][C:\Windows\system32\AUDIODG.EXE] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1200 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe] [(Verified) Microsoft Corporation, 6.0.6000.16509 (vista_gdr.070620-1500)] [PID: 1256 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1360 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1576 / SYSTEM][C:\kav2007\KWatch.EXE] [Kingsoft Corporation, 2007, 8, 13, 78] [C:\kav2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30] [C:\kav2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 2, 4, 61] [C:\kav2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16] [C:\kav2007\KAEUnpack.DAT] [Kingsoft Corporation, 2008,01,25,202] [C:\kav2007\KAVQuara.DLL] [Kingsoft Corporation, 2007, 6, 15, 4] [PID: 1628 / lenovo][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1676 / SYSTEM][C:\Windows\System32\spoolsv.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1724 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1780 / lenovo][C:\Windows\system32\Dwm.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 1824 / lenovo][C:\Windows\Explorer.EXE] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\system32\nvcpl.dll] [NVIDIA Corporation, 7.15.10.9748] [C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 7.15.10.9748] [D:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\迅雷\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\kav2007\KAVEXT.DLL] [Kingsoft Corporation, 2007, 5, 11, 28] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] [C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 476 / lenovo][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] [PID: 360 / SYSTEM][C:\Program Files\lenovo\LiveUpdate\liveupdate.exe] [新思软件技术有限公司, 3, 2, 5, 21] [C:\Program Files\lenovo\LiveUpdate\HttpLink.dll] [新思软件技术有限公司, 3, 2, 4, 7] [C:\Program Files\lenovo\LiveUpdate\WINHTTP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\lenovo\LiveUpdate\GdiImage.dll] [N/A, ] [PID: 964 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 1236 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1848 / SYSTEM][C:\Windows\system32\sysagent.exe] [lenovo, 1, 0, 0, 0] [PID: 1372 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1068 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2292 / SYSTEM][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2740 / lenovo][D:\360\360safe\safemon\360tray.exe] [奇虎网, 5, 0, 0, 1002] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\360\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 3, 0, 1003] [D:\360\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001] [D:\360\360safe\live.dll] [360.cn, 1, 0, 1, 1028] [PID: 2692 / lenovo][C:\Windows\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 3100 / lenovo][C:\Users\lenovo\Desktop\新建文件夹\SREngLdr.EXE] [Smallfrogs Studio, 2.6.18.1205] [PID: 1896 / lenovo][C:\Users\lenovo\Desktop\新建文件夹\SREafda7569.EXE] [Smallfrogs Studio, 2.6.18.1205] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 3172 / lenovo][E:\新建文件夹 (2)\新建文件夹\QQ.exe] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQBaseClassInDll.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQHelperDll.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\BasicCtrlDll.dll] [TENCENT, 8,0,1248,1851] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [E:\新建文件夹 (2)\新建文件夹\QQAPI.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\LoginCtrl.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\LoginCtrlRes.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQRes.dll] [TENCENT, 8,0,978,1833] [E:\新建文件夹 (2)\新建文件夹\QQMainFrame.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\UnReadMsgMgr.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQAllInOne.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\SCCore.dll] [TENCENT, 1, 6, 0, 2] [E:\新建文件夹 (2)\新建文件夹\CameraDll.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\CQQApplication.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\FlashAvatarDll.dll] [, 1, 0, 0, 1] [E:\新建文件夹 (2)\新建文件夹\NewSkin.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\MailSummary.dll] [TENCENT, 8,0,1234,1851] [E:\新建文件夹 (2)\新建文件夹\QQSpace.dll] [TENCENT, 8,0,1249,1853] [C:\Windows\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [E:\新建文件夹 (2)\新建文件夹\msdmo.dll] [, ] [E:\新建文件夹 (2)\新建文件夹\QQAvatar.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\OEMApplication.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQKnowledgeSearch.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQGroupMng.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQPlugin.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQPet.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQSysMsgMng.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\UserDefinedHead.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QRingMng.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQConfigPlugin.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQCustomFace.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQMagicFace.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\ImageOle.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQLiveQMng.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\LongConnection.dll] [TENCENT, 8,0,1249,1851] [E:\新建文件夹 (2)\新建文件夹\PhoneAPI.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [E:\新建文件夹 (2)\新建文件夹\GroupConnection.dll] [TENCENT, 8,0,1249,1851] [E:\新建文件夹 (2)\新建文件夹\BQQApplication.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQFileTransfer.dll] [TENCENT, 8,0,1249,1851] [C:\Windows\system32\JPWB.IME] [常诚研制, 4.00.950] [C:\Windows\system32\WINWB86.IME] [Microsoft Corporation, 5.00.2000.3] [E:\新建文件夹 (2)\新建文件夹\CommercesMng.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\PersonalDesktop.dll] [TENCENT, 8,0,1249,1853] [E:\新建文件夹 (2)\新建文件夹\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [E:\新建文件夹 (2)\新建文件夹\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 2, 1, 16] [E:\新建文件夹 (2)\新建文件夹\QQSceneMng.dll] [TENCENT, 8,0,1249,1853] [C:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75] [PID: 2856 / lenovo][E:\新建文件夹 (2)\新建文件夹\TXPlatform.exe] [Tencent, 1, 5, 225, 0] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 2992 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2104 / lenovo][D:\遨游\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 1, 4, 443] [D:\遨游\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 216] [D:\遨游\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 369] [D:\遨游\Maxthon2\MxProxy2.dll] [Maxthon International ltd., 1, 0, 0, 4099] [D:\遨游\Maxthon2\MxExt.dll] [N/A, ] [D:\遨游\Maxthon2\MxUI.dll] [Maxthon International, 3, 3, 0, 9] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\遨游\Maxthon2\mxtool.dll] [, 1, 0, 0, 1] [D:\遨游\Maxthon2\maxzlib.dll] [, 1.2.3] [D:\遨游\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll] [Maxthon International ltd., 1,0,0,1386] [D:\遨游\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll] [Maxthon, 1,0,2,1267] [D:\遨游\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125] [D:\遨游\Maxthon2\Modules\MxHistory\MxHistory.dll] [Maxthon International ltd., 1, 0, 0, 289] [C:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75] [D:\遨游\Maxthon2\MxFav.dll] [Maxthon International ltd., 1, 0, 0, 258] [C:\Windows\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] [PID: 3588 / lenovo][D:\迅雷\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.12.493] [D:\迅雷\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20] [D:\迅雷\Thunder\Program\ThunderEx.dll] [, 1, 2, 4, 23] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\迅雷\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 6, 66] [D:\迅雷\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 311] [D:\迅雷\Thunder\Program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\迅雷\Thunder\Program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\迅雷\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 13] [D:\迅雷\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\迅雷\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 9] [D:\迅雷\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24] [D:\迅雷\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 18] [D:\迅雷\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 17] [D:\迅雷\Thunder\Program\xl_stat.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 3] [D:\迅雷\Thunder\Program\emule.dll] [, 1, 1, 2, 12] [D:\迅雷\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 17] [D:\迅雷\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 8] [D:\迅雷\Thunder\Program\iTargetAD.dll] [N/A, ] [D:\迅雷\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,20] [D:\迅雷\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 2, 6, 2, 12] [D:\迅雷\Thunder\Program\stream.dll] [Thunder Networking Technologies,LTD, 2, 1, 2, 359] [D:\迅雷\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 18] [D:\迅雷\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 8] [D:\迅雷\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,15] [D:\迅雷\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10] [D:\迅雷\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 8, 26] [D:\迅雷\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70] [D:\迅雷\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 1, 0, 38] [D:\迅雷\Thunder\Program\XLCommunityEx.dll] [N/A, ] [D:\迅雷\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67] [D:\迅雷\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\迅雷\Thunder\Program\emule_id.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7] [C:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75] [D:\迅雷\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 79] [D:\迅雷\Thunder\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 79] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] [D:\迅雷\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 21] [D:\迅雷\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 59] [D:\迅雷\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 19] [D:\迅雷\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23] [D:\迅雷\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\迅雷\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\迅雷\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 12, 108] [D:\迅雷\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6] [D:\迅雷\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [D:\迅雷\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 17] [PID: 2880 / LOCAL SERVICE][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 3700 / lenovo][D:\eMule\emule.exe] [http://www.emule-project.net, 0.48.0.80313 Unicode] [D:\360\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\kav2007\KAScript.DLL] [Kingsoft Corporation, 2007, 3, 6, 75] [C:\Windows\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9748] ================================== 文件关联 .TXT Error. [C:\Windows\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["%SystemRoot%\hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS Error. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ::1 localhost ================================== 进程特权扫描 N/A ================================== 计划任务 [已启用] \\{D4BB1DF4-8920-4C00-941C-7E0780715A4C} C:\Windows\system32\pcalua.exe -a "C:\Program Files\Herosoft\Hero 9\unins000.exe" [已启用] \\查看 Windows Live Toolbar 更新 C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE -a "C:\Program Files\Herosoft\Hero 9\unins000.exe" [已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask BthUdTask.exe $(Arg0) [已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask N/A [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask N/A [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam N/A [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator %SystemRoot%\System32\wsqmcons.exe [已启用] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Uploader %windir%\system32\WSqmCons.exe -u [已启用] \Microsoft\Windows\Defrag\ScheduledDefrag %windir%\system32\defrag.exe -c -i [已启用] \Microsoft\Windows\MobilePC\HotStart N/A [已启用] \Microsoft\Windows\MobilePC\TMM N/A [已启用] \Microsoft\Windows\MUI\LPRemove %windir%\system32\lpremove.exe [已启用] \Microsoft\Windows\Multimedia\SystemSoundsService N/A [已启用] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI N/A [已启用] \Microsoft\Windows\Shell\CrawlStartPages N/A [已启用] \Microsoft\Windows\SystemRestore\SR %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1 rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2 rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [已启用] \Microsoft\Windows\UPnP\UPnPHostConfig sc.exe config upnphost start= auto [已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting %windir%\system32\wermgr.exe -queuereporting [已启用] \Microsoft\Windows\Wired\GatherWiredInfo %windir%\system32\gatherWiredInfo.vbs [已启用] \Microsoft\Windows\Wireless\GatherWirelessInfo %windir%\system32\gatherWirelessInfo.vbs ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]