[CODE] 2010-05-23,20:19:27 SysLog Scanner 3.0 - build 20091220 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) ================================================================ 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [AMD, 1, 1, 4, 0] [意天软件, 1, 0, 0, 37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [ATI Technologies Inc., 6.14.10.4178] ================================================================ 启动组 ================================================================ 任务计划 [贝壳木马专杀登录扫描任务.job] <"C:\Program Files\Beike\Beike Scan\beikescan.exe" -ts:logon> [] [贝壳木马专杀每日定时扫描任务.job] <"C:\Program Files\Beike\Beike Scan\beikescan.exe" -ts:daily> [] ================================================================ 组件 -------------------------------- Shell Extension [Display Panning CPL Extension] <{42071714-76d4-11d1-8b24-00a0c9068ff3}> [] [Windows Script Host 的 Shell extensions] <{60254CA5-953B-11CF-8C96-00AA00B8708C}> [Microsoft Corporation, 5.7.0.18066] [任务栏和「开始」菜单] <{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> [] [WinRAR shell extension] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [UnlockerShellExtension] <{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}> [N/A] -------------------------------- Context Menu [WinRAR] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [UnlockerShellExtension] <{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}> [N/A] -------------------------------- ActiveX Extension [360SafeLive] <{87515F61-A66C-4319-A0E0-D416CB8059E3}> [(Verified)Copyright 2008, 1, 0, 0, 1006] [Shockwave Flash Object] <{D27CDB6E-AE6D-11CF-96B8-444553540000}> [(Verified)Adobe Systems, Inc., 10,0,45,2] ================================================================ 服务 [Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled] <%SystemRoot%\system32\Ati2evxx.exe> [ATI Technologies Inc., 6.14.10.4228] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [Network Location Awareness (NLA) / Nla][Running/Manual Start] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mswsock.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111) | Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start] [(Verified)Kingsoft Corporation, 2010,05,13,149] [主动防御 / ZhuDongFangYu][Stopped/Manual Start] <"C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe"> [(Verified)360.cn, 3, 2, 2, 1001] ================================================================ 驱动 [ati2mtag / ati2mtag][Running/Manual Start] [ATI Technologies Inc., 6.14.10.7018] [Intel RAID Controller / iaStor5][Stopped/Disabled] <\SystemRoot\system32\drivers\iastor5.sys> [Intel Corporation, 5.5.2.1003] [Intel AHCI Controller 6 / iaStor6][Stopped/Disabled] <\SystemRoot\system32\drivers\iastor6.sys> [Intel Corporation, 6.2.1.1002] [ITEATAPI_Service_Install / iteatapi][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\iteatapi.sys> [Integrated Technology Express, Inc., v1.3.2.0 built by: WinDDK] [JRAID / JRAID][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\jraid.sys> [JMicron Technology Corp., 1.17.37.01 built by: WinDDK] [krpr / krpr][Stopped/Manual Start] <\??\C:\Program Files\Kingsoft\webshieldSVC\krpr.sys> [] [m5228 / m5228][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\m5228.sys> [ALi Corporation., 5.028] [m5281 / m5281][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\m5281.sys> [ALi Corporation, 5.029] [m5287 / m5287][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\m5287.sys> [ULi Electronics Inc., 6.209] [m5288 / m5288][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\m5288.sys> [ULi Electronics Inc., 6.218] [m5289 / m5289][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\m5289.sys> [ULi Electronics Inc., 5.030] [nvatabus / nvatabus][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\nvatabus.sys> [NVIDIA Corporation, 5.10.2600.0666 built by: WinDDK] [nvgts / nvgts][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\nvgts.sys> [NVIDIA Corporation, 10.3.0.21 built by: WinDDK] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] [NVIDIA Corporation, 10.3.0.21 built by: WinDDK] [ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SI3112r.sys> [Silicon Image, Inc, 1, 0, 56, 0] [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [Silicon Image, Inc., 1.0.0.11] [SiSRaid / SiSRaid][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiSRaid.sys> [Silicon Integrated Systems, 5.1.1039.1090] [SiSRaid2 / SiSRaid2][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiSRaid2.sys> [Silicon Integrated Systems Corp, 2.03.00] [SiSRaid4 / SiSRaid4][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sisraid4.sys> [Silicon Integrated Systems, 3.02.04 built by: WinDDK] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [UnlockerDriver5 / UnlockerDriver5][/Boot Start] <\??\C:\Program Files\Unlocker\UnlockerDriver5.sys> [N/A] [viamraid / viamraid][Stopped/Boot Start] [VIA Technologies inc,.ltd, 5.1.6000.574] [360SelfProtection / 360SelfProtection][Running/System Start] [(Verified)360安全中心, 1, 0, 0, 1029] [ahcix86 / ahcix86][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ahci8086.sys> [(Verified)AMD Technologies Inc., 3.1.1540.50 built by: WinDDK] [amdide / amdide][Running/Boot Start] [(Verified)Advanced Micro Devices, 5.1.0.8 built by: WinDDK] [AMD Low Level Device Driver / AmdLLD][Running/Manual Start] [(Verified)AMD, Inc., 1.0.1.0] [AMD HwPState Processor Driver / AmdPPM][Running/System Start] [(Verified)Advanced Micro Devices, 1.0.0 built by: WinDDK] [ATI Function Driver for HDMI Service / AtiHdmiService][Running/Manual Start] [(Verified)ATI Research Inc., 5.00.50000.08] [AtpKrnl / AtpKrnl][Running/Manual Start] [(Verified)www.arswp.com, 3.00] [BAPIDRV / BAPIDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS> [(Verified)360.cn, 1.0.0.1008] [bootsafe / bootsafe][Running/Boot Start] [(Verified)Copyright (C) 2008, 2009, 1, 6, 12] [EfiSystemMon / EfiMon][Running/System Start] [(Verified)奇虎网, 1, 0, 0, 1005] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK] [HookPort / HookPort][Running/Boot Start] [(Verified)360安全中心, 1, 0, 0, 1010] [Intel AHCI Controller 7 / iaStor7][Stopped/Disabled] <\SystemRoot\system32\drivers\iastor7.sys> [(Verified)Intel Corporation, 7.8.0.1012] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5680 built by: WinDDK] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2010,04,14,609] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [(Verified)AMD Inc., 4.38.00 built by: WinDDK] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)] [Quantum DeepScanner Servers / qutmdserv][Running/System Start] <\??\C:\WINDOWS\system32\drivers\qutmdrv.sys> [(Verified)360安全中心, 6.5.0.1002] [qutmipc / qutmipc][Running/System Start] <\??\C:\WINDOWS\system32\drivers\qutmipc.sys> [(Verified)360安全中心, 6.2.0.1007] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.680.1023.2007 built by: WinDDK] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086] [vmscsi / vmscsi][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\vmscsi.sys> [(Verified)VMware, Inc., 1.2.0.6] ================================================================ 活动进程 [PID: 756 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\Ati2evxx.dll [ATI Technologies Inc., 6.14.10.4178] [PID: 816 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 968 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1036 / ] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1076 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1120 / ] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1160 / ] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1188 / SYSTEM] C:\Program Files\Kingsoft\webshieldSVC\KSWebShield.exe [(Verified)Kingsoft Corporation, 2010,05,13,149] C:\Program Files\Kingsoft\webshieldSVC\kdump.dll [(Verified)Kingsoft Corporation, 2010,05,05,963] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwssp.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\Program Files\Kingsoft\webshieldSVC\kxebase.dll [(Verified)Kingsoft Corporation, 2009,11,20,309] C:\Program Files\Kingsoft\webshieldSVC\scom.dll [(Verified)Kingsoft Corporation, 2009,11,20,309] C:\Program Files\Kingsoft\webshieldSVC\kxecore\kxelog.dll [(Verified)Kingsoft Corporation, 2009,11,20,309] C:\Program Files\Kingsoft\webshieldSVC\kxecore\kxecore.dll [(Verified)Kingsoft Corporation, 2009,11,20,309] C:\Program Files\Kingsoft\webshieldSVC\kxecore\kxestat.dll [(Verified)Kingsoft Corporation, 2010,5,12,402] C:\Program Files\Kingsoft\webshieldSVC\report\kinfoc.dll [(Verified)Kingsoft Corporation, 2010,05,07,677] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\Program Files\Kingsoft\webshieldSVC\kwsow.dll [(Verified)Kingsoft Corporation, 2010,04,08,78] C:\Program Files\Kingsoft\webshieldSVC\kwsmot.dll [(Verified)Kingsoft Corporation, 2010,04,22,117] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1532 / 海燕] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1704 / 海燕] C:\Program Files\MultDesk\YtMDesk.exe [意天软件, 1, 0, 0, 37] C:\Program Files\MultDesk\BaseRun.dll [Copyright (C) 2009, 1, 0, 0, 7] C:\Program Files\MultDesk\DeskProc.dll [意天软件, 1, 0, 0, 2] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\MultDesk\CndSkin.dll [意天软件, 1.0.0.9] C:\Program Files\MultDesk\PRESKI~1.DLL [意天软件, 1.0.0.9] C:\Program Files\MultDesk\CNDSKI~1.DLL [意天软件, 1.0.0.9] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] [PID: 1772 / 海燕] C:\WINDOWS\Explorer.Exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2012 / 海燕] C:\Program Files\MultDesk\YtMDesk.exe [意天软件, 1, 0, 0, 37] C:\Program Files\MultDesk\BaseRun.dll [Copyright (C) 2009, 1, 0, 0, 7] C:\Program Files\MultDesk\DeskProc.dll [意天软件, 1, 0, 0, 2] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\MultDesk\CndSkin.dll [意天软件, 1.0.0.9] C:\Program Files\MultDesk\PRESKI~1.DLL [意天软件, 1.0.0.9] C:\Program Files\MultDesk\CNDSKI~1.DLL [意天软件, 1.0.0.9] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 312 / 海燕] C:\Program Files\Kingsoft\webshieldSVC\kwstray.exe [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kdump.dll [(Verified)Kingsoft Corporation, 2010,05,05,963] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\Program Files\Kingsoft\webshieldSVC\report\kinfoc.dll [(Verified)Kingsoft Corporation, 2010,05,07,677] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 616 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 324 / 海燕] D:\Program Files\Bin\QQ.exe [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\Common.dll [(Verified)Tencent, 1, 48, 1690, 0] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL [Microsoft Corporation, 8.00.50727.4053] D:\Program Files\Bin\KernelUtil.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\GF.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\xGraphic32.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\AppUtil.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\AFUtil.dll [(Verified)Tencent, 1, 48, 1700, 0] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] D:\Program Files\Bin\AppFramework.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\MainFrame.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\AFCtrl.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\IM.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\TaskTray.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\TXPFProxy.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll [(Verified)Tencent, 1.48.1.48] D:\Program Files\Bin\KernelMisc.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\AppMisc.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\ChatFrame.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\ConfigCenter.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\CustomFace.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\LongCnn.dll [(Verified)Tencent, 1, 48, 1690, 0] D:\Program Files\Bin\ContactInfoFrame.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\MsgMgr.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\SkinMgr.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\QInterLive.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\SystemMsg.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.Soso\Bin\Soso.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.Weather\Bin\Weather.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\Com.Tencent.taotao\Bin\Taotao.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\BasicCtrlDll.dll [(Verified)TENCENT, 8,0,773,1801] C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll [(Verified)Tencent, 1.2.1.6] C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL [(Verified)Tencent, 1.2.1.5] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\msdmo.dll [(Verified)N/A] D:\Program Files\Bin\GroupApp.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.snsapp\Bin\SNSApp.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.paycenter\Bin\PayCenter.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qbar\Bin\QBar.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.wenwen\Bin\WenWen.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\WBlog.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\Contacts.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.netbar\Bin\NetBar.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.vas\Bin\VAS.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.wireless\Bin\Wireless.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqshow\Bin\QQShow.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\InformationBox.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.crm\Bin\CRM.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqgame\Bin\QQGame.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqvip\Bin\QQVip.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqring\Bin\QQRing.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.winks\Bin\Winks.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.qqpet\Bin\QQPet.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.mail\Bin\Mail.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.memo\Bin\Memo.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Plugin\com.tencent.gamelife\Bin\GameLife.dll [(Verified)Tencent, 1, 48, 1700, 0] C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(Verified)Adobe Systems, Inc., 10,0,45,2] D:\Program Files\Plugin\com.tencent.advertisement\Bin\Advertisement.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\vqqsdl.dll [(Verified)Tencent, 5, 0, 3, 24] D:\Program Files\Plugin\com.tencent.today\Bin\Today.dll [(Verified)Tencent, 1, 48, 1700, 0] C:\WINDOWS\system32\GOOGLEPINYIN.IME [Google Inc.] D:\Program Files\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll [(Verified)Tencent, 1, 48, 1700, 0] D:\Program Files\Bin\AddrSearch.dll [(Verified)Tencent, 2, 3, 12, 11] [PID: 1528 / 海燕] D:\Program Files\Bin\TXPlatform.exe [(Verified)Tencent, 1, 48, 1690, 0] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] D:\Program Files\Bin\TXPFProxy.dll [(Verified)Tencent, 1, 48, 1690, 0] [PID: 440 / 海燕] C:\Program Files\Internet Explorer\IEXPLORE.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kdump.dll [(Verified)Kingsoft Corporation, 2010,05,05,963] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\WINDOWS\system32\VBSCRIPT.DLL [Microsoft Corporation, 5.7.0.18066] C:\Program Files\Kingsoft\webshieldSVC\kswbc.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(Verified)Adobe Systems, Inc., 10,0,45,2] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\GOOGLEPINYIN.IME [Google Inc.] [PID: 3340 / 海燕] F:\杀毒\windows清理助手\ArSwp3.exe [(Verified)Windows 清理助手, 3.0.15.0309] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Kingsoft\webshieldSVC\kwsui.dll [(Verified)Kingsoft Corporation, 2010,05,20,156] C:\Program Files\Kingsoft\webshieldSVC\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,05,23,166] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [(Verified)Adobe Systems, Inc., 10,0,45,2] ================================================================ 文件关联 [.vbs] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066] [ .js] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066] ================================================================ Autorun.Inf ================================================================ Winsock提供者 [MSAFD Tcpip [TCP/IP]] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD Tcpip [UDP/IP]] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD Tcpip [RAW/IP]] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{529DACE7-23E6-44F0-80E6-B36360A8A1EC}] SEQPACKET 3] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{529DACE7-23E6-44F0-80E6-B36360A8A1EC}] DATAGRAM 3] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{50E7021E-2A2D-44E7-8801-1E311244842F}] SEQPACKET 0] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{50E7021E-2A2D-44E7-8801-1E311244842F}] DATAGRAM 0] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] ================================================================ 隐藏进程 ================================================================ 可疑文件 ================================================================ HOSTS 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com [/CODE]