[CODE] 2009-05-09,16:06:48 System Repair Engineer 2.7.1.1261 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [TOSHIBA] <"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPFW32.EXE" -startup> [File is missing] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [File is missing] [File is missing] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <360Safebox><"C:\Program Files\360\360safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\ESET\ESET NOD32 Antivirus\esetact\egui.exe" /hide /waitservice> [ESET] <"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [COMPAL ELECTRONIC INC.] [TOSHIBA] [] [SONIX] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Hewlett-Packard Co.] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\QvodPlayer\QvodPlayer.exe" -autorun> [Shenzhen QVOD Technology Co.,Ltd] <"C:\Program Files\kingsoft\KSWebShieldSVC\kwstray.exe" /start> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] [File is missing] ================================== 启动文件夹 [腾讯QQ] C:\Program Files\Tencent\QQ\QQ.exe [File is missing]> ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"> [AutoUpdate / AutoUpdate][Stopped/Auto Start] <(File is missing)> [ConfigFree Service / CFSvcs][Stopped/Auto Start] [DVD-RAM_Service / DVD-RAM_Service][Stopped/Auto Start] [Eset HTTP Server / EhttpSrv][Stopped/Manual Start] <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"> [Eset Service / ekrn][Stopped/Auto Start] <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"> [GP_CLT_Service / GP_CLT_Service][Stopped/Auto Start] <> [hpqcxs08 / hpqcxs08][Stopped/Manual Start] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll> [Java Quick Starter / JavaQuickStarterService][Stopped/Auto Start] <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"> [Kingsoft Basic Service / kaccore][Stopped/Manual Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Stopped/Auto Start] [microsoft autonet / microsoft autonet][Stopped/Auto Start] <(File is missing)> [microsoft conctrol / microsoft conctrol][Stopped/Auto Start] <(File is missing)> [microsoft skin / microsoft skin][Stopped/Auto Start] [Net Driver HPZ12 / Net Driver HPZ12][Stopped/Auto Start] C:\WINDOWS\system32\HPZinw12.dll> [NetSend / NetSend][Stopped/Auto Start] <(File is missing)> [Tencent Software Update Service / TSUSVC][Stopped/Auto Start] <"C:\Program Files\Tencent\QQSoftMgr\TencentUpdateSvc.exe" -run> [Windows Network Media Service / UiPlayer][Stopped/Auto Start] <><(File is missing)> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== 驱动程序 [TOSHIBA V92 Software Modem / AgereSoftModem][Stopped/Manual Start] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start] [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] [askd / askd][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\askd.ahc> [BC / BC][Stopped/Boot Start] <\SystemRoot\system32\Drivers\BC.sys> [bootsafe / bootsafe][Stopped/Boot Start] <\SystemRoot\system32\Drivers\bootsafe.sys><> [中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start] [Dritek General Port I/O / DritekPortIO][Stopped/Auto Start] <\??\C:\DRIVERS\FN-ESSE\DPortIO.sys> [drvmcdb / drvmcdb][Running/Boot Start] <\SystemRoot\system32\drivers\drvmcdb.sys> [drvnddm / drvnddm][Stopped/Auto Start] [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [eamon / eamon][Stopped/Auto Start] [easdrv / easdrv][Stopped/System Start] [ECioCtl / EKECioCtl][Stopped/System Start] <\??\C:\Program Files\TOSHIBA\E-KEY\EKECioCtl.sys> [epfwtdir / epfwtdir][Running/System Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [Huawei DataCard USB Modem and USB Serial / hwdatacard][Stopped/Manual Start] [TOSHIBA Hardware Setup / HWSCtrl][Stopped/System Start] <\??\C:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys><> [ialm / ialm][Stopped/Manual Start] [IVI ASPI Shell / Iviaspi][Running/Manual Start] [meiudf / meiudf][Running/System Start] [TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Stopped/Auto Start] [Padus ASPI Shell / Pfc][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [QKeyServiceDisplay / QKeyService][Running/Boot Start] <\SystemRoot\system32\KeyCrypt.sys> [SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start] <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [TOSHIBA Controls Driver -EPIOMngr / SerTVOutCtlr][Stopped/System Start] [SMSC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start] [USB2.0 PC Camera (SNP2STD) / SNP2STD][Stopped/Manual Start] <> [TOSHIBA Supervisor Password / SPCtl][Stopped/System Start] <\??\C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys> [SrvcEKIOMngr / SrvcEKIOMngr][Stopped/System Start] <\??\C:\Program Files\TOSHIBA\E-KEY\EKIoMngr.sys> [SrvcSSIOMngr / SrvcSSIOMngr][Stopped/System Start] <\??\C:\Program Files\TOSHIBA\E-KEY\SSIoMngr.sys> [sscdbhk5 / sscdbhk5][Running/System Start] [ssrtln / ssrtln][Running/System Start] [StickyMesger / StickyMesger][Stopped/System Start] <\??\C:\Program Files\Toshiba\Accessibility\StickyMesger.sys> [TCP/IP Protocol Driver / Tcpip][Running/System Start] [TOSHIBA Controls Driver / TCtrlIO][Running/Boot Start] <\SystemRoot\system32\drivers\TCtrlIO.sys> [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesDrvPt.sys> [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [tfsnboio / tfsnboio][Stopped/Auto Start] [tfsncofs / tfsncofs][Stopped/Auto Start] [tfsndrct / tfsndrct][Stopped/Auto Start] [tfsndres / tfsndres][Stopped/Auto Start] [tfsnifs / tfsnifs][Stopped/Auto Start] [tfsnopio / tfsnopio][Stopped/Auto Start] [tfsnpool / tfsnpool][Stopped/Auto Start] [tfsnudf / tfsnudf][Stopped/Auto Start] [tfsnudfa / tfsnudfa][Stopped/Auto Start] [tifm21 / tifm21][Stopped/Manual Start] [TPECioCtl / TPECioCtl][Stopped/System Start] <\??\C:\Program Files\TOSHIBA\TouchPad\TPECioCtl.sys> [Toshiba Power Saver Driver / TPwSav][Stopped/System Start] [Toshiba Virtual Sound with SRS technologies / Tvs][Stopped/Manual Start] [U_key / U_key][Stopped/Manual Start] [用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start] [WMDrive / WMDrive][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\WMDrive.sys> [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] ================================== 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [QQ工具栏] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [WebDetectorBHO Class] {43BEAFD9-E005-483D-A367-146BA6C8A32E} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Java(tm) Plug-In 2 SSV Helper] {DBC80044-A445-435b-BC74-9C25C1C588A9} [JQSIEStartDetectorImpl Class] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [ClipBookBtn Class] {58ECB495-38F0-49cb-A538-10282ABF65E7} [EnhSelectionBtn Class] {700259D7-1666-479a-93B1-3250410481E8} [kele8] {84920E5F-3788-49cd-A274-E365578DF174} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [QQ工具栏] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Microsoft Virtual Server VMRC Advanced Control] {4EFA317A-8569-4788-B175-5BAF9731A549} [CCPPhone Class] {520BE371-5639-45F5-8644-35433693DD87} [Windows Live Safety Center Base Module] {5ED80217-570B-4DA9-BF44-BE107C0EC166} [AYDownLoad Control] {71563D23-91B6-4B96-8966-B5642A1809E3} [] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <, > [DLoader Class] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} [AYUpLoad Control] {7FD1EEC1-796A-4658-B1AB-41989D65161A} [Java Plug-in 1.6.0_13] {8AD9C840-044E-11D1-B3E9-00805F499D93} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [KooPlayer Control] {C728DAB8-FDF5-4CD7-89DD-879D25794C77} [] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <, > [] {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <, > [Java Plug-in 1.6.0_13] {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [Java Plug-in 1.6.0_13] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [KUpdateObj2 Class] {D82303B7-A754-4DCB-8AFC-8CF99435AACE} [] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, > [] {06926B30-424E-4F1C-8EE3-543CD96573DC} <, > [] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, > [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [Fade] {16B280C5-EE70-11D1-9066-00C04FD9189D} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [QQRightClick Class] {4836C333-208E-4BCE-B30B-00B9545B0F6E} [Microsoft Terminal Services Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Virtual Server VMRC Advanced Control] {4EFA317A-8569-4788-B175-5BAF9731A549} [VaCom.Application] {51E88884-1306-4444-B22D-C34119E44232} [XML Feed Document] {528D46B3-3A4B-4B13-BF74-D9CBD7306E07} [] {58ECB495-38F0-49CB-A538-10282ABF65E7} <, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [] {700259D7-1666-479A-93B1-3250410481E8} <, > [Microsoft Terminal Services Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [] {84920E5F-3788-49CD-A274-E365578DF174} <, > [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML HTTP 6.0] {88D96A0A-F192-11D4-A65F-0040963251E5} [QQDownload Class] {8AC3BC28-E145-4385-A694-8AAC128ACB16} [Microsoft Terminal Services Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [] {B012491E-8FA4-4851-AA9B-22E33784FBAD} <, > [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, > [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [] {E39677B9-9920-4D02-A0F4-A7BE5AD6FDBC} <, > [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [] {F60C7D81-8471-4D40-AAFE-56D318F34C2D} <, > [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [] {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <, > [&使用超级旋风下载] [添加到QQ表情] ================================== 正在运行的进程 [PID: 844 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 912 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 936 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 980 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] [PID: 992 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1144 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1228 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [PID: 1408 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [PID: 1500 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [PID: 1600 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 680 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\WinMount3\ShlExt\BrowserExt.dll] [N/A, ] [C:\Program Files\WinMount3\Lang.dll] [N/A, ] [C:\Program Files\WinMount3\ShlExt\MountExt.dll] [N/A, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\WinMount3\WinMTExt3.dll] [WinMount International Inc., 3.2.1.8] [C:\Program Files\QvodPlayer\QvodBand.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0] [C:\Herosoft\Hero Audio Convert\HeroExt.dll] [N/A, ] [C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll] [ESET, 3.0.684 ] [C:\WINDOWS\system32\TudouUpload.dll] [www.Tudou.com, 1.1.0.0] [PID: 316 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 2.0.436.201] [PID: 476 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 488 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 820 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [PID: 1732 / Administrator][C:\Program Files\Tencent\QQDownload2\QQDownload.exe] [Tencent Technology (Shenzhen) Company Limited, 2, 0, 534, 534] [C:\Program Files\Tencent\QQDownload2\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Tencent\QQDownload2\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Tencent\QQDownload2\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Tencent\QQDownload2\xmain.dll] [Tencent Technology (Shenzhen) Company Limited, 1.9.274.274] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Tencent\QQDownload2\QQDownloadSkin.dll] [TODO: , 1.0.0.1] [C:\Program Files\Tencent\QQDownload2\ATL80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] [C:\Program Files\Tencent\QQDownload2\QQIEHelper01.dll] [Tencent Technology (Shenzhen) Company Limited, 2, 0, 528, 204] [C:\Program Files\Tencent\QQDownload2\xdownload.dll] [Tencent Technology (Shenzhen) Company Limited, 1.9.274.274] [C:\Program Files\Tencent\QQDownload2\xcore.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90] [C:\Program Files\Tencent\QQDownload2\VBScript.dll] [Microsoft Corporation, 5.6.0.7426] [PID: 1348 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 236 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinMount3\WM32e32916$.tmp\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261] [PID: 1084 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinMount3\WM32e32916$.tmp\SRE69aebd5e.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\GameLink.dll] [www.Easy2Game.com, 17, 2, 6, 8] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%systemroot%\system32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 Easy2Game-TCPChain C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-UDPChain C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-UDPChain C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-TCPChain C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-TCPFilter C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-UDPFilter C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-UDPFilter C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) Easy2Game-TCPFilter C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider) xunyou over MSAFD Tcpip [TCP/IP] C:\WINDOWS\system32\xunyount.dll(, N/A) xunyou over MSAFD Tcpip [UDP/IP] C:\WINDOWS\system32\xunyount.dll(, N/A) xunyou over MSAFD Tcpip [RAW/IP] C:\WINDOWS\system32\xunyount.dll(, N/A) xunyou C:\WINDOWS\system32\xunyount.dll(, N/A) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 236, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\WINMOUNT3\WM32E32916$.TMP\SRENGLDR.EXE] ================================== 计划任务 [已启用] 查看 Windows Live Toolbar 更新.job C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [已启用] User_Feed_Synchronization-{DB034B60-6430-4969-98F8-0093F83824ED}.job C:\WINDOWS\system32\msfeedssync.exe [已启用] User_Feed_Synchronization-{600E449B-54EF-4C13-937D-FB97618ED5E4}.job C:\WINDOWS\system32\msfeedssync.exe ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]