最近电脑奇慢 查看资源管理器发现多了firefox.exe和VVist.exe进程,但没装firefox,鲁大师一键清理也不能用了显示无法查看firefox,用的卡巴 杀不出来
以下是sereng分析报告:[code]
2010-01-30,23:13:53
System Repair Engineer 2.8.2.1321
Smallfrogs (
http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\bubbles.scr> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [File is missing]
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r><Kaspersky Lab>
[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceSafe1 / ServiceSafe1][Running/Auto Start]
<C:\WINDOWS\Help\tours\mmtour\svohost.exe><N/A>
[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
<"D:\Program Files\360safe\deepscan\zhudongfangyu.exe"><360安全中心>
==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
<system32\drivers\360SelfProtection.sys><360安全中心>
[AMD Processor Driver / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[BFSDRV / BFSDRV][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
<System32\Drivers\Efimon.sys><奇虎网>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
<\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start]
<system32\DRIVERS\klmouflt.sys><Kaspersky Lab>
[msspac / msspac][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msspac.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\qutmdrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <D:\Program Files\easyMule\modules\IE2EM.dll, (Signed) VeryCD.com>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll, (Signed) Kaspersky Lab>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79} <d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\QQPhotoDrawEx.dll, (Signed) Tencent>
[BDA 调节型号 MPEG2 微调请求]
{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} <C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation>
[IE2EMBHO Class]
{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <D:\Program Files\easyMule\modules\IE2EM.dll, (Signed) VeryCD.com>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Zyzzyva]
{30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, >
[VirtualKeyboardButtonHandler Class]
{4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.8.1090.dll, (Signed) 深圳市迅雷网络技术有限公司>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[SkyDrive.Plugin.1]
{4990272A-0655-4D80-90A7-C18D0FF7A4A9} <d:\Program Files\NamiRobot\Plugins\SkyDrive1.dll, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll, (Signed) Kaspersky Lab>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <d:\PPStream\110~1.274\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\InMedia\MediaAddin.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <, >
[]
{7B434A2A-9E4C-48F2-8373-5801F316A4D5} <, >
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\Safelive.dll, (Signed) >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[TTPlayer ActiveX Control]
{89AE5F82-410A-4040-9387-68D1144EFD03} <d:\Program Files\TTPlayer\ttpctrl.dll, Alen Soft>
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5913.258.(713).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.29.(712).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[]
{A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} <, >
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79} <d:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL, Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_002.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd>
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5913.258.(713).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <, >
[QQCertCtrl Class]
{BAEA0695-03A4-43BB-8495-C7025E1A8F42} <C:\Program Files\Common Files\Tencent\Paycenter\qqcert.dll, (Signed) Tencent>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) CCTV.COM>
[FilterButtonHandler Class]
{CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[FilterBHO Class]
{E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\Program Files\Common Files\Tencent\Paycenter\qqedit.dll, (Signed) Tencent>
[]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.59150.261.(235).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[&U使用米人下载并收藏]
<D:\Program Files\NamiRobot\Data\du.html, N/A>
[使用电驴下载]
<D:\Program Files\easyMule\IE2EM.htm, N/A>
[使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\Bin\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 1184 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1232 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1256 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1488 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 4.00.1381.9562]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1528 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1584 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1724 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1832 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1868 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2044 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 340 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\FreeLaunchBar\flb.dll] [TrueSoft, 1.0.0.0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[PID: 872 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1708 / SYSTEM][C:\WINDOWS\Help\tours\mmtour\svohost.exe] [N/A, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1720 / Administrator][D:\Program Files\Tencent\QQ\Bin\QQ.exe] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\Common.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[D:\Program Files\Tencent\QQ\Bin\KernelUtil.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\GF.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\xGraphic32.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppUtil.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Bin\MainFrame.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[D:\Program Files\Tencent\QQ\Bin\IM.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\TaskTray.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll] [Tencent, 1.26.1.26]
[D:\Program Files\Tencent\QQ\Bin\KernelMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\AppCtrl.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ChatFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ConfigCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\CustomFace.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\LongCnn.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\ContactInfoFrame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\MsgMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\SkinMgr.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\QInterLive.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\SystemMsg.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Soso\Bin\Soso.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Weather\Bin\Weather.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\Com.Tencent.taotao\Bin\Taotao.dll] [Tencent, 1, 40, 1390, 0]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.2.0.22]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL] [Tencent, 1.2.0.3]
[D:\Program Files\Tencent\QQ\Bin\BasicCtrlDll.dll] [TENCENT, 8,0,773,1801]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\Bin\GroupApp.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qbar\Bin\QBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.netbar\Bin\NetBar.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.crm\Bin\CRM.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.vas\Bin\VAS.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Bin\InformationBox.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll] [Tencent, 1, 40, 1390, 0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.2.0.2654]
[C:\Program Files\SogouInput\4.2.0.2654\Resource.dll] [Sogou.com Inc., 4.2.0.2654]
[D:\Program Files\Tencent\QQ\Bin\AddrSearch.dll] [Tencent, 2, 3, 12, 11]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\VVisit.exe] [西安智鑫软件开发公司, 1.9.0.9]
[C:\WINDOWS\system32\SkinFeature.dll] [SkinFeature.Ltd, 1, 3, 0, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1960 / SYSTEM][C:\WINDOWS\system32\browser\pxy\privoxy.exe] [The Privoxy team -
www.privoxy.org, 3.0.15]
[C:\WINDOWS\system32\browser\pxy\mgwz.dll] [N/A, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1660 / Administrator][D:\Program Files\Tencent\QQ\Bin\TXPlatform.exe] [Tencent, 1, 40, 1390, 0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 40, 1390, 0]
[PID: 2572 / SYSTEM][C:\WINDOWS\system32\browser\firefox.exe] [Mozilla Corporation, 1.9.1.3]
[C:\WINDOWS\system32\browser\xul.dll] [Mozilla Foundation, 1.9.1.3]
[C:\WINDOWS\system32\browser\sqlite3.dll] [sqlite.org, 3.6.10]
[C:\WINDOWS\system32\browser\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\WINDOWS\system32\browser\nspr4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\smime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssutil3.dll] [Mozilla Foundation, 3.12.3.1]
[C:\WINDOWS\system32\browser\plc4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\plds4.dll] [Mozilla Foundation, 4.8]
[C:\WINDOWS\system32\browser\ssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\xpcom.dll] [Mozilla Foundation, 1.9.1.3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\browser\softokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\freebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\WINDOWS\system32\browser\nssckbi.dll] [Mozilla Foundation, 1.75]
[PID: 3732 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.438\QQ伴侣.exe] [, 2.05.0004]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\VSListview.ocx] [Mndsoft Studio, 0.00.0009]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\msjetoledb40.dll] [, ]
[C:\WINDOWS\system32\expsrv.dll] [Microsoft Corporation, 6.1.9774]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[PID: 448 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\easyMule\modules\IE2EM.dll] [VeryCD.com, 1.0.0.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll] [Kaspersky Lab, 9.0.0.459]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,8,1090]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\Thunder_F18010E7-0840-4352-86E9-05B2224D8217_\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll] [Kaspersky Lab, 9.0.0.464]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblc.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\kltbar.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\winreg.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\propmap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\nfio.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\filemap.ppl] [Kaspersky Lab, 9.0.0.459]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbcl.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34]
[C:\WINDOWS\system32\vbscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Common Files\Thunder Network\KanKan\RealMediaSplitter.1.0.2.5.(43).ax] [Gabest, 1, 0, 2, 5]
[PID: 1140 / Administrator][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe] [Kaspersky Lab, 9.0.0.459]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1520 / Administrator][D:\Program Files\sreng\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1924 / Administrator][D:\Program Files\sreng\SREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[D:\Program Files\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] SEQPACKET 3
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BA456DC-4BC5-4671-9BE3-81CE08A92D29}] DATAGRAM 3
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] SEQPACKET 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6521D1A8-C2F3-42E0-89F8-3DE369E41D9F}] DATAGRAM 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] SEQPACKET 4
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E60A8041-B154-4638-9147-BDEE6FB31FE1}] DATAGRAM 4
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] SEQPACKET 5
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{00978FDC-3BB9-4EDC-9A70-4EBEAF0AC7F7}] DATAGRAM 5
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1708, C:\WINDOWS\HELP\TOURS\MMTOUR\SVOHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\VVISIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1960, C:\WINDOWS\SYSTEM32\BROWSER\PXY\PRIVOXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2572, C:\WINDOWS\SYSTEM32\BROWSER\FIREFOX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3732, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RAR$EX00.438\QQ伴侣.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB943649, Outlook 2003 更新 (KB943649)
KB945185, Office 2003 安全更新 (KB945185) MS08-013
KB907417, Office 2003 更新 (KB907417)
KB943973, Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB925850, Windows Media Player 11
KB950213, Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB953432, Microsoft Office Outlook 2003 更新 (KB953432)
KB902344, 启用了 WMDRM 的 Media Player 更新程序 (KB902344)
KB921598, Microsoft Office 2003 安全更新 (KB921598) MS08-044
KB955439, Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB949810, Office 正版增值计划通知 (KB949810)-CHS
KB951535, Microsoft Office 2003 安全更新 (KB951535) MS08-069
KB905474, Windows Genuine Advantage 通知 (KB905474)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB973924, Microsoft Visual C++ 2008 Redistributable Package 的安全更新 (KB973924) MS09-035
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB971961, 用于 Windows XP 的 Jscript 5.7 的安全更新程序 (KB971961) MS09-045
KB971961, Windows Live 软件包
KB974554, Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB972580, Microsoft Office 2003 安全更新 (KB972580) MS09-062
KB973705, Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB976098, Windows XP 更新程序 (KB976098)
KB931125, 根证书更新 [2009 年 11 月] (KB931125)
KB970430, Windows XP 更新程序 (KB970430)
KB971737, Windows XP 更新程序 (KB971737)
KB955759, Windows XP 更新程序 (KB955759)
KB977840, Outlook 2003 垃圾邮件筛选器更新 (KB977840)
KB978551, Microsoft Office 2003 更新 (KB978551)
KB973688, Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688)
KB971513, Windows XP 更新程序 (KB971513)
KB890830, Windows 恶意软件删除工具 - 2010 年 1 月 (KB890830)
KB979202, Microsoft Silverlight 更新 (KB979202)
KB978207, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB978207) MS10-002
==================================
API HOOK
N/A
==================================
隐藏进程
[565] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
==================================
[
本帖最后由 wolaiye238 于 2010-2-2 20:13 编辑 ]
