[CODE] 2010-05-14,10:22:33 SysLog Scanner 3.0 - build 20091220 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) ================================================================ 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <财税软件数据备份程序> <"C:\Program Files\安全魔盘\SqlMon.exe"> [航天信息, 1.8.3.23] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] [(Verified)Tendyron Corporation, 1, 0, 0, 0] <360Safetray> <"C:\Program Files\360\360safe\safemon\360tray.exe" /start> [(Verified)360.CN, 7, 0, 0, 1003] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"> [(Verified)Kaspersky Lab, 9.0.0.736] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [(Verified)Intel Corporation, 6.14.10.5009] [(Verified)Kaspersky Lab, 9.0.0.736] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt] <使用迅雷下载> [N/A] <使用迅雷下载全部链接> [N/A] <添加到卡巴斯基反广告列表> [N/A] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors] [(Verified)Software 2000 Limited, 2.7] ================================================================ 启动组 ================================================================ 任务计划 ================================================================ 组件 -------------------------------- Shell Extension [Display Panning CPL Extension] <{42071714-76d4-11d1-8b24-00a0c9068ff3}> [] [任务栏和「开始」菜单] <{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> [] [Sorcerer Shell Extension] <{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D}> [(Verified)Software 2000 Limited, 2.7] [WinRAR shell extension] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [Fusion Cache] <{1D2680C9-0E2A-469d-B787-065558BC7D43}> [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [Autodesk Drawing Preview] <{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}> [(Verified)Autodesk, 16.2.54.0] [AutoCAD 数字签名图标覆盖处理程序] <{36A21736-36C2-4C11-8ACB-D4136F2B57BD}> [(Verified)Autodesk, 16.2.54.0] [Autodesk DWF Preview] <{6DEA92E9-8682-4b6a-97DE-354772FE5727}> [(Verified)Autodesk, 16.2.54.0] [Windows Desktop Search] <{13E7F612-F261-4391-BEA2-39DF4F3FA311}> [Microsoft Corporation, 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500)] -------------------------------- Protocols [Cor MIME Filter, CorFltr, CorFltr 1] <{1E66F26B-79EE-11D2-8710-00C04F79ED0D}> [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] -------------------------------- Context Menu [Kaspersky Anti-Virus] <{dd230880-495a-11d1-b064-008048ec2fc5}> [(Verified)Kaspersky Lab, 9.0.0.736] [RisingKaKaExt] <{356B11FA-929F-4eb7-8B26-D7E3184DDD16}> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [WinRAR] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] <{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}> [(Verified)Adobe Systems Incorporated, 4.0.0.0client1] [igfxcui] <{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}> [(Verified)Intel Corporation, 6.14.10.5009] -------------------------------- BrowserHelperObject [ThunderAtOnce Class] <{01443AEC-0FD1-40fd-9C87-E93D1494C233}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,12,1196] [WebProtect] <{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B}> [(Verified)China Merchants Bank, 1, 0, 0, 1] [IEVkbdBHO Class] <{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}> [(Verified)Kaspersky Lab, 9.0.0.736] [Thunder Browser Helper] <{889D2FEB-5411-4565-8998-1DD2C5261283}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,12,1196] [卡卡上网安全助手] <{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}> [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 28] [FilterBHO Class] <{E33CF602-D945-461A-83F0-819F76A199F8}> [(Verified)Kaspersky Lab, 9.0.0.736] -------------------------------- ActiveX Extension [ThunderAtOnce Class] <{01443AEC-0FD1-40FD-9C87-E93D1494C233}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,12,1196] [Office Genuine Advantage Validation Tool] <{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}> [(Verified)N/A] [PhotoDrawEx Class] <{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D}> [(Verified)Tencent, 2, 25, 166, 120] [] <{08B0E5C0-4FCB-11CF-AAA5-00401C608501}> <> [] [Edit Class] <{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D}> [Copyright 2004, 1, 2, 0, 3] [Player Class] <{11F2A418-94B2-4e16-9B0C-B00C0435F903}> [(Verified)Tencent, 8.14.4895.0] [NetEaseTV Control] <{1345F3CB-7C40-41C2-9AC2-87CF8B68E34E}> [(Verified)NetEase, 1, 0, 0, 16] [MeadCo ScriptX] <{1663ED61-23EB-11D2-B92F-008048FDD814}> [(Verified)Mead & Co Limited, 6, 2, 433, 14] [MeadCo Extended HTML Printing] <{1663ED6A-23EB-11D2-B92F-008048FDD814}> [(Verified)Mead & Co Limited, 6, 2, 433, 14] [UserCpuCard Control] <{16F2448E-8C16-11D1-9A11-0080C8E1561F}> [(Verified)EPort, 4, 2, 0, 0] [InstallHelper Class] <{1DABF8D5-8430-4985-9B7F-A30E53D709B3}> [(Verified)Tencent, 8.14.4895.0] [] <{1DCF89BC-87F8-4702-AA3B-DD6C43F547FC}> [尊网商通资讯科技有限公司, 5.0.0.0] [HallToolkit Class] <{1E36C446-29F0-4773-A3FB-59C5501446EB}> [(Verified)深圳市迅雷网络技术有限公司, 1.0.0.1] [InfoScan Control] <{1F14548F-6975-40F1-AE24-6E2D1D449B2F}> [(Verified)CCB, 1, 0, 0, 1] [Detecter Class] <{2C48F48F-01A6-4593-A678-C7DA83C55719}> [(Verified)Copyright 2007, 1, 6, 0, 0] [Init_Tool Control] <{399C2756-84D4-4AC5-9E86-288340334FB1}> [(Verified)Microsoft, 1, 0, 9, 317] [VirtualKeyboardButtonHandler Class] <{4248FE82-7FCB-46AC-B270-339F08212110}> [(Verified)Kaspersky Lab, 9.0.0.736] [Thunder Agent Class] <{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,12,1196] [EditCtrl Class] <{488A4255-3236-44B3-8F27-FA1AECAA8844}> [(Verified)Copyright 2008, 2, 1, 2, 5] [QQPYChecker Class] <{5052B4D0-9DF7-45ef-88EF-F42C0EA33A43}> [(Verified)Tencent, 1.0.11.1] [WebProtect] <{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B}> [(Verified)China Merchants Bank, 1, 0, 0, 1] [isInstalled Class] <{5852F5ED-8BF4-11D4-A245-0080C6F74284}> [Copyright 2000, 1, 0, 0, 1] [IEVkbdBHO Class] <{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}> [(Verified)Kaspersky Lab, 9.0.0.736] [abcCtl4RA Class] <{5DA34F59-FBFF-4666-99F5-599CD7B9A640}> [INFOSEC Tech. corp, 1, 0, 0, 9] [InfoSecNetSign Class] <{62B938C4-4190-4F37-8CF0-A92B0A91CC77}> [(Verified)Infosec Technologies Co., Ltd., 1, 8, 24, 4] [SfEdit32 Control] <{69A5F9C4-01CB-470B-8161-CE67313E3CF4}> [(Verified)99BILL Corp., 1, 0, 0, 6] [QQLiveFile Class] <{6B232760-90F1-41c3-9902-C8552C1D8A72}> [(Verified)Tencent, 8.14.4895.0] [MediaComm Class] <{7670648D-461B-42AF-BDFE-46D26AF5EFF2}> [(Verified)深圳市迅雷网络技术有限公司, 3, 1, 7, 83] [XDownloaddManager Class] <{802F530B-A8F6-4631-AE49-6BACAAC6373E}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,12,1196] [360SafeLive] <{87515F61-A66C-4319-A0E0-D416CB8059E3}> [(Verified)Copyright 2008, 1, 0, 0, 1006] [TTPlayer ActiveX Control] <{89AE5F82-410A-4040-9387-68D1144EFD03}> [(Verified)Alen Soft, 5.6.3.0] [Java Plug-in 1.4.0] <{8AD9C840-044E-11D1-B3E9-00805F499D93}> [JavaSoft / Sun Microsystems, Inc., 1, 4, 0, 0] [SSOForPTLogin Class] <{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B}> [(Verified)(c) Tencent Co. Ltd. All rights reserved., 1, 0, 1, 4] [OFrameObject Class] <{9701758C-4373-482E-B13C-776C048EC890}> [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 3, 5917, 280] [卡卡上网安全助手] <{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}> [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 28] [ContainerForm Control] <{9EBB4193-D192-4433-8426-2EEAE8E0A9EA}> [(Verified)CHINA CITIC BANK , 1.2.0.0] [VersionDetector Class] <{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}> [(Verified)ShenZhen Thunder Networking Technologies,Ltd., 1, 1, 0, 29] [APlayer Control] <{A9322148-C691-4B9D-91FC-B9C461DBE9DD}> [(Verified)ShenZhen Thunder Networking Technologies, LTD, 2.0.2.259] [UploadManager Class] <{AF2F4E3F-DC4D-40B3-B7DA-77974FF2F317}> [NetEase(Hangzhou)Network Tech.Co.,Ltd., 1.0.0.4] [SafeMon Class] <{B69F34DD-F0F9-42DC-9EDD-957187DA688D}> [(Verified)360.cn, 6, 3, 1, 1018] [ScreenCapture163 Class] <{B6DEE590-8486-4F35-86BB-265FC72DBD96}> [NetEase(Hangzhou)Network Tech.Co.,Ltd., 1.0.0.3] [InfosecCCBNetSign Class] <{BC96F5A4-C930-4226-ADAB-59349AE585E9}> [(Verified)Infosec Technologies Co., Ltd., 1, 0, 9, 7] [FTNUpload Class] <{BDEACC50-F56D-4D60-860F-CF6ED1766D65}> [(Verified)Tencent, 1, 0, 0, 11] [CITICS ProcessProtect Class] <{C37F9D60-975D-41F2-A745-4DC934D319AA}> [(Verified)www.ISRA.org.cn, 1, 2, 2, 6] [CITICS Edit Class] <{CAB6E271-C9B9-4A85-96A0-1B3A19A4E6DE}> [(Verified)www.ISRA.org.cn, 1, 1, 9, 19] [WDCCBCtrl Class] <{CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB}> [(Verified)Copyright 2007, 1, 0, 0, 7] [Shockwave Flash Object] <{D27CDB6E-AE6D-11CF-96B8-444553540000}> [(Verified)Adobe Systems, Inc., 10,0,45,2] [QQLive Class] <{D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62}> [(Verified)Tencent, 8.14.4895.0] [PlayerCtrl Class] <{E05BC2A3-9A46-4A32-80C9-023A473F5B23}> [(Verified)Tencent, 3, 2, 165, 710] [QQPasswordCtrl Class] <{E787FD25-8D7C-4693-AE67-9406BC6E22DF}> [(Verified)Tencent, 1, 2, 0, 3] [UPlayer Control] <{EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC}> [(Verified)UUSEE, 2008, 8, 25, 0] [TimwpDll.TimwpCheck] <{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}> [(Verified)Tencent, 1, 46, 1590, 0] [XPPlayer Class] <{F3E70CEA-956E-49CC-B444-73AFE593AD7F}> [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 1, 59150, 261] [Init_Tool Control] <{F7465932-3C3D-4DA2-8541-406E07C369A9}> [(Verified)Microsoft, 1, 0, 9, 317] [ForceP2PPlayer Object] <{FCD61199-E187-4ADD-88E5-9AF238486D11}> [(Verified)北京原力创新科技有限公司, 2.0.2.8] ================================================================ 服务 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe> [Microsoft Corporation, 1.1.4322.2032] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"> [Macrovision Corporation, 11.50.42618] [WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [(Verified)Autodesk, 2.66.000] [Kaspersky Internet Security / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r> [(Verified)Kaspersky Lab, 9.0.0.736] [Cmb WebProtect Support / CMBWPS][Running/Auto Start] [(Verified)China Merchants Bank, 1, 0, 0, 1] [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [(Verified)Acresso Software Inc., 11.6.0.1 build 60959] [Kingsoft Basic Service / kaccore][Stopped/Manual Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [(Verified)Kingsoft Corporation, 2009,06,05,614] [OnKey Service _ABC / OnKey Service _ABC][Running/Auto Start] [(Verified)N/A] [Tencent Software Update Service / TSUSVC][Stopped/Manual Start] <"C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe" -run> [(Verified)Tencent, 1.0 Beta3 Build 338] [主动防御 / ZhuDongFangYu][Stopped/Manual Start] <"C:\Program Files\360\360safe\deepscan\ZhuDongFangYu.exe"> [(Verified)360.cn, 3, 2, 2, 1002] ================================================================ 驱动 [Aisino PCI JSCard / AI3PCI][Running/Manual Start] [航天信息股份有限公司., 1.1.0.2] [Aero-Info PCI JScard / AIPCI_Device][Stopped/Manual Start] [Your Corporation, 1.00] [Apaidi / Apaidi][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\Apaidi.sys> [N/A] [ENTECH / ENTECH][Stopped/Disabled] <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys> [] [Protector / Protector][Running/System Start] [N/A] [ProtectorA / ProtectorA][Running/System Start] <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys> [N/A] [USB Token Holder Service / R5BaseSmc][Running/Manual Start] [OEM, 2.5.5.0831] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [USB Token Service / token][Running/Manual Start] [Copyright (C) 2002-2005 OEM , 2.5.5.0831] [360SelfProtection / 360SelfProtection][Running/System Start] [(Verified)360安全中心, 1, 0, 0, 1035] [BAPIDRV / BAPIDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS> [(Verified)360.cn, 1.0.0.1008] [EfiSystemMon / EfiMon][Running/System Start] [(Verified)奇虎网, 1, 0, 0, 1005] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK] [HookPort / HookPort][Running/Boot Start] [(Verified)360安全中心, 1, 0, 0, 1010] [ialm / ialm][Running/Manual Start] [(Verified)Intel Corporation, 6.14.10.5009] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5490 built by: WinDDK] [KAVBootC / KAVBootC][Stopped/Boot Start] [(Verified)Kingsoft Corporation, 2008,02,21,80] [Kl1 / kl1][Running/System Start] <\??\C:\WINDOWS\system32\drivers\kl1.sys> [(Verified)Kaspersky Lab, 6.4.0.9] [Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start] [(Verified)Kaspersky Lab, 9.0.0.13] [Kaspersky Lab Driver / KLIF][Running/System Start] [(Verified)Kaspersky Lab, 8.4.0.107 built by: WinDDK] [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] [(Verified)Kaspersky Lab, 6.4.0.4] [Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start] [(Verified)Kaspersky Lab, 8.0.0.24 built by: WinDDK] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)] [Quantum DeepScanner Servers / qutmdserv][Running/System Start] <\??\C:\WINDOWS\system32\drivers\qutmdrv.sys> [(Verified)360安全中心, 6.5.0.1002] [qutmipc / qutmipc][Running/System Start] <\??\C:\WINDOWS\system32\drivers\qutmipc.sys> [(Verified)360安全中心, 6.2.0.1012] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.726.0525.2009 built by: WinDDK] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086] [SAMSUNG HSP Plus Modem Filter Driver / sshpmdfl][Stopped/Manual Start] [(Verified)MobileTop, 2, 4, 0, 0] [SAMSUNG HSP Plus Modem Driver / sshpmdm][Stopped/Manual Start] [(Verified)MobileTop, 2, 4, 0, 0] [SAMSUNG HSP Plus USB Driver / sshpusb][Stopped/Manual Start] [(Verified)MobileTop, 2, 4, 0, 0] ================================================================ 活动进程 [PID: 1068 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\klogon.dll [(Verified)Kaspersky Lab, 9.0.0.736] [PID: 1132 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1324 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1420 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1552 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\System32\msi.dll [Microsoft Corporation, 4.5.6001.22159] [PID: 1604 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1772 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1944 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\HP1005LM.DLL [(Verified)Software 2000 Limited, 2.7] C:\WINDOWS\system32\msi.dll [Microsoft Corporation, 4.5.6001.22159] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1005S.DLL [(Verified)Hewlett-Packard , 1.0.0.2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MT.DLL [(Verified)Software 2000 Limited, 4.0.0.34] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MP.DLL [(Verified)Software 2000 Limited, 4.0.0.34] [PID: 2004 / LOCAL SERVICE] C:\WINDOWS\System32\SCardSvr.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 232 / SYSTEM] C:\Program Files\CMBCHINA\WebProtect\WPService.exe [(Verified)China Merchants Bank, 1, 0, 0, 1] C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll [(Verified)China Merchants Bank, 1, 0, 0, 1] [PID: 292 / SYSTEM] C:\WINDOWS\system32\I3BSer_ABC.exe [(Verified)N/A] [PID: 320 / SYSTEM] C:\WINDOWS\system32\I3BMON_ABC.exe [(Verified)Tendyron Corporation, 1, 0, 0, 0] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 324 / SYSTEM] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 2, 1, 1, 40] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 444 / SYSTEM] C:\WINDOWS\system32\SearchIndexer.exe [(Verified)Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\XmlLite.dll [Microsoft Corporation, 1.00.1018.0] [PID: 1492 / SYSTEM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE [(Verified)Software 2000 Limited, 4.0.0.34] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005MP.DLL [(Verified)Software 2000 Limited, 4.0.0.34] [PID: 752 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2844 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\AcSignIcon.dll [(Verified)Autodesk, 16.2.54.0] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll [(Verified)Autodesk, 16.2.54.0] C:\WINDOWS\system32\msi.dll [Microsoft Corporation, 4.5.6001.22159] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [(Verified)Adobe Systems Incorporated, 4.0.0.0client1] C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll [Adobe Systems Incorporated, 1.2.01.1551] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Client\4.0.0\VersionCue.DLL [(Verified)Adobe Systems, Incorporated, 4.0.0.0client1] C:\WINDOWS\system32\igfxpph.dll [(Verified)Intel Corporation, 6.14.10.5009] C:\WINDOWS\system32\hccutils.DLL [(Verified)Intel Corporation, 6.14.10.5009] C:\WINDOWS\system32\igfxsrvc.dll [(Verified)Intel Corporation, 6.14.10.5009] C:\WINDOWS\system32\igfxrCHS.lrc [(Verified)Intel Corporation, 6.14.10.5009] C:\WINDOWS\system32\MSISIP.DLL [Microsoft Corporation, 4.5.6001.22159 (vistasp1_ldr.080415-1732)] [PID: 1748 / Administrator] C:\Program Files\安全魔盘\SqlMon.exe [航天信息, 1.8.3.23] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] C:\WINDOWS\system32\msjetoledb40.dll [(Verified)N/A] [PID: 2052 / Administrator] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 2, 1, 1, 40] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDPKCS.dll [ Beijing WatchData System Co., Ltd., 3, 6, 2, 15] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDEvent.dll [ Beijing WatchData System Co., Ltd., 3, 2, 5, 0] [PID: 2060 / Administrator] C:\WINDOWS\system32\I3BSvr_ABC.exe [(Verified)Tendyron Corporation, 1, 0, 0, 0] C:\WINDOWS\system32\I3BToken_ABC.dll [Tendyron Corporation, 1, 0, 0, 0] C:\WINDOWS\system32\I3BCsp_ABC.dll [Tendyron Corporation, 2, 5, 2, 26] C:\WINDOWS\system32\I3BPinpad_ABC.dll [Copyright (C) 2012 Tendyron Co, Ltd. All rights reserved., 1, 0, 0, 0] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\I3BDev03_ABC.dll [Tendyron Corporation, 1, 0, 0, 2] C:\WINDOWS\system32\I3BDev05_ABC.dll [Tendyron Corporation, 1, 0, 0, 2] C:\WINDOWS\system32\I3BP11_ABC.dll [Tendyron Corporation, 1, 0, 0, 0] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] [PID: 2076 / Administrator] C:\Program Files\360\360safe\safemon\360tray.exe [(Verified)360.CN, 7, 0, 0, 1003] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\360\360safe\ipc\ipcservice.dll [(Verified)360.CN, 6, 5, 0, 1003] C:\Program Files\360\360safe\ipc\fileMgr.dll [(Verified)360.cn, 6, 5, 0, 1002] C:\Program Files\360\360safe\ipc\yhregd.dll [(Verified)(C) 360.cn Inc. All Rights Reserved., 6, 5, 0, 1002] C:\Program Files\360\360safe\ipc\appd.dll [(Verified)360.cn, 6, 5, 0, 1003] C:\Program Files\360\360safe\safemon\360compro.dll [(Verified)360安全中心, 6, 2, 0, 1003] C:\Program Files\360\360safe\safemon\360webpro.dll [(Verified)360.CN, 1, 3, 0, 1031] C:\Program Files\360\360safe\safemon\360traylive.dll [(Verified)360安全中心, 6, 0, 1, 1013] C:\Program Files\360\360safe\safemon\360procmon.dll [(Verified)360.CN, 6, 5, 0, 1001] C:\Program Files\360\360safe\safemon\SelfProtectAPI2.dll [(Verified)360.CN, 1, 1, 0, 1012] C:\Program Files\360\360safe\safemon\360safemonpro.tpi [(Verified)360.cn, 1, 1, 0, 1004] C:\Program Files\360\360safe\safemon\netm.tpi [(Verified)360.cn, 1, 0, 0, 1013] C:\Program Files\360\360safe\safemon\netmon.tpi [(Verified)360.CN, 1, 0, 1, 1008] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] C:\Program Files\360\360safe\safemon\urlproc.dll [(Verified)360.cn, 1, 2, 0, 1004] C:\Program Files\360\360safe\SafeLive.dll [(Verified)Copyright 2008, 1, 0, 0, 1006] C:\Program Files\360\360safe\pdown.dll [(Verified)360.cn, 1, 2, 0, 1012] C:\Program Files\360\360safe\netmon\360netctrl.dll [(Verified)360.cn, 1, 0, 1, 1011] [PID: 1680 / Administrator] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.29] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.33] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\AntiSpyware\rsxml1.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.65] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11] C:\Program Files\Rising\AntiSpyware\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] [PID: 1288 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 3272 / Administrator] C:\Program Files\arswp3\ArSwp3.exe [(Verified)Windows 清理助手, 3.0.15.0309] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\360\360safe\safemon\safemon.dll [(Verified)360.cn, 6, 3, 1, 1018] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\WINDOWS\system32\AcSignIcon.dll [(Verified)Autodesk, 16.2.54.0] C:\WINDOWS\system32\msi.dll [Microsoft Corporation, 4.5.6001.22159] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\scrchpg.dll [(Verified)Kaspersky Lab, 9.0.0.736] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klscav.dll [(Verified)Kaspersky Lab, 9.0.0.736] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prremote.dll [(Verified)Kaspersky Lab, 9.0.0.736] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prloader.dll [(Verified)Kaspersky Lab, 9.0.0.736] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\params.ppl [(Verified)Kaspersky Lab, 9.0.0.736] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\pxstub.ppl [(Verified)Kaspersky Lab, 9.0.0.736] C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(Verified)Adobe Systems, Inc., 10,0,45,2] ================================================================ 文件关联 [.chm] <"hh.exe" %1> [Microsoft Corporation, 4.73.8412] [.chm] <"hh.exe" %1> [Microsoft Corporation, 4.73.8412] ================================================================ Autorun.Inf [I:\autorun.inf] Open=autorun.exe [(Verified)N/A] icon=ABC.ico [N/A] ================================================================ Winsock提供者 ================================================================ 隐藏进程 [PID: 2084] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [(Verified)Kaspersky Lab, 9.0.0.736] [PID: 192] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [(Verified)Kaspersky Lab, 9.0.0.736] ================================================================ 可疑文件 ================================================================ HOSTS 127.0.0.1 localhost [/CODE]