以下是我的log,请大哥大姐帮
帮忙,祝你们新年快乐
复制内容到剪贴板
代码:
2008-02-06,08:41:07
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WebThunder><"F:\Program Files\Thunder Network\WebThunder\WebThunder.exe" /autostart> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<KavStart><"C:\KAV2007\KAVStart.exe" -startup> [Kingsoft Corporation]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [奇虎网]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start> [奇虎网]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KASTask><"C:\Program Files\Kingsoft Antispy\KASTask.EXE"> [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Wisin><C:\WINDOWS\system32\Wisin.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{2f32e793-9263-4aa5-862f-da2480554715}><C:\WINDOWS\system32\JAA-JAA-1032.dll> []
<{9a8234b5-a04c-4b0c-ad8c-f4fdb94c9543}><C:\WINDOWS\system32\RAA_RAA_1002.dll> []
<{94f833b0-726d-4d09-b715-6352f632ece7}><C:\WINDOWS\system32\QAB_QAB_1011.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\laizhl\「开始」菜单\程序\启动\腾讯QQ.lnk --> I:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><H>
[QQ游戏启动加速程序]
<C:\Documents and Settings\laizhl\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> I:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><H>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Fantasia Sango 3 CH (Pro_CD) Drivers Auto Removal (pr2ahvub) / pr2ahvub][Stopped/Auto Start]
<C:\WINDOWS\system32\pr2ahvub.exe svc><USERJOY>
==================================
驱动程序
[360AntiArp / 360AntiArp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><奇虎网>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>
[DeepFree Update / DeepFree Update][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Fantasia Sango 3 CH (Pro_CD) Environment Driver (pe3ahvub) / pe3ahvub][Running/Boot Start]
<\SystemRoot\system32\drivers\pe3ahvub.sys><USERJOY>
[Fantasia Sango 3 CH (Pro_CD) File System Driver (pf2ahvub) / pf2ahvub][Running/Boot Start]
<\SystemRoot\system32\drivers\pf2ahvub.sys><USERJOY>
[Fantasia Sango 3 CH (Pro_CD) Synchronization Driver (ps6ahvub) / ps6ahvub][Running/Boot Start]
<\SystemRoot\system32\drivers\ps6ahvub.sys><USERJOY>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XDva033 / XDva033][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva033.sys><N/A>
[XDva048 / XDva048][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva048.sys><N/A>
[XDva052 / XDva052][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva052.sys><N/A>
[USB PC Camera (ZS0211) / ZSMC211][Stopped/Manual Start]
<System32\Drivers\ZS211.sys><ZSMC Corporation>
==================================
浏览器加载项
[启动WEB迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <F:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\WINDOWS\system32\dllcache\vgx.dll, Microsoft Corporation>
[Fade]
{16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <F:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.41.65.713.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[PopBlocker Class]
{7648AC4A-76F6-4D95-B2C4-F0DBD88E5DD5} <, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\Thunder Network\WebThunder\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <c:\program files\360safe\live.dll, 360safe.com>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[WebVGPlayer Class]
{AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <, N/A>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[QQPlayerSvr Proxy Control]
{CD108273-D434-43E6-AA90-1469F97EB398} <I:\Program Files\Tencent\QQ\QzoneMusic.dll, 腾讯科技>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder DapCtrl]
{EF1EA76E-5428-4e40-85A1-D4DD2893183A} <F:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapCtrl1.3.17.20.713.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[&使用快车(FlashGet)下载]
<, N/A>
[&使用快车(FlashGet)下载全部链接]
<, N/A>
[使用WEB迅雷下载]
<F:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
<F:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<i:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[PID: 960 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1108 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1380 / SYSTEM][C:\KAV2007\KWatch.EXE] [Kingsoft Corporation, 2007, 8, 13, 78]
[C:\KAV2007\KAVIPC2.DLL] [Kingsoft Corporation, 2007, 1, 15, 30]
[C:\KAV2007\KAEPlat.DLL] [Kingsoft Corp., 2007, 6, 19, 64]
[C:\KAV2007\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2007\KAEUnpack.DAT] [Kingsoft Corporation, 2007,11,26,169]
[C:\KAV2007\KAVQuara.DLL] [Kingsoft Corporation, 2007, 6, 15, 4]
[C:\KAV2007\KAVDevC.dll] [Kingsoft Corporation, 2007, 8, 23, 12]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
[PID: 1648 / laizhl][c:\windows\system32\userinit.exe] [N/A, ]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1900 / SYSTEM][C:\KAV2007\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 8, 17, 39]
[PID: 1940 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8415]
[PID: 208 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1592 / laizhl][F:\Program Files\Thunder Network\WebThunder\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 12, 2, 210]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[F:\Program Files\Thunder Network\WebThunder\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[F:\Program Files\Thunder Network\WebThunder\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 0, 52]
[F:\Program Files\Thunder Network\WebThunder\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 204]
[F:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[F:\Program Files\Thunder Network\WebThunder\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 204]
[F:\Program Files\Thunder Network\WebThunder\streammedialib.dll] [, 1, 3, 2, 107]
[F:\Program Files\Thunder Network\WebThunder\al.dll] [, 1, 0, 1, 3]
[F:\Program Files\Thunder Network\WebThunder\xldc.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[F:\Program Files\Thunder Network\WebThunder\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 6]
[F:\Program Files\Thunder Network\WebThunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
[F:\Program Files\Thunder Network\WebThunder\CacheServer.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[F:\Program Files\Thunder Network\WebThunder\XLSafe\SafeInfo.dll] [深圳市迅雷网络技术有限公司, 1, 0, 1, 2]
[F:\Program Files\Thunder Network\WebThunder\XLSafe\RMFScan.dll] [N/A, ]
[F:\Program Files\Thunder Network\WebThunder\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[F:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll] [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 3, 21]
[F:\Program Files\Thunder Network\WebThunder\XLStatistic\XLStatisticAddin.dll] [深圳市迅雷网络技术有限公司, 1, 4, 1, 5]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[PID: 1892 / laizhl][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1736 / laizhl][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2892 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3144 / laizhl][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]
[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[C:\WINDOWS\system32\QAB_QAB_1011.dll] [N/A, ]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[G:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\KAV2007\KAVEXT.DLL] [Kingsoft Corporation, 2007, 6, 21, 29]
[I:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
[I:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8415]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8415]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[PID: 3840 / laizhl][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2616 / laizhl][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[G:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[PID: 3304 / laizhl][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1704 / laizhl][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[G:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[PID: 2608 / laizhl][C:\DOCUME~1\laizhl\LOCALS~1\Temp\Rar$EX13.469\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[c:\windows\system32\HDDGuard.dll] [N/A, ]
[C:\DOCUME~1\laizhl\LOCALS~1\Temp\Rar$EX13.469\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.177dvd.cn
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
==================================
进程特权扫描
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
