2008-12-03,19:46:22 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (RTHDCPL)(RTHDCPL.EXE) [Realtek Semiconductor Corp.] (SkyTel)(SkyTel.EXE) [Realtek Semiconductor Corp.] (Alcmtr)(ALCMTR.EXE) [Realtek Semiconductor Corp.] (BigDogPath)(C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera) [File is missing] (egui)("D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice) [(Verified)"ESET, spol. s r.o."] (360Safetray)(D:\Program Files\360safe\safemon\360tray.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd] (360Antiarp)(D:\Program Files\360safe\antiarp\antiarp.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd] (360Safebox)("D:\Program Files\360Safebox\safeboxTray.exe" /r) [(Verified)Qizhi Software (beijing) Co. Ltd] (Microsoft Pinyin IME Migration)(D:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Windows Component Publisher] (Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher] (UIHost)(logonui.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] (WebCheck)(C:\WINDOWS\system32\webcheck.dll) [(Verified)Microsoft Windows Component Publisher] (SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Component Publisher] (WPDShServiceObj)(C:\WINDOWS\system32\WPDShServiceObj.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] (WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] (WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] (WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] (WinlogonNotify: dimsntfy)(%SystemRoot%\System32\dimsntfy.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] (WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] (WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] (WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] (WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] (WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] (WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] ({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher] ({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\({12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] (IE7 Uninstall Stub)(C:\WINDOWS\system32\ieudinit.exe) [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}] (Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}] (Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}] (Browser Customizations)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] (浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}] (Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] (Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] (Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] (NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] (Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] (Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] (通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] (Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] (Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -BaseSettings) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe] (IFEO[auto.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe] (IFEO[boxmod.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe] (IFEO[DrRtp.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE] (IFEO[enc98.EXE])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe] (IFEO[sos.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE] (IFEO[ua80.EXE])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Control Panel\Desktop] (SCRNSAVE.EXE)(C:\WINDOWS\System32\logon.scr) [(Verified)Microsoft Windows Component Publisher] -------------------------------------------------------------------------------- 启动文件夹 N/A -------------------------------------------------------------------------------- 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] ("D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe")((File is missing)) [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] (C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.) [Contrl Center of Storm Media / ccosm][Stopped/Auto Start] ()((File is missing)) [regedit / ClipBackoo][Stopped/Auto Start] (C:\WINDOWS\system32\regedit)((File is missing)) [ClipBook / ClipSrv][Stopped/Auto Start] ()((File is missing)) [Eset HTTP Server / EhttpSrv][Stopped/Manual Start] ("D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe")(ESET) [Eset Service / ekrn][Running/Auto Start] ("D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe")(ESET) [Human Interface Device Access / HidServ][Stopped/Disabled] (C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A) [Machine Debug Manager / MDM][Running/Auto Start] ("D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe")(Microsoft Corporation) [A播数据后台传输服务 / Qvod Terminal][Stopped/Auto Start] ()((File is missing)) [Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start] ()((File is missing)) -------------------------------------------------------------------------------- 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] (\??\C:\WINDOWS\system32\drivers\360AntiArp.sys)(360安全中心) [ati2mtag / ati2mtag][Running/Manual Start] (system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.) [eamon / eamon][Running/Auto Start] (system32\DRIVERS\eamon.sys)(ESET) [easdrv / easdrv][Running/System Start] (system32\DRIVERS\easdrv.sys)(ESET) [epfwtdir / epfwtdir][Running/System Start] (system32\DRIVERS\epfwtdir.sys)(N/A) [f28907d / f28907d][Stopped/Manual Start] (\??\C:\WINDOWS\system32\f28907d.sys)(N/A) [gsqdofc / gsqdofc][Stopped/Boot Start] (\SystemRoot\system32\drivers\yzvifit.sys)(N/A) [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] (system32\DRIVERS\HDAudBus.sys)(Windows (R) Server 2003 DDK provider) [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] (system32\drivers\RtkHDAud.sys)(Realtek Semiconductor Corp.) [DDK PACKET Protocol / Packet][Running/Manual Start] (system32\DRIVERS\ProtoDrv.sys)(360安全中心) [Padus ASPI Shell / pfc][Running/Manual Start] (system32\drivers\pfc.sys)(Padus, Inc.) [Direct Parallel Link Driver / Ptilink][Running/Manual Start] (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [PxHelp20 / PxHelp20][Running/Boot Start] (\SystemRoot\System32\Drivers\PxHelp20.sys)(Sonic Solutions) [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] (system32\DRIVERS\Rtenicxp.sys)(Realtek Semiconductor Corporation) [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] (\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys)(360安全中心) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [TCP/IP Protocol Driver / Tcpip][Running/System Start] (system32\DRIVERS\tcpip.sys)(Microsoft Corporation) [TesSafe / TesSafe][Stopped/Manual Start] (\??\C:\WINDOWS\system32\TesSafe.sys)(TENCENT) [VIMICRO USB PC Camera / ZSMC302][Running/Manual Start] (System32\Drivers\usbVM31b.sys)(VM) -------------------------------------------------------------------------------- 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} (D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN) [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (D:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD) [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation) [] {e2e2dd38-d088-4134-82b7-f2ba38496583} (%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A) [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} (D:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation) [] {00000000-12C9-4305-82F9-43058F20E8D2} (, ) [] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (, ) [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} (D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Outlook Today's Data-binding control] {0468C085-CA5B-11D0-AF08-00609797F0E0} (D:\PROGRA~1\MICROS~2\Office12\OUTLCTL.DLL, (Signed) ) [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, ) [] {10A8FBB1-3F62-832B-A7CF-17F3DFBB4985} (, ) [MozheFileInfo Class] {167C309A-0508-4739-8E5E-6C7128ACE805} (D:\Program Files\Mozhe\AnanClient\ExtensionDLL.dll, N/A) [] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (, ) [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation) [] {2318C2B1-4965-11D4-9B18-009027A5CD4F} (, ) [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} (C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation) [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Microsoft Terminal Services Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} (%systemroot%\system32\mstscax.dll, (Signed) N/A) [Microsoft Terminal Services Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} (%systemroot%\system32\mstscax.dll, (Signed) N/A) [XML Data Source Object] {550DDA30-0541-11D2-9CA9-0060B0EC3D39} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation) [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation) [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation) [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation) [Microsoft Terminal Services Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} (%systemroot%\system32\mstscax.dll, (Signed) N/A) [Microsoft Terminal Services Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} (%systemroot%\system32\mstscax.dll, (Signed) N/A) [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} (D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD) [XDownloaddManager Class] {802F530B-A8F6-4631-AE49-6BACAAC6373E} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} (D:\Program Files\360safe\live.dll, (Signed) 360.cn) [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [XML DOM Document 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} (D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation) [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation) [Microsoft Terminal Services Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} (%systemroot%\system32\mstscax.dll, (Signed) N/A) [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} (, ) [] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (, ) [] {AA58ED58-01DD-4D91-8333-CF10577473F7} (, ) [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} (D:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5807.112.(761).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.) [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN) [QQPlayerCtrl Class] {CD108273-D434-43E6-AA90-1469F97EB398} (D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技) [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation) [] {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (, ) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.) [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} (D:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed) Microsoft Corporation) [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} (D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技) [] {E2E2DD38-D088-4134-82B7-F2BA38496583} (, ) [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} (D:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5880.234.(762).dll, (Signed) Xunlei Networking Technologies,LTD) [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [Mozhe BHOFilter Class] {F5617BD8-4B67-49CE-85FD-16D75292B1BC} (D:\Program Files\Mozhe\AnanClient\IEUrlFilter.dll, N/A) [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [] {FB5F1910-F110-11D2-BB9E-00C04F795683} (, ) [使用迅雷下载] (D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A) [使用迅雷下载全部链接] (D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A) [导出到 Microsoft Excel(&X)] (res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A) [添加到QQ表情] (D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A) -------------------------------------------------------------------------------- 正在运行的进程 [PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132] [PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [PID: 908 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 996 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1096 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1180 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1292 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1436 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\fppmon3.dll] [FinePrint Software, LLC, 3.17] [C:\WINDOWS\system32\fppr332.dll] [FinePrint Software, LLC, 3.17] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [PID: 1612 / SYSTEM][D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe] [ESET, 3.0.669 ] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll] [ESET, 3.0.669 ] [PID: 1656 / SYSTEM][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe] [Microsoft Corporation, 7.10.3077] [D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.10.3077] [D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll] [Microsoft Corporation, 7.10.3077] [PID: 1696 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 324 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [PID: 1760 / 015403][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [PID: 1692 / 015403][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1944 / 015403][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100] [PID: 520 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [PID: 1056 / 015403][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.6.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 1220 / 015403][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00] [PID: 292 / 015403][D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe] [ESET, 3.0.669 ] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll] [ESET, 3.0.669 ] [D:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll] [ESET, 3.0.669 ] [PID: 1312 / 015403][D:\Program Files\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008] [PID: 2968 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [PID: 4080 / 015403][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 3116 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [PID: 2784 / 015403][C:\Documents and Settings\015403\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 2848 / 015403][C:\Documents and Settings\015403\桌面\sreng2\SREbd77c93d.EXE] [Smallfrogs Studio, 2.7.0.1210] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Documents and Settings\015403\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] -------------------------------------------------------------------------------- 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock 提供者 N/A -------------------------------------------------------------------------------- Autorun.inf N/A -------------------------------------------------------------------------------- HOSTS 文件 127.0.0.1 c0mo.com 127.0.0.1 gxgxy.net 127.0.0.1 pvs360.com 127.0.0.1 sl8cjs.cn 127.0.0.1 windowsupdeta.cn 127.0.0.1 up.22x44.com 127.0.0.1 my.531jx.cn 127.0.0.1 nx.51ylb.cn 127.0.0.1 llboss.com 127.0.0.1 down.malasc.cn 127.0.0.1 d2.llsging.com 127.0.0.1 171817.171817.com 127.0.0.1 wg.47255.com 127.0.0.1 www.tomwg.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 1.joppnqq.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.22aaa.com 127.0.0.1 ilove.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 www.868wg.com 127.0.0.1 2.joppnqq.com 127.0.0.1 1.jopanqc.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopmmqq.com 127.0.0.1 cao.kv8.info 127.0.0.1 xtx.kv8.info 127.0.0.1 new.749571.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 1.jopenkk.com 127.0.0.1 d.93se.com 127.0.0.1 3.joppnqq.com 127.0.0.1 xxx.j41m.com 127.0.0.1 1.jopenqc.com 127.0.0.1 xxx.m111.biz 127.0.0.1 down.18dd.net 127.0.0.1 www.333292.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.cike007.cn -------------------------------------------------------------------------------- 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1056, C:\WINDOWS\RTHDCPL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1220, C:\WINDOWS\VM_STI.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2784, C:\DOCUMENTS AND SETTINGS\015403\桌面\SRENG2\SRENGLDR.EXE] -------------------------------------------------------------------------------- 计划任务 [已启用] User_Feed_Synchronization-{69D2927E-2B9F-407E-98A9-AD295ECCEF46}.job C:\WINDOWS\system32\msfeedssync.exe -------------------------------------------------------------------------------- API HOOK N/A -------------------------------------------------------------------------------- 隐藏进程 N/A --------------------------------------------------------------------------------