瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮我看看这个文件是否有病毒或者木马

12   1  /  2  页   跳转

[已解决] 帮我看看这个文件是否有病毒或者木马

收藏
artrcl
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2009-02-02
  • 来自:
发表于: 2009-02-02 10:10 | 只看楼主 短消息 资料
字号: 1楼

帮我看看这个文件是否有病毒或者木马

它显示是Microsoft的文件,但又是加了壳的,描述是jet engine.

本人发现在system32下有一个同名的bksxjd.key文件:显示的是我的firefox搜索内容,我登录windows的用户名和密码,还有其它。

同时发现服务里有个serggggy服务。说明大概是"拨号连接需要使用此服务不能删除!", 此服务的执行代码是“c:\windows\system32\svchost -Kserggggy”

所以特别请各位帮忙看看这个bksxjd.dll文件

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

附件附件:

文件名:bksxjd.DLL.zip
下载次数:208
文件类型:application/zip
文件大小:
上传时间:2009-2-2 10:10:07
描述:zip

附件附件:

文件名:SREngLOG.zip
下载次数:185
文件类型:application/zip
文件大小:
上传时间:2009-2-2 11:01:24
描述:zip

附件附件:

文件名:internat.zip
下载次数:164
文件类型:application/zip
文件大小:
上传时间:2009-2-2 11:27:04
描述:zip

最后编辑artrcl 最后编辑于 2009-02-02 11:41:57
分享到:
gototop
 
whzl999
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2007-03-19
  • 来自:
发表于: 2009-02-02 10:26 | 短消息 资料
字号: 2楼

回复:帮我看看这个文件是否有病毒或者木马

啊..天月说是好鸟..
网上搜不到它的资料..
目前本机不方便下载..所 以只好搜索名字..
不是好鸟...不排除有同伙
最后编辑whzl999 最后编辑于 2009-02-02 10:28:29
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2009-02-02 10:27 | 短消息 资料
字号: 3楼

回复:帮我看看这个文件是否有病毒或者木马

病毒
Backdoor.Win32.PcClient
请立即在安全模式下删除
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2009-02-02 10:29 | 短消息 资料
字号: 4楼

回复: 帮我看看这个文件是否有病毒或者木马



引用:
原帖由 whzl999 于 2009-2-2 10:26:00 发表
啊..天月说是好鸟..
网上搜不到它的资料..
目前本机不方便下载..所 以只好搜索名字..

他说的不对  我删除了
这就是病毒
Backdoor.Win32.PcClient
明天入库
gototop
 
backway
头像
卡卡反病毒小组
  • 帖子:2473
  • 注册: 2008-11-20
  • 来自:
发表于: 2009-02-02 10:29 | 短消息 资料
字号: 5楼

回复:帮我看看这个文件是否有病毒或者木马

那文件有问题,多引擎扫了
那服务也可疑
建议上传sreng日志
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2009-02-02 10:30 | 短消息 资料
字号: 6楼

回复:帮我看看这个文件是否有病毒或者木马

我晕

我忘记上传在线检测了

就看了下文件
gototop
 
SpeW
头像
锋芒艾服狮
  • 帖子:1321
  • 注册: 2008-07-11
  • 来自:
发表于: 2009-02-02 10:30 | 短消息 资料
字号: 7楼

回复: 帮我看看这个文件是否有病毒或者木马

它能运行? 反正我计算机上他打都打不开
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2009-02-02 10:36 | 短消息 资料
字号: 8楼

回复: 帮我看看这个文件是否有病毒或者木马



引用:
原帖由 天月来了 于 2009-2-2 10:30:00 发表
我晕

我忘记上传在线检测了

就看了下文件 

看看加壳与否 区段名 导入导出  最后看看代码也能差不多看出来
gototop
 
artrcl
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2009-02-02
  • 来自:
发表于: 2009-02-02 10:47 | 只看楼主 短消息 资料
字号: 9楼

回复:帮我看看这个文件是否有病毒或者木马

这个文件很好删除,首先改名,重启,再删除。

本人已经做了如下操作:
用delsrv把那个服务serggggy删除了。
把此dll文件该为bak文件。

还有此文件可以嵌入到很多执行文件,本人使用prcview的pv看过,包括firefox,iexplore,explorer都在使用此dll文件。

以下是现在扫描的log。

2009-02-02,10:43:08

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools Lite><"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun>  [(Verified)DAEMON Tools Code Signing Services]
    <internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TpShocks><TpShocks.exe>  [(Verified)Lenovo(Japan)Ltd.]
    <SMSERIAL><C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe>  [Motorola Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor>  [Lenovo Group Limited]
    <BLOG><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog>  []
    <TPHOTKEY><C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe>  [(Verified)Lenovo(Japan)Ltd.]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <PSQLLauncher><"C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup>  [(Verified)UPEK Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <GinaDLL><vrlogon.dll>  [(Verified)UPEK Inc.]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
    <WinlogonNotify: psfus><C:\WINDOWS\system32\psqlpwd.dll>  [(Verified)UPEK Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    <WinlogonNotify: tpfnf2><C:\Program Files\Lenovo\HOTKEY\notifyf2.dll>  [(Verified)Lenovo (Japan) Ltd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    <WinlogonNotify: tphotkey><C:\Program Files\Lenovo\HOTKEY\tphklock.dll>  [Lenovo Group Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[BlackfishSQL / BlackfishSQL][Stopped/Manual Start]
  <"C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe" -S="BlackfishSQL"><CodeGear>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><Lenovo>
[Power Manager DBC Service / Power Manager DBC Service][Running/Auto Start]
  <C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE><>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Team Coherence Server / TCService1][Running/Auto Start]
  <"C:\Program Files\Qsc\Team Coherence\Server\Bin\TCService.exe" "/NAME=TCService1"><Quality Software Components>
[ThinkPad HDD APS Logging Service / TPHDEXLGSVC][Running/Auto Start]
  <System32\TPHDEXLG.exe><(File is missing)>
[VMware Agent Service / ufad-ws60][Stopped/Manual Start]
  <"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>
[VMware Authorization Service / VMAuthdService][Running/Auto Start]
  <"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Stopped/Disabled]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Running/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[aswFsBlk / aswFsBlk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atmeltpm / atmeltpm][Stopped/Manual Start]
  <system32\DRIVERS\atmeltpm.sys><Atmel, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hcmon.sys><VMware, Inc.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Shockprf / Shockprf][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\Apsx86.sys><Lenovo.>
[SMI Helper Driver (smihlp) / smihlp][Running/Auto Start]
  <\??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys><UPEK Inc.>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TC USB Kernel Driver / TcUsb][Running/Manual Start]
  <System32\Drivers\tcusb.sys><UPEK Inc.>
[TPDIGIMN / TPDIGIMN][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ApsHM86.sys><Lenovo.>
[TPHKDRV / TPHKDRV][Running/System Start]
  <system32\DRIVERS\TPHKDRV.sys><Lenovo Group Limited>
[Winbond Trusted Platform Module / TPM][Running/Manual Start]
  <system32\DRIVERS\tpm.sys><Winbond Electronics Corp.>
[TPPWRIF / TPPWRIF][Running/System Start]
  <System32\drivers\Tppwrif.sys><N/A>
[VMware vmci / vmci][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmci.sys><VMware, Inc.>
[VMware kbd / vmkbd][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\VMkbd.sys><VMware, Inc.>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start]
  <\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
最后编辑artrcl 最后编辑于 2009-02-02 10:58:25
gototop
 
artrcl
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2009-02-02
  • 来自:
发表于: 2009-02-02 10:48 | 只看楼主 短消息 资料
字号: 10楼

回复:帮我看看这个文件是否有病毒或者木马

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[IE2EMBHO Class]
  {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <C:\Program Files\easyMule\modules\IE2EM.dll, (Signed) VeryCD.com>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[&Save Flash]
  {4064EA35-578D-4073-A834-C96D82CBCF40} <C:\Program Files\Save Flash\SaveFlash.dll, TODO: <Company name>>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[IE2EMBHO Class]
  {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <C:\Program Files\easyMule\modules\IE2EM.dll, (Signed) VeryCD.com>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[&Save Flash]
  {4064EA35-578D-4073-A834-C96D82CBCF40} <C:\Program Files\Save Flash\SaveFlash.dll, TODO: <Company name>>
[]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[Google Update Plugin]
  {6A92F843-6F29-445A-B506-89049EC1FE66} <C:\Documents and Settings\lsd\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll, (Signed) Google Inc.>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <c:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[webThunder Class]
  {D2E6878A-49AF-4F6B-8A2F-C2A93F19EF80} <C:\Program Files\Thunder Network\Thunder\ComDlls\LinkSimulate.dll, 快乐软件吧>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用电驴下载]
  <C:\Program Files\easyMule\IE2EM.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 900 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 948 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 980 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\vrlogon.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4162]
    [C:\WINDOWS\system32\psqlpwd.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\infql2.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\homepass.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\bio.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\qlbase.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\ps2css.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\Lenovo\HOTKEY\tphklock.dll]  [Lenovo Group Limited, 1.03]
    [C:\Program Files\ThinkVantage Fingerprint Software\pscssint.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\vti.dll]  [UPEK Inc., 5.8.2.4461]
[PID: 1024 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\psqlpwd.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ThinkVantage Fingerprint Software\infql2.dll]  [UPEK Inc., 5.8.2.4461]
    [C:\Program Files\ThinkVantage Fingerprint Software\qlbase.dll]  [UPEK Inc., 5.8.2.4461]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe]  [Lenovo, 1.51]
[PID: 1224 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4168]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2511]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2520]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1244 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1348 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
    [C:\WINDOWS\system32\PrxerNsp.dll]  [ , 2, 60, 0, 1]
[PID: 1772 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
[PID: 1868 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4168]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2511]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2520]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4162]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1972 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
[PID: 568 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1296, 0]
[PID: 760 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerNsp.dll]  [ , 2, 60, 0, 1]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll]  [ALWIL Software, 4, 8, 1296, 0]
[PID: 1600 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerNsp.dll]  [ , 2, 60, 0, 1]
[PID: 656 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 932 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 12, 12]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerNsp.dll]  [ , 2, 60, 0, 1]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
    [C:\Program Files\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [C:\Program Files\StormII\box\BoxLog.dll]  [北京暴风网际科技有限公司, 3, 8, 12, 12]
[PID: 1264 / SYSTEM][C:\Program Files\Qsc\Team Coherence\Server\Bin\TCService.exe]  [Quality Software Components, 7.1.3.25]
    [C:\Program Files\Qsc\Team Coherence\Server\Bin\Vcl50.bpl]  [Inprise Corporation, 5.0.6.18]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Qsc\Team Coherence\Server\Bin\GPVSCore.dll]  [Quality Software Components, 7.1.3.25]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
    [C:\Program Files\Qsc\Team Coherence\Server\Bin\TRKSCore.dll]  [Quality Software Components, 7.1.3.25]
[PID: 1880 / SYSTEM][C:\WINDOWS\System32\TPHDEXLG.exe]  [Lenovo., 1.60.0.6]
[PID: 2000 / SYSTEM][C:\WINDOWS\system32\vmnat.exe]  [VMware, Inc., 6.5.1 build-126130]
[PID: 1712 / SYSTEM][C:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  [VMware, Inc., 6.5.1 build-126130]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.5.1 build-126130]
    [C:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.5.0 build-112107]
    [C:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]
    [C:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]
    [C:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
[PID: 576 / SYSTEM][C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.60.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1408 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 8, 1296, 0]
[PID: 2160 / lsd][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.60.0.6]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 8, 1296, 0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.0.0.2008061100]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 9.0.0.0]
    [C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll]  [Lenovo Group Limited, 1.01]
    [C:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll]  [, 1, 0, 0, 2]
[PID: 2172 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\PrxerDrv.dll]  [Initex Software, 2, 70, 0, 1]
[PID: 2908 / lsd][C:\WINDOWS\system32\TpShocks.exe]  [Lenovo., 1.61.0.1]
    [C:\Program Files\ThinkPad\TpShocks\MUI\0804\TpShocks.dll]  [, ]
    [C:\WINDOWS\system32\Sensor.dll]  [Lenovo., 1.60.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1296, 0]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT