[PID: 1944 / Administrator][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.1.3.2]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 1880 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6902]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6902]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.6902]
[PID: 1596 / Administrator][D:\360safe\safemon\360tray.exe] [奇虎网, 5, 0, 0, 1002]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 3, 0, 1003]
[D:\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001]
[D:\360safe\live.dll] [360.cn, 1, 0, 1, 1028]
[PID: 2128 / Administrator][D:\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 2200 / Administrator][D:\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[D:\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 2228 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 2284 / Administrator][D:\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 171]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\PPStream\vodnet.dll] [PPStream Inc., 1, 0, 11, 171]
[D:\PPStream\vodres.dll] [PPStream Inc., 1, 0, 11, 171]
[D:\PPStream\ppssg.dll] [PPStream Inc., 1, 0, 11, 171]
[D:\PPStream\fds.dll] [PPStream Inc., 1, 0, 0, 97]
[PID: 2376 / Administrator][D:\飞速土豆\飞速Tudou\TudouVa.exe] [土豆网, 1.11]
[D:\飞速土豆\飞速Tudou\upnpdll.dll] [N/A, ]
[D:\飞速土豆\飞速Tudou\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.163]
[D:\飞速土豆\飞速Tudou\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\飞速土豆\飞速Tudou\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 3816 / Administrator][C:\WINDOWS\system32\taskmgr.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 3360 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 3524 / Administrator][D:\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 1, 1, 1717]
[D:\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 113]
[D:\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 358]
[D:\Maxthon2\MxProxy2.dll] [Maxthon International ltd., 1, 0, 0, 4033]
[D:\Maxthon2\MxExt.dll] [N/A, ]
[D:\Maxthon2\MxUI.dll] [Maxthon International, 3, 3, 0, 3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[D:\Maxthon2\maxzlib.dll] [, 1.2.3]
[D:\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll] [Maxthon International ltd., 1,0,0,1330]
[D:\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll] [Maxthon, 1,0,2,1187]
[D:\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125]
[D:\Maxthon2\Modules\MxHistory\MxHistory.dll] [Maxthon International ltd., 1, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\StormII\Codec\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL] [Microsoft Corporation, 5.00.2916.0]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 3016 / Administrator][D:\Maxthon2\Modules\MxUpdate\MxUp.exe] [Maxthon International ltd., 1, 0, 0, 25]
[D:\Maxthon2\MxUI.dll] [Maxthon International, 3, 3, 0, 3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 4008 / Administrator][D:\Maxthon2\Modules\MXDOWN~1\MXDOWN~1.EXE] [Maxthon International ltd., 1,0,0,7901]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[D:\Maxthon2\Modules\MxDownloader\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 2, 3, 35]
[D:\Maxthon2\Modules\MXDOWN~1\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 19, 7, 181]
[D:\Maxthon2\Modules\MXDOWN~1\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 19, 7, 181]
[PID: 3352 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [Alexander Roshal, 3.41]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[PID: 3324 / Administrator][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6902]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.6902]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6902]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 2412 / Administrator][C:\Documents and Settings\Administrator\桌面\新建文件夹 (4)\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 2748 / Administrator][C:\Documents and Settings\Administrator\桌面\新建文件夹 (4)\SRE2a72b1d8.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1637]
[C:\Documents and Settings\Administrator\桌面\新建文件夹 (4)\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1
www.868wg.com127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1
www.tomwg.com127.0.0.1
www.cike007.cn127.0.0.1
www.22aaa.com127.0.0.1 xx.exiao01.com
127.0.0.1
www.exiao01.com127.0.0.1
www.exiao01.com127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1
www.333292.com127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 aaa.faba01.com
127.0.0.1 bad.tqdlt.cn
127.0.0.1 1.chsipo.com
127.0.0.1 c3.aishangai.net
127.0.0.1 c2.aishangai.net
127.0.0.1 xxx.188dm.com
127.0.0.1 x2.1a2b3c1.com
127.0.0.1 d1.163500.net
127.0.0.1 down.google-serv.cn
127.0.0.1 gxgxy.net
127.0.0.1 c0mo.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 284, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2376, D:\飞速土豆\飞速TUDOU\TUDOUVA.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3352, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2412, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹 (4)\SRENGLDR.EXE]
==================================
计划任务
[已启用] SogouImeMgr.job
D:\SOGOUI~1\360~1.163\PinyinRepair.exe
[已启用] MsUpdateTask.job
rundll32
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
