[CODE] 2009-03-03,16:16:38 System Repair Engineer 2.6.10.990 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{864D3D53-054C-4108-B493-E5B515077464}> [] <{5634BF3C-AFF3-4D25-A312-706ED6935B17}> [] <{29F80C96-4921-4176-BC73-1EA63A46C734}> [] <{5858442C-B4F1-4AC2-A6DD-2FBC8C4F67A9}> [] <{40BDC02E-7D17-4915-A636-C224F9580D90}> [] <{A0F90B82-6D9E-47B7-B6EE-43E3A0B0E959}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] <40BDC02E> [] [] <864D3D53> [] <29F80C96> [] <5858442C> [] <5634BF3C> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Control Panel\Desktop] [ADA Software] ================================== 启动文件夹 N/A ================================== 服务 [Contrl Center of Storm Media / ccosm][Stopped/Auto Start] <北京暴风网际科技有限公司> [Qvod Terminal / Qvod Terminal][Stopped/Auto Start] ================================== 驱动程序 [360procmon / 360procmon][Stopped/Manual Start] <\??\C:\Program Files\360safe\safemon\360procmon.sys><> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start] [Microsoft HID Class Driver / HidUsb][Running/Boot Start] <\SystemRoot\system32\DRIVERS\hidusb.sys> [Intel AHCI Controller / iaStor7][Running/Boot Start] <\SystemRoot\system32\drivers\iastor7.sys> [Keyboard HID Driver / kbdhid][Running/Boot Start] <\SystemRoot\system32\DRIVERS\kbdhid.sys> [nv / nv][Stopped/Manual Start] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvrd32.sys> [Direct Parallel Link Driver / Ptilink][Stopped/Manual Start] [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Stopped/Manual Start] [SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start] <\??\C:\windows\system32\Drivers\safeboxkrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [Microsoft USB Generic Parent Driver / usbccgp][Stopped/Manual Start] [viamraid / viamraid][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> ================================== 浏览器加载项 [654啦] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} [启动WEB迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [WebThunder Class] {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [使用WEB迅雷下载] [使用WEB迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 160][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 212][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 236][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [C:\windows\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1132.0 (xpsp.080413-0852)] [C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)] [C:\windows\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\System32\dimsntfy.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.5507 (xpsp.080318-1711)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [PID: 280][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\windows\system32\SCESRV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\eventlog.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 292][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\LSASRV.dll] [Microsoft Corporation, 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)] [C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)] [C:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SAMSRV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\cryptdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [C:\windows\system32\msprivs.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\kerberos.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.5594 (xpsp_sp3_qfe.080503-1404)] [C:\windows\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\netlogon.dll] [Microsoft Corporation, 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)] [C:\windows\system32\w32time.dll] [Microsoft Corporation, 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)] [C:\windows\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\windows\system32\schannel.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\wdigest.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.5507 (xpsp.080318-1711)] [C:\windows\system32\setupapi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\scecli.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [PID: 444][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [C:\windows\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.700] [PID: 508][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.5507 (xpsp.080318-1711)] [C:\windows\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.700] [PID: 552][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [C:\windows\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [c:\windows\system32\cryptsvc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [c:\windows\system32\certcli.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [c:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284] [C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [c:\windows\system32\ESENT.dll] [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)] [c:\windows\system32\wbem\wmisvc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\VSSAPI.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [c:\windows\system32\dmserver.dll] [Microsoft Corp., 2600.5512.503.0] [c:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.700] [C:\WINDOWS\system32\wbem\wbemcore.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\wbem\esscli.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\WINDOWS\system32\wbem\wbemcomn.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\WINDOWS\system32\wbem\FastProx.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)] [C:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\wbem\wmiutils.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\WINDOWS\system32\wbem\repdrvfs.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\WINDOWS\system32\wbem\wmiprvsd.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\WINDOWS\system32\wbem\wbemess.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.5507 (xpsp.080318-1711)] [C:\WINDOWS\system32\wbem\ncprov.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [PID: 760][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.080413-2105)] [C:\windows\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.700] [C:\windows\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\themeui.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\msutb.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msi.dll] [Microsoft Corporation, 3.1.4001.5512] [C:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\netshell.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\dot3api.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\dot3dlg.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\OneX.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\eappcfg.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\eappprxy.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1132.0 (xpsp.080413-0852)] [C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\windows\system32\MLANG.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\QvodPlayer\QvodBand.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0] [PID: 1156][H:\sreng990\123.exe] [Smallfrogs Studio, 2.6.10.990] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [PID: 1164][H:\sreng990\SREa61c7896.EXE] [Smallfrogs Studio, 2.6.10.990] [C:\windows\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)] [C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)] [C:\windows\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\oledlg.dll] [Microsoft Corporation, 1.0 (xpsp.080413-2108)] [C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] [C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.5512] [C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\lolokkic.dll] [N/A, ] [C:\windows\system32\kgbdcgie.dll] [N/A, ] [C:\windows\system32\agfpgboi.dll] [N/A, ] [C:\windows\system32\omkdjdlj.dll] [N/A, ] [C:\windows\system32\lmjkbfjc.dll] [N/A, ] [C:\windows\system32\ipfogcpm.dll] [N/A, ] [C:\windows\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1230] [C:\windows\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\windows\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\windows\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.5507 (xpsp.080318-1711)] [C:\windows\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\windows\system32\netapi32.dll] [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\system32\wsock32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\rasman.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)] [C:\windows\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\windows\system32\Winsta.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\windows\system32\utildll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\windows\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 236, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1156, H:\SRENG990\123.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]