本报告由QQ医生提供 http://im.qq.com/doctor/ 诊断时间: 2009-04-22 04:38:08 操作系统: Windows XP Service Pack 2 QQ医生版本: QQDoctor.exe 2, 1, 9, 202 DrUpdate.exe 2009, 4, 10, 15 TSELoder.DAT 2008, 1, 28, 13 TSEngine.DAT 2008, 4, 7, 25 TSEPB.DAT 2009, 3, 5, 35 TSFSEngine.DAT 2009, 3, 11, 7 TSFileFilter.DAT 2007, 12, 5, 01 TSKsp.sys 2009, 3, 31, 17 TSKSPLIB.dat 2009, 3, 16, 10 TSVulMon.DAT 2009, 4, 2, 10 TSVulChk.dat 2009, 4, 20, 13 QQ文件版本: QQ2008 正式版 (8.0.985.400) ====================进程项==================== C:\WINDOWS\system32\conime.exe (Microsoft Corporation, 27.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 30162ff3b6fe72a9799dfb496111fe02 \??\C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, 6.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 3502114e4cb83e491a80fc361c1dc7b7 C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, 15.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 4cc6277445d2d388a4cd827086a5f5f0 C:\WINDOWS\explorer.exe (Microsoft Corporation, 954.0 KB, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)) 82b8373ed12a602820108f6154bf0c4c C:\WINDOWS\explorer.exe [Microsoft Corporation] C:\WINDOWS\system32\ntdll.dll [Microsoft Corporation] C:\WINDOWS\system32\kernel32.dll [Microsoft Corporation] C:\WINDOWS\system32\msvcrt.dll [Microsoft Corporation] C:\WINDOWS\system32\ADVAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\RPCRT4.dll [Microsoft Corporation] C:\WINDOWS\system32\GDI32.dll [Microsoft Corporation] C:\WINDOWS\system32\USER32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHLWAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation] C:\WINDOWS\system32\OLEAUT32.dll [Microsoft Corporation] C:\WINDOWS\system32\BROWSEUI.dll [Microsoft Corporation] C:\WINDOWS\system32\SHDOCVW.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPT32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSASN1.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPTUI.dll [Microsoft Corporation] C:\WINDOWS\system32\WINTRUST.dll [Microsoft Corporation] C:\WINDOWS\system32\IMAGEHLP.dll [Microsoft Corporation] C:\WINDOWS\system32\NETAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation] C:\WINDOWS\system32\Normaliz.dll [Microsoft Corporation] C:\WINDOWS\system32\iertutil.dll [Microsoft Corporation] C:\WINDOWS\system32\WLDAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\VERSION.dll [Microsoft Corporation] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation] C:\WINDOWS\system32\ShimEng.dll [Microsoft Corporation] C:\WINDOWS\AppPatch\AcGenral.DLL [Microsoft Corporation] C:\WINDOWS\system32\WINMM.dll [Microsoft Corporation] C:\WINDOWS\system32\MSACM32.dll [Microsoft Corporation] C:\WINDOWS\system32\USERENV.dll [Microsoft Corporation] C:\WINDOWS\system32\IMM32.DLL [Microsoft Corporation] C:\WINDOWS\system32\LPK.DLL [Microsoft Corporation] C:\WINDOWS\system32\USP10.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [Microsoft Corporation] C:\WINDOWS\system32\comctl32.dll [Microsoft Corporation] C:\WINDOWS\system32\apphelp.dll [Microsoft Corporation] C:\WINDOWS\system32\msctfime.ime [Microsoft Corporation] C:\WINDOWS\system32\CLBCATQ.DLL [Microsoft Corporation] C:\WINDOWS\system32\COMRes.dll [Microsoft Corporation] C:\WINDOWS\System32\cscui.dll [Microsoft Corporation] C:\WINDOWS\System32\CSCDLL.dll [Microsoft Corporation] C:\WINDOWS\system32\themeui.dll [Microsoft Corporation] C:\WINDOWS\system32\Secur32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSIMG32.dll [Microsoft Corporation] C:\WINDOWS\system32\xpsp2res.dll [Microsoft Corporation] C:\WINDOWS\system32\msutb.dll [Microsoft Corporation] C:\WINDOWS\system32\MSCTF.dll [Microsoft Corporation] C:\WINDOWS\system32\LINKINFO.dll [Microsoft Corporation] C:\WINDOWS\system32\ntshrui.dll [Microsoft Corporation] C:\WINDOWS\system32\ATL.DLL [Microsoft Corporation] C:\WINDOWS\system32\SAMLIB.dll [Microsoft Corporation] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation] C:\WINDOWS\system32\ieframe.dll [Microsoft Corporation] C:\WINDOWS\system32\PSAPI.DLL [Microsoft Corporation] C:\WINDOWS\system32\WS2_32.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2HELP.dll [Microsoft Corporation] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation] C:\WINDOWS\system32\MLANG.dll [Microsoft Corporation] C:\WINDOWS\fonts\MbYd9jxUHkYS.fon [] C:\WINDOWS\system32\rsaenh.dll [Microsoft Corporation] C:\Program Files\Internet Explorer\PowerJa.ask [] C:\WINDOWS\system32\WINSTA.dll [Microsoft Corporation] C:\WINDOWS\system32\JZZ.dll [Microsoft Corporation] C:\WINDOWS\system32\WSOCK32.DLL [Microsoft Corporation] C:\WINDOWS\system32\SXS.DLL [Microsoft Corporation] C:\WINDOWS\system32\igfxpph.dll [Intel Corporation] C:\WINDOWS\system32\hccutils.DLL [Intel Corporation] C:\WINDOWS\system32\igfxres.dll [Intel Corporation] C:\WINDOWS\system32\igfxress.dll [Intel Corporation] C:\WINDOWS\system32\igfxsrvc.dll [Intel Corporation] C:\WINDOWS\system32\efc0c52cc1.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SysDir.dat [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\elementzx.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msfsdafdsae.dat [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\elementgj.dll [] C:\WINDOWS\system32\BMsg6pdMD4ht.dll [] C:\WINDOWS\system32\MPR.dll [Microsoft Corporation] C:\WINDOWS\System32\drprov.dll [Microsoft Corporation] C:\WINDOWS\System32\ntlanman.dll [Microsoft Corporation] C:\WINDOWS\System32\NETUI0.dll [Microsoft Corporation] C:\WINDOWS\System32\NETUI1.dll [Microsoft Corporation] C:\WINDOWS\System32\NETRAP.dll [Microsoft Corporation] C:\WINDOWS\System32\davclnt.dll [Microsoft Corporation] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat [] C:\WINDOWS\system32\76B9BA7A.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccs.dll [] C:\WINDOWS\fonts\Xgv7TbnvD3yvn.fon [] C:\WINDOWS\system32\ed78ab9.dll [] C:\sysinit.dat [] C:\WINDOWS\system32\CCCA2FB9.dll [] C:\WINDOWS\system32\aaaaaaaa.dat [] C:\WINDOWS\system32\TcpIpDog1.dll [] C:\WINDOWS\system32\comdlg32.dll [Microsoft Corporation] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation] C:\WINDOWS\system32\hnetcfg.dll [Microsoft Corporation] C:\WINDOWS\System32\wshtcpip.dll [Microsoft Corporation] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation] C:\WINDOWS\System32\winrnr.dll [Microsoft Corporation] C:\WINDOWS\system32\rasadhlp.dll [Microsoft Corporation] C:\WINDOWS\system32\E4814792.dll [] C:\WINDOWS\system32\VnTU2WAqUcZA6.dll [] C:\WINDOWS\system32\sFp9MGAh.dll [] C:\WINDOWS\system32\mtlrd.dll [] C:\WINDOWS\system32\OLEACC.DLL [Microsoft Corporation] C:\WINDOWS\system32\MSVCP60.dll [Microsoft Corporation] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation] C:\WINDOWS\system32\MSGINA.dll [Microsoft Corporation] C:\WINDOWS\system32\ODBC32.dll [Microsoft Corporation] C:\WINDOWS\system32\odbcint.dll [Microsoft Corporation] C:\WINDOWS\system32\syncui.dll [Microsoft Corporation] C:\WINDOWS\system32\MFC42LOC.DLL [Microsoft Corporation] C:\Program Files\WinRAR\rarext.dll [] C:\ftc2009\FTCCommenu.dll [Fygsoft and Microsoft] C:\WINDOWS\system32\zipfldr.dll [Microsoft Corporation] C:\WINDOWS\system32\mydocs.dll [Microsoft Corporation] C:\WINDOWS\system32\sendmail.dll [Microsoft Corporation] C:\WINDOWS\system32\shgina.dll [Microsoft Corporation] C:\WINDOWS\system32\shimgvw.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll [Microsoft Corporation] C:\WINDOWS\system32\actxprxy.dll [Microsoft Corporation] C:\WINDOWS\system32\NETSHELL.dll [Microsoft Corporation] C:\WINDOWS\system32\rtutils.dll [Microsoft Corporation] C:\WINDOWS\system32\credui.dll [Microsoft Corporation] C:\WINDOWS\system32\mscms.dll [Microsoft Corporation] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, 609.0 KB, 7.00.6000.16441 (vista_gdr.070219-1500)) 683dde71bcf03b501b912d20cb93b549 C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, 240.0 KB, 6.14.10.4820) 4292cd41e8825022b436d65932d765f4 E:\Dr.COM 宽带认证客户端\ishare_user.exe (城市热点有限公司, 464.0 KB, 3, 482, 2, 1138) 387a59abebadb45ad59ac595473ce23b C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, 13.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 891600e79c38249028f1bacc1c6cc5d2 C:\WINDOWS\system32\ntdll.dll [Microsoft Corporation] C:\WINDOWS\system32\kernel32.dll [Microsoft Corporation] C:\WINDOWS\system32\AVICAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\USER32.dll [Microsoft Corporation] C:\WINDOWS\system32\GDI32.dll [Microsoft Corporation] C:\WINDOWS\system32\WINMM.dll [Microsoft Corporation] C:\WINDOWS\system32\ADVAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\RPCRT4.dll [Microsoft Corporation] C:\WINDOWS\system32\VERSION.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVFW32.dll [Microsoft Corporation] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation] C:\WINDOWS\system32\msvcrt.dll [Microsoft Corporation] C:\WINDOWS\system32\SHLWAPI.dll [Microsoft Corporation] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll [Microsoft Corporation] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSVCP60.dll [Microsoft Corporation] C:\WINDOWS\system32\WSOCK32.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2_32.dll [Microsoft Corporation] C:\WINDOWS\system32\WS2HELP.dll [Microsoft Corporation] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation] C:\WINDOWS\system32\Normaliz.dll [Microsoft Corporation] C:\WINDOWS\system32\iertutil.dll [Microsoft Corporation] C:\WINDOWS\system32\PSAPI.DLL [Microsoft Corporation] C:\WINDOWS\system32\OLEPRO32.DLL [Microsoft Corporation] C:\WINDOWS\system32\OLEAUT32.dll [Microsoft Corporation] C:\WINDOWS\system32\IMAGEHLP.dll [Microsoft Corporation] C:\WINDOWS\system32\MSIMG32.dll [Microsoft Corporation] C:\WINDOWS\system32\NETAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation] C:\WINDOWS\system32\IMM32.DLL [Microsoft Corporation] C:\WINDOWS\system32\LPK.DLL [Microsoft Corporation] C:\WINDOWS\system32\USP10.dll [Microsoft Corporation] C:\WINDOWS\system32\MFC42LOC.DLL [Microsoft Corporation] C:\WINDOWS\system32\MSCTF.dll [Microsoft Corporation] C:\WINDOWS\system32\aaaaaaaa.dat [] C:\WINDOWS\system32\pkn.dll [Microsoft Corporation] C:\WINDOWS\system32\bwz.dll [Microsoft Corporation] C:\WINDOWS\system32\mtlrd.dll [] C:\WINDOWS\system32\ATL.DLL [Microsoft Corporation] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation] C:\WINDOWS\system32\apphelp.dll [Microsoft Corporation] C:\WINDOWS\system32\msctfime.ime [Microsoft Corporation] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation] C:\WINDOWS\system32\OLEACC.DLL [Microsoft Corporation] C:\WINDOWS\system32\CLBCATQ.DLL [Microsoft Corporation] C:\WINDOWS\system32\COMRes.dll [Microsoft Corporation] C:\WINDOWS\system32\xpsp2res.dll [Microsoft Corporation] C:\WINDOWS\system32\SXS.DLL [Microsoft Corporation] C:\WINDOWS\system32\CCCA2FB9.dll [] C:\WINDOWS\system32\rsaenh.dll [Microsoft Corporation] C:\WINDOWS\fonts\Xgv7TbnvD3yvn.fon [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xccs.dll [] C:\WINDOWS\system32\76B9BA7A.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat [] C:\WINDOWS\system32\BMsg6pdMD4ht.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\elementgj.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\elementzx.dll [] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SysDir.dat [] C:\WINDOWS\fonts\MbYd9jxUHkYS.fon [] C:\Program Files\Tencent\QQ\gdiplus.dll [Microsoft Corporation] C:\WINDOWS\system32\asycfilt.dll [Microsoft Corporation] C:\WINDOWS\system32\comdlg32.dll [Microsoft Corporation] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation] C:\WINDOWS\System32\winrnr.dll [Microsoft Corporation] C:\WINDOWS\system32\WLDAP32.dll [Microsoft Corporation] C:\WINDOWS\system32\rasadhlp.dll [Microsoft Corporation] C:\WINDOWS\system32\TcpIpDog1.dll [] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation] C:\WINDOWS\system32\hnetcfg.dll [Microsoft Corporation] C:\WINDOWS\System32\wshtcpip.dll [Microsoft Corporation] C:\WINDOWS\system32\Secur32.dll [Microsoft Corporation] C:\WINDOWS\system32\CRYPT32.dll [Microsoft Corporation] C:\WINDOWS\system32\MSASN1.dll [Microsoft Corporation] C:\WINDOWS\system32\mscms.dll [Microsoft Corporation] C:\WINDOWS\system32\devenum.dll [Microsoft Corporation] C:\WINDOWS\system32\setupapi.dll [Microsoft Corporation] C:\WINDOWS\system32\WINTRUST.dll [Microsoft Corporation] C:\WINDOWS\system32\msdmo.dll [Microsoft Corporation] C:\WINDOWS\system32\ieframe.dll [Microsoft Corporation] C:\WINDOWS\system32\RASAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\rasman.dll [Microsoft Corporation] C:\WINDOWS\system32\TAPI32.dll [Microsoft Corporation] C:\WINDOWS\system32\rtutils.dll [Microsoft Corporation] C:\WINDOWS\system32\USERENV.dll [Microsoft Corporation] C:\WINDOWS\system32\DINPUT.dll [Microsoft Corporation] C:\WINDOWS\system32\wtsapi32.dll [Microsoft Corporation] C:\WINDOWS\system32\WINSTA.dll [Microsoft Corporation] C:\WINDOWS\system32\HID.DLL [Microsoft Corporation] C:\WINDOWS\system32\CFGMGR32.dll [Microsoft Corporation] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, 32.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 65a70ec4649499399b50ac75d911a501 C:\WINDOWS\system32\services.exe (Microsoft Corporation, 105.5 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 9cabf264ce1177cafbbba4b910a44c79 \SystemRoot\System32\smss.exe (Microsoft Corporation, 49.5 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) 32d5d8666e082f567923db579b5390fc C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, 14.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a22d7b3594c381efb3395a072725fe95 \??\C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, 476.0 KB, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) a5153e6b7b02545f789af2fcd27fb325 C:\Program Files\WinRAR\WinRAR.exe (, 915.0 KB, ) 4c29efc4f5a9f4d11567c4fa57d9ca06 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.141\请运行.exe (, 48.0 KB, ) c1f2ec172aae1ab0199ceba137a6bad3 ====================启动项==================== AlternateShell [Microsoft Corporation] (cmd.exe) "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot" 722a247acb86960a708528120759266d AlternateShell [Microsoft Corporation] (cmd.exe) "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot" 722a247acb86960a708528120759266d BootExecute [Microsoft Corporation] (autochk *) "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" 288e9c01f3325ff420fa685c6ec6a831 ctfmon.exe [Microsoft Corporation] (C:\WINDOWS\system32\ctfmon.exe) "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 4cc6277445d2d388a4cd827086a5f5f0 HotKeysCmds [] (; C:\WINDOWS\system32\hkcmd.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" IgfxTray [] (; C:\WINDOWS\system32\igfxtray.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" KernelFaultCheck [] (; %systemroot%\system32\dumprep 0 -k) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MSConfig [Microsoft Corporation] (C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 6ecdd16dd081b6390466dc21917d2a47 msnmsgr [] (; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background) "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Persistence [] (; C:\WINDOWS\system32\igfxpers.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" PPS Accelerator [] (; D:\Program Files\PPStream\ppsap.exe) "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" SbGX [] (%systemroot%\system32\rundll32.exe %systemroot%\system32\ChwAgu.dll,DllRegisterServer) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" Shell [Microsoft Corporation] (Explorer.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 82b8373ed12a602820108f6154bf0c4c stup.exe [] (; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" UIHost [Microsoft Corporation] (logonui.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" c35f08e88fcdcc44926ec97000078bcc updater [] (; C:\WINDOWS\system32\updater.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Userinit [Microsoft Corporation] (C:\WINDOWS\system32\userinit.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 43d11ddf7c0f6fab812c8cd95db9ede0 Vagaa [] (; "C:\Vagaa\Vagaa.exe" -tray) "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Windows木马防火墙 [风云谷科技] (C:\ftc2009\Trojanwall.exe) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 8e751cf963ec2b4724b4b849c7bf3598 ====================BHO==================== {235689AC-3467-EF12-0134-9ACDF0134679} [Microsoft Corporation] {235689AC-3467-EF12-0134-9ACDF0134679} "C:\WINDOWS\system32\ETT.dll" 启用 10cbbbc45ee37049ff23c124887fd2ed CAdLogic Object [] {11F09AFD-75AD-4E51-AB43-E09E9351CE16} "C:\Program Files\Common Files\PushWare\cpush.dll" 启用 f424e419e77ab2d24bcc4d8d536bbc1d ====================IE右键菜单==================== &V使用Vagaa哇嘎下载 [C:\Vagaa\Data\vg.htm] 使用迅雷下载 [D:\Program Files\迅雷\Program\geturl.htm] 使用迅雷下载全部链接 [D:\Program Files\迅雷\Program\getallurl.htm] 添加到QQ表情 [C:\Program Files\Tencent\QQ\AddEmotion.htm] ====================默认浏览器==================== ftp [Microsoft Corporation] ("C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1) 683dde71bcf03b501b912d20cb93b549 htmlfile [Microsoft Corporation] ("C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome) 683dde71bcf03b501b912d20cb93b549 http [Microsoft Corporation] ("C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome) 683dde71bcf03b501b912d20cb93b549 https [Microsoft Corporation] ("C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome) 683dde71bcf03b501b912d20cb93b549 ====================系统服务==================== Alerter [Microsoft Corporation] "C:\WINDOWS\system32\alrsvc.dll" 禁用 d3b55cadbe9bdc57e0c8601842e43066 ALG [Microsoft Corporation] "C:\WINDOWS\System32\alg.exe" 禁用 a9de20df2c89b6b2ffda0e6cd52a8599 AppMgmt [Microsoft Corporation] "C:\WINDOWS\System32\appmgmts.dll" 禁用 997e5e4ae270d9e9392f3e81afe34564 AudioSrv [Microsoft Corporation] "C:\WINDOWS\System32\audiosrv.dll" 禁用 bb9c41f8af9593a0ba0faabf28051bc4 BITS [Microsoft Corporation] "C:\WINDOWS\system32\qmgr.dll" 禁用 cdc7027806a38968592c54ea2555c147 Browser [Microsoft Corporation] "C:\WINDOWS\System32\browser.dll" 禁用 7f0b098e0ea857f40c155785cc9a7239 CiSvc [Microsoft Corporation] "C:\WINDOWS\system32\cisvc.exe" 禁用 ea4078ba0794994ad10d0371ce2070f9 ClipSrv [Microsoft Corporation] "C:\WINDOWS\system32\clipsrv.exe" 禁用 95d48a471e45a78e145ce3e8a2e6f61b COMSysApp [Microsoft Corporation] "C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" 禁用 0a8fa72d426143f4f694068e9e93f5f1 CryptSvc [Microsoft Corporation] "C:\WINDOWS\System32\cryptsvc.dll" 启用 c78fbd718a49039ecd024605d855ba5a DcomLaunch [Microsoft Corporation] "C:\WINDOWS\system32\rpcss.dll" 启用 66966ed732695921403860401129f675 Dhcp [Microsoft Corporation] "C:\WINDOWS\System32\dhcpcsvc.dll" 启用 fbddbfd92558065168e54298d6647134 dmadmin [Microsoft Corp., Veritas Software] "C:\WINDOWS\System32\dmadmin.exe /com" 禁用 8ad6ae71db443084ab8332d89b00a449 dmserver [Microsoft Corp.] "C:\WINDOWS\System32\dmserver.dll" 启用 9c690c012ff38710ea3fee2984f43006 Dnscache [Microsoft Corporation] "C:\WINDOWS\System32\dnsrslvr.dll" 启用 72d05a51461f31e59ad6edff27c46aa9 ERSvc [Microsoft Corporation] "C:\WINDOWS\System32\ersvc.dll" 禁用 8b8064d31bacb4f8371a1da3f0daf97e Eventlog [Microsoft Corporation] "C:\WINDOWS\system32\services.exe" 启用 9cabf264ce1177cafbbba4b910a44c79 EventSystem [Microsoft Corporation] "C:\WINDOWS\system32\es.dll" 禁用 fd8580bd48f5bf32707c4ad6a333c34d FastUserSwitchingCompatibility [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 禁用 fea6ee44ff8bdf8309ff0d010d20b70d helpsvc [Microsoft Corporation] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" 禁用 a37732a722edeb76522e8c826abd87e5 HidServ [] "C:\WINDOWS\System32\hidserv.dll" 禁用 HTTPFilter [Microsoft Corporation] "C:\WINDOWS\System32\w3ssl.dll" 禁用 c377bb41180c4def6481c691aa962917 ImapiService [Microsoft Corporation] "C:\WINDOWS\system32\imapi.exe" 禁用 100781d36ae5ffbf0a96fc8ce57c31a7 lanmanserver [Microsoft Corporation] "C:\WINDOWS\System32\srvsvc.dll" 禁用 4dcc809bc8b41527f4b1e266388873ab lanmanworkstation [Microsoft Corporation] "C:\WINDOWS\System32\wkssvc.dll" 启用 1d874b3215dd0a53d7893abd46325f19 LmHosts [Microsoft Corporation] "C:\WINDOWS\System32\lmhsvc.dll" 启用 7b8a110aae74605fa301b1b249c4f561 Messenger [Microsoft Corporation] "C:\WINDOWS\System32\msgsvc.dll" 禁用 682805e6394d20e2f2a3402a329f1ace mnmsrvc [Microsoft Corporation] "C:\WINDOWS\system32\mnmsrvc.exe" 禁用 d9972601d1bdc3f15275a6d0202b1e61 MSDTC [Microsoft Corporation] "C:\WINDOWS\system32\msdtc.exe" 禁用 8461b089f14a35411b32b2fb4602bc11 MSIServer [Microsoft Corporation] "C:\WINDOWS\system32\msiexec.exe /V" 禁用 f5f0146580e7023adb963879840777f8 NetDDE [Microsoft Corporation] "C:\WINDOWS\system32\netdde.exe" 禁用 c8b34df15e22bc172e784d36d8210602 NetDDEdsdm [Microsoft Corporation] "C:\WINDOWS\system32\netdde.exe" 禁用 c8b34df15e22bc172e784d36d8210602 Netlogon [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 891600e79c38249028f1bacc1c6cc5d2 Netman [Microsoft Corporation] "C:\WINDOWS\System32\netman.dll" 启用 602d944cfca1694debcf863008b5663f Nla [Microsoft Corporation] "C:\WINDOWS\System32\mswsock.dll" 禁用 8eb20d41eef8e61a7c6865c46e768e18 NtLmSsp [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 891600e79c38249028f1bacc1c6cc5d2 NtmsSvc [Microsoft Corporation] "C:\WINDOWS\system32\ntmssvc.dll" 禁用 d1c443e3fd1491d459bad3c29caa1cde PlugPlay [Microsoft Corporation] "C:\WINDOWS\system32\services.exe" 启用 9cabf264ce1177cafbbba4b910a44c79 PolicyAgent [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 891600e79c38249028f1bacc1c6cc5d2 ProtectedStorage [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 891600e79c38249028f1bacc1c6cc5d2 RasAuto [Microsoft Corporation] "C:\WINDOWS\System32\rasauto.dll" 禁用 73f57631d090770afda31dae9b84aa5c RasMan [Microsoft Corporation] "C:\WINDOWS\System32\rasmans.dll" 禁用 5230fb741993eefb3badab4ebed81966 RDSessMgr [Microsoft Corporation] "C:\WINDOWS\system32\sessmgr.exe" 禁用 f28de50c35113ac6f813121105c17552 RemoteAccess [Microsoft Corporation] "C:\WINDOWS\System32\mprdim.dll" 禁用 761dceac6eccef5aa38974d0cd53dee8 RemoteRegistry [Microsoft Corporation] "C:\WINDOWS\system32\regsvc.dll" 禁用 210be938c78e1c39fc397ef117c2b94f RpcLocator [Microsoft Corporation] "C:\WINDOWS\system32\locator.exe" 禁用 cf55d680db483883fd0765449e2e1a53 RpcSs [Microsoft Corporation] "C:\WINDOWS\system32\rpcss.dll" 启用 66966ed732695921403860401129f675 RSVP [Microsoft Corporation] "C:\WINDOWS\system32\rsvp.exe" 禁用 53a79336f917ca1ff120043dcb74def8 SamSs [Microsoft Corporation] "C:\WINDOWS\system32\lsass.exe" 禁用 891600e79c38249028f1bacc1c6cc5d2 SCardSvr [Microsoft Corporation] "C:\WINDOWS\System32\SCardSvr.exe" 禁用 ea08e7fecd0d3b87299219a695ba6044 Schedule [Microsoft Corporation] "C:\WINDOWS\system32\schedsvc.dll" 禁用 64d0e7a615a59670c61e7f3de9cc9b39 seclogon [Microsoft Corporation] "C:\WINDOWS\System32\seclogon.dll" 禁用 2027dd427d91a3b7488912ff75cffb2d SENS [Microsoft Corporation] "C:\WINDOWS\system32\sens.dll" 禁用 da59bb205b7032312ea7725d3d4cbdd7 SharedAccess [Microsoft Corporation] "C:\WINDOWS\System32\ipnathlp.dll" 启用 1311c5120aaa9a50696884ae12fdb945 ShellHWDetection [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 禁用 fea6ee44ff8bdf8309ff0d010d20b70d Spooler [Microsoft Corporation] "C:\WINDOWS\system32\spoolsv.exe" 禁用 ad3d9d191aea7b5445fe1d82ffbb4788 srservice [Microsoft Corporation] "C:\WINDOWS\system32\srsvc.dll" 启用 dda0bc29483f867468a1f500c07e09f0 SSDPSRV [Microsoft Corporation] "C:\WINDOWS\System32\ssdpsrv.dll" 禁用 516bb4c1fdeec32792faa09008416a9b stisvc [Microsoft Corporation] "C:\WINDOWS\system32\wiaservc.dll" 禁用 1307d5021b68f0176ef26f7f3b17db8e SwPrv [Microsoft Corporation] "C:\WINDOWS\system32\dllhost.exe /Processid:{C4526C42-3E21-40DF-8002-438905B0A925}" 禁用 0a8fa72d426143f4f694068e9e93f5f1 SysmonLog [Microsoft Corporation] "C:\WINDOWS\system32\smlogsvc.exe" 禁用 b7022b3616ca3f632c18426837ddf6de TapiSrv [Microsoft Corporation] "C:\WINDOWS\System32\tapisrv.dll" 禁用 0ae042742b25be7dffdb218daa656c21 TermService [Microsoft Corporation] "C:\WINDOWS\System32\termsrv.dll" 启用 ab5b2ac7ffb870673d6806e974bf2f52 Themes [Microsoft Corporation] "C:\WINDOWS\System32\shsvcs.dll" 禁用 fea6ee44ff8bdf8309ff0d010d20b70d TlntSvr [Microsoft Corporation] "C:\WINDOWS\system32\tlntsvr.exe" 禁用 e2eb3902bf37693609390b334ce13c33 TrkWks [Microsoft Corporation] "C:\WINDOWS\system32\trkwks.dll" 禁用 91bef237caaa97abf07ff235a7f2da7f upnphost [Microsoft Corporation] "C:\WINDOWS\System32\upnphost.dll" 禁用 fe677a49f6d29ea83b8c9868a442392d UPS [Microsoft Corporation] "C:\WINDOWS\System32\ups.exe" 禁用 9cf73b37823794e0b30dd71137dcff1a VSS [Microsoft Corporation] "C:\WINDOWS\System32\vssvc.exe" 禁用 1ef0ef50df1679052b6fa1859dbb9662 W32Time [Microsoft Corporation] "C:\WINDOWS\system32\w32time.dll" 禁用 f8559534a2e23a44f0a03d53e3022519 WebClient [Microsoft Corporation] "C:\WINDOWS\System32\webclnt.dll" 禁用 607dbb6167caa5d6837a88f08795f904 winmgmt [Microsoft Corporation] "C:\WINDOWS\system32\wbem\WMIsvc.dll" 启用 ec735ce05be04b9e685479f59c7c4159 WmdmPmSN [Microsoft Corporation] "C:\WINDOWS\system32\mspmsnsv.dll" 禁用 17c0792db9156f79d176fae9ea539eb5 Wmi [Microsoft Corporation] "C:\WINDOWS\System32\advapi32.dll" 禁用 7a6ba833851cf17f32fab3bfba62da75 WmiApSrv [Microsoft Corporation] "C:\WINDOWS\system32\wbem\wmiapsrv.exe" 禁用 5c23ddc43ba370a788eeb8c9aeb8b2db wscsvc [Microsoft Corporation] "C:\WINDOWS\system32\wscsvc.dll" 禁用 89a37acd0ef00571a28c4e63d54b402f wuauserv [Microsoft Corporation] "C:\WINDOWS\system32\wuauserv.dll" 禁用 c52bece821cf75fdd93753e47a8741fb WZCSVC [Microsoft Corporation] "C:\WINDOWS\System32\wzcsvc.dll" 启用 5b5cfccae9c690432707014627ff3b36 xmlprov [Microsoft Corporation] "C:\WINDOWS\System32\xmlprov.dll" 禁用 e581208b0b84caaeebe56a51b1bf9d6d ====================协议相关==================== about [Microsoft Corporation] {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 cdl [Microsoft Corporation] {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff Class Install Handler [Microsoft Corporation] {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff deflate [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff dvd [Microsoft Corporation] {12D51199-0DB5-46FE-A120-47A3D7D937CC} "C:\WINDOWS\system32\msvidctl.dll" 启用 0360dda8a8c7cd49667c8291993754d7 file [Microsoft Corporation] {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff ftp [Microsoft Corporation] {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff gopher [Microsoft Corporation] {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff gzip [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff http [Microsoft Corporation] {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff https [Microsoft Corporation] {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff its [Microsoft Corporation] {9D148291-B9C8-11D0-A4CC-0000F80149F6} "C:\WINDOWS\system32\itss.dll" 启用 32c0ac4c0d3f1b099be351d61caa6401 javascript [Microsoft Corporation] {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 local [Microsoft Corporation] {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff lzdhtml [Microsoft Corporation] {8f6b0360-b80d-11d0-a9b3-006097942311} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff mailto [Microsoft Corporation] {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 mhtml [Microsoft Corporation] {05300401-BCBC-11d0-85E3-00C04FD85AB4} "C:\WINDOWS\system32\inetcomm.dll" 启用 deb065d4f983acbee49d49eb00ec2c86 mk [Microsoft Corporation] {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff ms-its [Microsoft Corporation] {9D148291-B9C8-11D0-A4CC-0000F80149F6} "C:\WINDOWS\system32\itss.dll" 启用 32c0ac4c0d3f1b099be351d61caa6401 res [Microsoft Corporation] {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 sysimage [Microsoft Corporation] {76E67A63-06E9-11D2-A840-006008059382} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 text/webviewhtml [Microsoft Corporation] {733AC4CB-F1A4-11d0-B951-00A0C90312E1} "C:\WINDOWS\system32\shell32.dll" 启用 867a70062c827141e8097f917ce95409 tv [Microsoft Corporation] {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} "C:\WINDOWS\system32\msvidctl.dll" 启用 0360dda8a8c7cd49667c8291993754d7 vbscript [Microsoft Corporation] {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "C:\WINDOWS\system32\mshtml.dll" 启用 fa229fe5a56434609e8c0fd86dc7bfd9 wia [Microsoft Corporation] {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} "C:\WINDOWS\system32\wiascr.dll" 启用 1433875db8b5b95167fcd52a400541d0 ====================已知DLL==================== advapi32 [Microsoft Corporation] "C:\WINDOWS\system32\advapi32.dll" 启用 7a6ba833851cf17f32fab3bfba62da75 comdlg32 [Microsoft Corporation] "C:\WINDOWS\system32\comdlg32.dll" 启用 4e56e03ec9a3554931011f267748fe0c gdi32 [Microsoft Corporation] "C:\WINDOWS\system32\gdi32.dll" 启用 7c09ea1879a163e4c83421d8e2ff1ada imagehlp [Microsoft Corporation] "C:\WINDOWS\system32\imagehlp.dll" 启用 d046cca42ff8f83767901da002df65a0 kernel32 [Microsoft Corporation] "C:\WINDOWS\system32\kernel32.dll" 启用 8f86d239f1e5c747d58dcd6bd851c7cd lz32 [Microsoft Corporation] "C:\WINDOWS\system32\lz32.dll" 启用 c3200506fb212a0f4fb736a80e646c40 ole32 [Microsoft Corporation] "C:\WINDOWS\system32\ole32.dll" 启用 401e7e3e207b0e16d5eea2c457270a7f oleaut32 [Microsoft Corporation] "C:\WINDOWS\system32\oleaut32.dll" 启用 c4490bce91e1248c98ba5ac4f19b4b77 olecli32 [Microsoft Corporation] "C:\WINDOWS\system32\olecli32.dll" 启用 a1842e7efb4c230f8a123a361545e842 olecnv32 [Microsoft Corporation] "C:\WINDOWS\system32\olecnv32.dll" 启用 165e5c27ce3b5d35fb9b2f26d9d37922 olesvr32 [Microsoft Corporation] "C:\WINDOWS\system32\olesvr32.dll" 启用 2c78271a8203df02fe98f42307043248 olethk32 [Microsoft Corporation] "C:\WINDOWS\system32\olethk32.dll" 启用 369c4ac059b301f57e8c27a188f24ebc rpcrt4 [Microsoft Corporation] "C:\WINDOWS\system32\rpcrt4.dll" 启用 5c6246e9acddfddac1fa1d746f88a0a9 shell32 [Microsoft Corporation] "C:\WINDOWS\system32\shell32.dll" 启用 867a70062c827141e8097f917ce95409 url [Microsoft Corporation] "C:\WINDOWS\system32\url.dll" 启用 afe7fce3444fd95bc30cf9834ad7660e urlmon [Microsoft Corporation] "C:\WINDOWS\system32\urlmon.dll" 启用 fc732fad02e86c0cabd644a3ab5a9aff user32 [Microsoft Corporation] "C:\WINDOWS\system32\user32.dll" 启用 178bf691f586bedb0c867e9fcc9a853b version [Microsoft Corporation] "C:\WINDOWS\system32\version.dll" 启用 ea0d25d5273ed0d31ae2f23f7ea086c7 wininet [Microsoft Corporation] "C:\WINDOWS\system32\wininet.dll" 启用 4254fdf11dd3ae9c4b28fb72a2009e39 wldap32 [Microsoft Corporation] "C:\WINDOWS\system32\wldap32.dll" 启用 b20e11e61b265bbcdc59ca9b39ff36eb ====================打印监控==================== BJ Language Monitor [Microsoft Corporation] "C:\WINDOWS\system32\cnbjmon.dll" 启用 f766aa29b2173121a72a78d82de9fd50 Local Port [Microsoft Corporation] "C:\WINDOWS\system32\localspl.dll" 启用 15181a41b2ef591404d3c32225bd753e PJL Language Monitor [Microsoft Corporation] "C:\WINDOWS\system32\pjlmon.dll" 启用 5e7a54a936fef300ec16797e6c134832 Standard TCP/IP Port [Microsoft Corporation] "C:\WINDOWS\system32\tcpmon.dll" 启用 81c5130093ea80d371cbaedacc225c73 USB Monitor [Microsoft Corporation] "C:\WINDOWS\system32\usbmon.dll" 启用 ac302623d451981b14b885b84ab1f9b5 ====================随系统加载的其它模块==================== {08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {0D267113-499A-4EEF-998D-C45731C1B313} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {16E42559-9ED5-46FD-878E-DC5D42746BB5} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {171565E3-F0BB-4FF0-9A42-C9406C79DB78} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {2EF0D734-21FD-4225-A1A2-BCD296182AAF} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {669029EE-81FB-496F-9AC4-FE838B16F231} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {704C3595-DB85-40F6-A601-8D6F346907BD} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {71C14A99-FCFD-4ED1-82CF-8C40286778E8} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {737858A9-9AEA-4838-9B49-54DA731F7F37} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {76B9BA7A-81D0-4979-8598-8471F2AB5186} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {7A93621D-BFFE-4EB1-AAE1-CD487F429840} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {A5CA6C70-7185-4466-AB45-B1C34E7A37CA} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {AA4CD878-B510-4508-83EB-DE968E358D15} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {B2106E92-8F18-496C-BCA3-DA17DCE5713E} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {B2E84C04-C03E-4998-B62B-3D3FCBAA7B33} [] (C:\WINDOWS\fonts\MbYd9jxUHkYS.fon) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" 66eec7dba7cfe327f64ae85e35fbdc9b {CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" {FC8F4603-4AB2-4A0D-B17F-886CC8AAAFD2} [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" AppInit_DLLs [] () "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" CDBurn [Microsoft Corporation] (%SystemRoot%\system32\SHELL32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 867a70062c827141e8097f917ce95409 crypt32chain [Microsoft Corporation] (crypt32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain" ee83196b070266c67e9c6bba82987b4f cryptnet [Microsoft Corporation] (cryptnet.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet" 742dac6208524b5b633675bdb1a09c0c cscdll [Microsoft Corporation] (cscdll.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll" 57b10583d5b880a93a82f525b817f867 igfxcui [Intel Corporation] (igfxdev.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" 11d2eaaf3eb3fe282b38e9ec8e4bb206 PostBootReminder [Microsoft Corporation] (%SystemRoot%\system32\SHELL32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 867a70062c827141e8097f917ce95409 ScCertProp [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" d4732d5f6fb51d07c8c115b658fa84de Schedule [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule" d4732d5f6fb51d07c8c115b658fa84de sclgntfy [Microsoft Corporation] (sclgntfy.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy" 58001a3833a25dbd7460a69cb69c8fe2 SensLogn [Microsoft Corporation] (WlNotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn" d4732d5f6fb51d07c8c115b658fa84de SysTray [Microsoft Corporation] (C:\WINDOWS\system32\stobject.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 08488e3e73787c1e7b59f0d5c1b8c554 termsrv [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv" d4732d5f6fb51d07c8c115b658fa84de URL 执行挂钩 [Microsoft Corporation] (shell32.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" 867a70062c827141e8097f917ce95409 WebCheck [Microsoft Corporation] (C:\WINDOWS\system32\webcheck.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" 7386f6c8654190537f1914f5ec22621c wlballoon [Microsoft Corporation] (wlnotify.dll) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon" d4732d5f6fb51d07c8c115b658fa84de ====================调试相关项==================== Debugger [Microsoft Corporation] (drwtsn32 -p %ld -e %ld -g) "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" e1f9f51cb449d2c9cc76682f0998439e ====================驱动程序==================== ACPI [Microsoft Corporation] 启用 "system32\DRIVERS\ACPI.sys" 5ecd0c75cf5ebd2c2847ec93b2021322 aec [Microsoft Corporation] 启用 "system32\drivers\aec.sys" 1ee7b434ba961ef845de136224c30fec AFD [Microsoft Corporation] 启用 "\SystemRoot\System32\drivers\afd.sys" 6a0397376853e604de8e1e7a87fc08ac ALCXWDM [Realtek Semiconductor Corp.] 启用 "system32\drivers\ALCXWDM.SYS" 00696c0ab6aaba7fd4e64ab61be95f6a AsyncMac [Microsoft Corporation] 启用 "system32\DRIVERS\asyncmac.sys" 02000abf34af4c218c35d257024807d6 atapi [Microsoft Corporation] 启用 "system32\DRIVERS\atapi.sys" cdfe4411a69c224bd1d11b2da92dac51 Atmarpc [Microsoft Corporation] 启用 "system32\DRIVERS\atmarpc.sys" ec88da854ab7d7752ec8be11a741bb7f audstub [Microsoft Corporation] 启用 "system32\DRIVERS\audstub.sys" d9f724aa26c010a217c97606b160ed68 Beep [Microsoft Corporation] 启用 "" da1f27d85e0d1525f6621372e7b685e9 Cdaudio [Microsoft Corporation] 启用 "" c1b486a7658353d33a10cc15211a873b Cdrom [Microsoft Corporation] 启用 "system32\DRIVERS\cdrom.sys" af9c19b3100fe010496b1a27181fbf72 Changer [] 启用 "" Disk [Microsoft Corporation] 启用 "system32\DRIVERS\disk.sys" 00ca44e4534865f8a3b64f7c0984bff0 dmio [Microsoft Corp., Veritas Software] 启用 "System32\drivers\dmio.sys" 124b0140d377cc4e44cf513dbb019c2f dmload [Microsoft Corp., Veritas Software.] 启用 "System32\drivers\dmload.sys" e9317282a63ca4d188c0df5e09c6ac5f DMusic [Microsoft Corporation] 启用 "system32\drivers\DMusic.sys" a6f881284ac1150e37d9ae47ff601267 drmkaud [Microsoft Corporation] 启用 "system32\drivers\drmkaud.sys" 1ed4dbbae9f5d558dbba4cc450e3eb2e Fdc [Microsoft Corporation] 启用 "system32\DRIVERS\fdc.sys" ced2e8396a8838e59d8fd529c680e02c Fips [Microsoft Corporation] 启用 "" fffc25ccbe40efb0609bd249721aae83 Flpydisk [Microsoft Corporation] 启用 "" 0dd1de43115b93f4d85e889d7a86f548 FsVga [Microsoft Corporation] 启用 "system32\DRIVERS\fsvga.sys" ab4983120e4e4527ae9ffe4177ecd6e7 FTCkillfile [风云谷科技] 启用 "System32\Drivers\FTCkillfile.sys" e481786b78f7e0eb49b00b3327862153 FTCProtect [风云谷科技] 启用 "System32\Drivers\FTCProtect.sys" 76f1bce1ee8b630acde874f9bef0b735 Ftdisk [Microsoft Corporation] 启用 "system32\DRIVERS\ftdisk.sys" 38375a4d9582a08c14c928cc099b8836 Gpc [Microsoft Corporation] 启用 "system32\DRIVERS\msgpc.sys" c0f1d4a21de5a415df8170616703debf hidusb [Microsoft Corporation] 启用 "system32\DRIVERS\hidusb.sys" 1de6783b918f540149aa69943bdfeba8 HTTP [Microsoft Corporation] 启用 "System32\Drivers\HTTP.sys" 909d110c9634b0f1487eaaea837317d9 i2omgmt [] 启用 "" i8042prt [Microsoft Corporation] 启用 "system32\DRIVERS\i8042prt.sys" 2a802d189fce734903c46cd5d8f5e3ec ialm [Intel Corporation] 启用 "system32\DRIVERS\igxpmp32.sys" 28423512370705aeda6a652fedb25468 Imapi [Microsoft Corporation] 启用 "system32\DRIVERS\imapi.sys" f8aa320c6a0409c0380e5d8a99d76ec6 intelppm [Microsoft Corporation] 启用 "system32\DRIVERS\intelppm.sys" 293e6637717aad99aded3cfea8088791 Ip6Fw [Microsoft Corporation] 启用 "system32\DRIVERS\Ip6Fw.sys" 4448006b6bc60e6c027932cfc38d6855 IpFilterDriver [Microsoft Corporation] 启用 "system32\DRIVERS\ipfltdrv.sys" 731f22ba402ee4b62748adaf6363c182 IpInIp [Microsoft Corporation] 启用 "system32\DRIVERS\ipinip.sys" e1ec7f5da720b640cd8fb8424f1b14bb IpNat [Microsoft Corporation] 启用 "system32\DRIVERS\ipnat.sys" 5191673215c91ff13ceaa83ef8e9653f IPSec [Microsoft Corporation] 启用 "system32\DRIVERS\ipsec.sys" 64537aa5c003a6afeee1df819062d0d1 IRENUM [Microsoft Corporation] 启用 "system32\DRIVERS\irenum.sys" 50708daa1b1cbb7d6ac1cf8f56a24410 isapnp [Microsoft Corporation] 启用 "system32\DRIVERS\isapnp.sys" d81587ada44fed322419fc833e734441 Kbdclass [Microsoft Corporation] 启用 "system32\DRIVERS\kbdclass.sys" f7699fb067024b82e9ca8ffb86936923 kmixer [Microsoft Corporation] 启用 "system32\drivers\kmixer.sys" 8531438246ce9474e41ee1599904c0c7 KSecDD [Microsoft Corporation] 启用 "" eb7ffe87fd367ea8fca0506f74a87fbb lbrtfdc [] 启用 "" mnmdd [Microsoft Corporation] 启用 "" 4ae068242760a1fb6e1a44bf4e16afa6 Modem [Microsoft Corporation] 启用 "" f351113fd77b61b81bf7accada735789 Mouclass [Microsoft Corporation] 启用 "system32\DRIVERS\mouclass.sys" f171bdcedaee9797a5bf47613f5456ac mouhid [Microsoft Corporation] 启用 "system32\DRIVERS\mouhid.sys" 692910b446d0b751b2462f3624c7b1a7 MountMgr [Microsoft Corporation] 启用 "" 65653f3b4477f3c63e68a9659f85ee2e MSKSSRV [Microsoft Corporation] 启用 "system32\drivers\MSKSSRV.sys" ae431a8dd3c1d0d0610cdbac16057ad0 MSPCLOCK [Microsoft Corporation] 启用 "system32\drivers\MSPCLOCK.sys" 13e75fef9dfeb08eeded9d0246e1f448 MSPQM [Microsoft Corporation] 启用 "system32\drivers\MSPQM.sys" 1988a33ff19242576c3d0ef9ce785da7 mssmbios [Microsoft Corporation] 启用 "system32\DRIVERS\mssmbios.sys" 469541f8bfd2b32659d5d463a6714bce mtlrd [] 启用 "\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\wmp\mtlrd.sys" 91bbdfc1bad62ea8b7ded27ad5dbec28 NDIS [Microsoft Corporation] 启用 "" 558635d3af1c7546d26067d5d9b6959e NdisTapi [Microsoft Corporation] 启用 "system32\DRIVERS\ndistapi.sys" 08d43bbdacdf23f34d79e44ed35c1b4c Ndisuio [Microsoft Corporation] 启用 "system32\DRIVERS\ndisuio.sys" 34d6cd56409da9a7ed573e1c90a308bf NdisWan [Microsoft Corporation] 启用 "system32\DRIVERS\ndiswan.sys" 0b90e255a9490166ab368cd55a529893 NDProxy [Microsoft Corporation] 启用 "" 59fc3fb44d2669bc144fd87826bb571f NetBT [Microsoft Corporation] 启用 "system32\DRIVERS\netbt.sys" 0c80e410cd2f47134407ee7dd19cc86b nm [Microsoft Corporation] 启用 "system32\DRIVERS\NMnt.sys" 60cf8c7192b3614f240838ddbaa4a245 Null [Microsoft Corporation] 启用 "" 73c1e1f395918bc2c6dd67af7591a3ad NwlnkFlt [Microsoft Corporation] 启用 "system32\DRIVERS\nwlnkflt.sys" b305f3fad35083837ef46a0bbce2fc57 NwlnkFwd [Microsoft Corporation] 启用 "system32\DRIVERS\nwlnkfwd.sys" c99b3415198d1aab7227f2c88fd664b9 Parport [Microsoft Corporation] 启用 "system32\DRIVERS\parport.sys" f54a2e5de40b71317a5c2054439615a6 PartMgr [Microsoft Corporation] 启用 "" 3334430c29dc338092f79c38ef7b4cd0 ParVdm [Microsoft Corporation] 启用 "" 4f3fc4954972da46284641091deee02e PCI [Microsoft Corporation] 启用 "system32\DRIVERS\pci.sys" 2fe168cfccae0d8961f25ee611d301d4 PCIIde [Microsoft Corporation] 启用 "system32\DRIVERS\pciide.sys" a4d41f0279f405d6f5c19465aad82834 PDCOMP [] 启用 "" PDFRAME [] 启用 "" PDRELI [] 启用 "" PDRFRAME [] 启用 "" PptpMiniport [Microsoft Corporation] 启用 "system32\DRIVERS\raspptp.sys" 1c5cc65aac0783c344f16353e60b72ac PSched [Microsoft Corporation] 启用 "system32\DRIVERS\psched.sys" 48671f327553dcf1d27f6197f622a668 Ptilink [Parallel Technologies, Inc.] 启用 "system32\DRIVERS\ptilink.sys" 80d317bd1c3dbc5d4fe7b1678c60cadd RasAcd [Microsoft Corporation] 启用 "system32\DRIVERS\rasacd.sys" fe0d99d6f31e4fad8159f690d68ded9c Rasl2tp [Microsoft Corporation] 启用 "system32\DRIVERS\rasl2tp.sys" 98faeb4a4dcf812ba1c6fca4aa3e115c RasPppoe [Microsoft Corporation] 启用 "system32\DRIVERS\raspppoe.sys" 7306eeed8895454cbed4669be9f79faa Raspti [Microsoft Corporation] 启用 "system32\DRIVERS\raspti.sys" fdbb1d60066fcfbb7452fd8f9829b242 RDPCDD [Microsoft Corporation] 启用 "System32\DRIVERS\RDPCDD.sys" 4912d5b403614ce99c28420f75353332 rdpdr [Microsoft Corporation] 启用 "system32\DRIVERS\rdpdr.sys" a2cae2c60bc37e0751ef9dda7ceaf4ad RDPWD [Microsoft Corporation] 启用 "" 047bea21274c8a4a233674a76c958c2c redbook [Microsoft Corporation] 启用 "system32\DRIVERS\redbook.sys" f720de7bfe7ae26846e7ebe9caf3f49a rtl8029 [Realtek Semiconductor Corporation] 启用 "system32\DRIVERS\RTL8029.SYS" 493b54a894a6e70dd02961a68db8863f rtl8139 [Realtek Semiconductor Corporation] 启用 "system32\DRIVERS\RTL8139.SYS" d507c1400284176573224903819ffda3 Secdrv [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] 启用 "system32\DRIVERS\secdrv.sys" 07f7f501ad50de2ba2d5842d9b6d6155 serenum [Microsoft Corporation] 启用 "system32\DRIVERS\serenum.sys" a2d868aeeff612e70e213c451a70cafb Serial [Microsoft Corporation] 启用 "system32\DRIVERS\serial.sys" de0aa3fcae95d2339628f0caf013dfe1 Sfloppy [Microsoft Corporation] 启用 "" 0d13b6df6e9e101013a7afb0ce629fe0 splitter [Microsoft Corporation] 启用 "system32\drivers\splitter.sys" 9bb1dd670cb7505a90fc4e61d4aa8227 swenum [Microsoft Corporation] 启用 "system32\DRIVERS\swenum.sys" 03c1bae4766e2450219d20b993d6e046 swmidi [Microsoft Corporation] 启用 "system32\drivers\swmidi.sys" 94abc808fc4b6d7d2bbf42b85e25bb4d sysaudio [Microsoft Corporation] 启用 "system32\drivers\sysaudio.sys" 650ad082d46bac0e64c9c0e0928492fd Tcpip [Microsoft Corporation] 启用 "system32\DRIVERS\tcpip.sys" e32b18f70c14ad5479696ec7850c15fa TDPIPE [Microsoft Corporation] 启用 "" 38d437cf2d98965f239b0abcd66dcb0f TDTCP [Microsoft Corporation] 启用 "" ed0580af02502d00ad8c4c066b156be9 TermDD [Microsoft Corporation] 启用 "system32\DRIVERS\termdd.sys" a540a99c281d933f3d69d55e48727f47 Update [Microsoft Corporation] 启用 "system32\DRIVERS\update.sys" aff2e5045961bbc0a602bb6f95eb1345 usbehci [Microsoft Corporation] 启用 "system32\DRIVERS\usbehci.sys" 15e993ba2f6946b2bfbbfcd30398621e usbhub [Microsoft Corporation] 启用 "system32\DRIVERS\usbhub.sys" c72f40947f92cea56a8fb532edf025f1 USBSTOR [Microsoft Corporation] 启用 "system32\DRIVERS\USBSTOR.SYS" 6cd7b22193718f1d17a47a1cd6d37e75 usbuhci [Microsoft Corporation] 启用 "system32\DRIVERS\usbuhci.sys" f8fd1400092e23c8f2f31406ef06167b VgaSave [Microsoft Corporation] 启用 "\SystemRoot\System32\drivers\vga.sys" 8a60edd72b4ea5aea8202daf0e427925 VolSnap [Microsoft Corporation] 启用 "" 4594bda728648447ec10c49190bd37a7 Wanarp [Microsoft Corporation] 启用 "system32\DRIVERS\wanarp.sys" 984ef0b9788abf89974cfed4bfbaacbc WDICA [] 启用 "" wdmaud [Microsoft Corporation] 启用 "system32\drivers\wdmaud.sys" 0bfa8203b8148fb4e54bc212c41ce497 zsmuw [] 启用 "system32\drivers\djwvm.sys" ====================桌面快捷方式==================== cstrike.exe.lnk "F:\cs2\Cs\cstrike.exe " (Valve, 84.0 KB, 1, 1, 1, 1) 7cf63e6a0125914a00ae90cbc5ad458e Dr.COM 宽带认证客户端.lnk "E:\Dr.COM 宽带认证客户端\ishare_user.exe " (城市热点有限公司, 464.0 KB, 3, 482, 2, 1138) 387a59abebadb45ad59ac595473ce23b G-IE浏览器.lnk "D:\Program Files\G-IE浏览器\gie.exe " (三峰工作室, 644.0 KB, 1, 0, 0, 360) 5394f5d13f08afd37e6dd8e461f7b9ff iexplore.lnk "C:\Program Files\Internet Explorer\iexplore.exe " (Microsoft Corporation, 609.0 KB, 7.00.6000.16441 (vista_gdr.070219-1500)) 683dde71bcf03b501b912d20cb93b549 PPS影音标准版.lnk "D:\Program Files\PPStream\PPStream.exe " (PPStream Inc., 2.4 MB, 2, 6, 86, 8250) 0a76156053b0e5d209a00b5722d6a242 QQ医生.lnk "C:\Program Files\Tencent\QQDoctor\QQDoctor.exe " (Tencent, 680.3 KB, 2, 1, 9, 202) 93edd381ed80548a78dca6b979a3237f SopCast.lnk "C:\Program Files\SopCast\SopCast.exe " (www.sopcast.com, 1.8 MB, 3.0.3.501) d2c63c0e561accdadcba382c8867ef33 Windows优化大师.lnk "C:\Program Files\恒生交易客户端\unins000.exe " (, 647.4 KB, 51.43.0.0) a58ceb9e9b92e19feb1465361d11e291 Windows木马清道夫.lnk "C:\ftc2009\FTCleaner.exe " (风.云.谷, 870.0 KB, 11.04.1067) cc67199276f5e31ccb07e0363778debb Windows木马防火墙.lnk "C:\ftc2009\Trojanwall.exe " (风云谷科技, 1.0 MB, 7.3.0.2687) 8e751cf963ec2b4724b4b849c7bf3598 同花顺浙商证券.lnk "C:\同花顺浙商证券\hexin.exe " (上海核新软件技术有限公司(Hexin), 2.8 MB, 2007, 10, 30, 84) b6755b49ede607798cdf3a4c1181456e 寻仙.lnk "F:\xunxian\patcher.exe " (PixelGame, 552.0 KB, 1.0.2.1) 7674bb764d4a869d2d1601516a5163df 新华期货网上交易3.0.lnk "C:\Program Files\新华期货网上交易3.0\UNWISE.EXE /W3 "C:\Program Files\新华期货网上交易3.0\INSTALL.LOG"" (, 149.5 KB, ) ccd0aa3914fbc3ea1ef0ab23d3fdef06 新天马交易.lnk "C:\Program Files\天马期货\天马交易\NewTrade.exe " (恒生电子股份有限公司, 2.8 MB, 3.0.9.105) 9eebc803b2ae2245f09f39e48fe3c497 木马克星.lnk "C:\Program Files\Iparmor\Iparmor.exe " (luosoft.com, 3.2 MB, 7.0.0.0) 0c38e528b4b6bf4b5db6f7ea4c7c82d6 木马裸奔.lnk "C:\Program Files\木马裸奔\mmk.exe " (木马裸奔, 224.0 KB, 1, 0, 0, 1) 88141c1d3d317e03ee9808daa3a7ed7c 浙商证券下单.lnk "C:\同花顺浙商证券\xiadan.exe " (杭州核新软件技术有限公司, 3.1 MB, 2008, 4, 14, 0) 6ea56d264337e6adc6561e3f50205205 腾讯QQ.lnk "C:\Program Files\Tencent\QQ\QQ.exe " (TENCENT, 1.9 MB, 8,0,978,1833) 865946ef7f6ac9bbb5fba20458d50826 雷凯模拟.lnk "C:\Program Files\雷凯\模拟交易\Customer.exe " (, 418.0 KB, ) 1f53cd49d422d0d97ad3e59f7ab4cfda QQ游戏.lnk "C:\Program Files\Tencent\QQGame\QQGame.exe " (深圳市腾讯计算机系统有限公司, 160.9 KB, 2, 3, 102, 13) 192d47376267e8a027e97f9338989233 东航期货WebStock2008.lnk "D:\Program Files\东航期货WebStock2008\Special.exe " (文华财经, 1.7 MB, 5, 5, 0, 0) 787a32e4e5c18d7adef411aaca3266c6 华闻期货-博易大师.lnk "C:\Pobo\system\pobo.exe " (上海澎博网络数据信息咨询有限公司, 443.5 KB, 2.0.101.0) 0be7eda3a1bd02f34913a5c6b64c8731 宽带连接.lnk " " (, , ) 迅雷5.lnk "D:\Program Files\迅雷\Thunder.exe " (Thunder Networking Technologies,LTD, 49.5 KB, 5,8,10,675) 2b1a6a152195ebcbaca98071d00f7320 鲁证期货网上交易.lnk "C:\Program Files\恒生交易客户端\NewTrade.exe " (恒生电子股份有限公司, 2.8 MB, 3.0.8.1013) f3b7a8eec5b806a548e16f400d952ce4