- UID
- 252119
- 积分
- 20
- 金元
- 0 JY
- 金分
- 4162 JF
- 活跃度
- 51
|
朋友中了病毒nod 卡巴查不到的 sreng扫描日记帮看下
中了jpg.exe 这个伪装成文件夹图片 不小心打开了 怎么帮 nod 卡巴扫不出有毒
病毒样本我打包上传 有高手帮测试下的吗? 谢谢了****2008-02-24,20:26:33
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe> [AMD]
<SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\FireWall\pfw.exe> [广州众达天网技术有限公司]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Tencent Technology(Shenzhen) Company Limited]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr> [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[ahcix86 / ahcix86][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ahci8086.sys><ATI Technologies Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
<system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATI Function Driver for HDMI Service / AtiHdmiService][Running/Manual Start]
<system32\drivers\AtiHdmi.sys><ATI Research Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Intel RAID Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iaStor7.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ITEATAPI_Service_Install / iteatapi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iteatapi.sys><Integrated Technology Express, Inc.>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[m5228 / m5228][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[mv61xx / mv61xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ATI-437A Serial ATA Controller / SI3112r][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[SKNFW / SKNFW][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
<\??\C:\PROGRA~1\SkyNet\FireWall\SkyProcs.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\vmscsi.sys><VMware, Inc.>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[深度技术论坛]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://bbs.deepin.org, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[GerneralPeerID Class]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin15.dll, N/A>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Thunder\Components\DownAndPlay\DapCtrl1.4.19.22.642.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.44.68.642.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 696 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 776 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4176]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 988 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4178]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2512]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2524]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\System32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1356 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4178]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2512]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2524]
[C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4176]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1784 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\QQ2007\Tencent\qdshm.dll] [, 1, 0, 101, 20]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Eset\nodshex.dll] [N/A, ]
[C:\Program Files\Imagine\Imagine.DLL] [nyam's Laboratory, 0.9.7.0]
[C:\Program Files\Imagine\Plugin\J2K.DLL] [N/A, ]
[C:\Program Files\Imagine\Plugin\JBIG.DLL] [N/A, ]
[C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1968 / Administrator][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 1984 / Administrator][C:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 4, 0, 3, 1003]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 0, 3, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 0, 0, 1002]
[C:\Program Files\360safe\live.dll] [360safe.com, 1, 0, 1, 1022]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1992 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 208 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 1]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[PID: 260 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1876 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1888 / Administrator][D:\QQ2007\Tencent\QQ.exe] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQBaseClassInDll.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQHelperDll.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\BasicCtrlDll.dll] [TENCENT, 7,1,638,1773]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[D:\QQ2007\Tencent\MSIMG32.dll] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\QQ2007\Tencent\FinePlus.dll] [N/A, ]
[D:\QQ2007\Tencent\fphelper.dll] [N/A, ]
[D:\QQ2007\Tencent\QQAPI.dll] [TENCENT, 7,1,638,1773]
[D:\Program Files\QQ2007\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[D:\QQ2007\Tencent\LoginCtrl.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\LoginCtrlRes.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQRes.dll] [TENCENT, 7,0,431,1723]
[D:\QQ2007\Tencent\QQMainFrame.dll] [N/A, ]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\shdocvw.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[D:\QQ2007\Tencent\UnReadMsgMgr.dll] [N/A, ]
[D:\QQ2007\Tencent\QQPlugin.dll] [N/A, ]
[D:\QQ2007\Tencent\CQQApplication.dll] [N/A, ]
[D:\QQ2007\Tencent\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\QQ2007\Tencent\NewSkin.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\decode.dll] [N/A, ]
[D:\QQ2007\Tencent\aqing.dll] [Microsoft Corporation, 5.6.0.8825]
[D:\QQ2007\Tencent\MailSummary.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQSpace.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\vbscript.dll] [Microsoft Corporation, 5.6.0.8825]
[D:\QQ2007\Tencent\QQAllInOne.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\QQ2007\Tencent\CameraDll.dll] [TENCENT, 7,1,638,1773]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\QQ2007\Tencent\QQKnowledgeSearch.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\OEMApplication.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQGroupMng.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQAvatar.dll] [N/A, ]
[D:\QQ2007\Tencent\QQPet.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQSysMsgMng.dll] [N/A, ]
[D:\QQ2007\Tencent\UserDefinedHead.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQConfigPlugin.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQCustomFace.dll] [N/A, ]
[D:\QQ2007\Tencent\QRingMng.dll] [N/A, ]
[D:\QQ2007\Tencent\LongConnection.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\PhoneAPI.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\QQ2007\Tencent\BQQApplication.dll] [N/A, ]
[D:\QQ2007\Tencent\PersonalDesktop.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\CommercesMng.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[D:\QQ2007\Tencent\QQLiveQMng.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\ImageOle.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQSceneMng.dll] [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\SogouInput\ZipLib.dll] [N/A, ]
[D:\QQ2007\Tencent\GroupConnection.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\QQMagicFace.dll] [TENCENT, 7,1,638,1773]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[D:\QQ2007\Tencent\QQFileTransfer.dll] [TENCENT, 7,1,638,1773]
[D:\QQ2007\Tencent\VqqModule.dll] [TENCENT, 7,0,431,1723]
[D:\QQ2007\Tencent\VqqAllInOne.dll] [Tencent, 1, 6, 0, 4]
[D:\QQ2007\Tencent\InPlus.dll] [Tencent, 1, 6, 0, 4]
[D:\QQ2007\Tencent\tencent-proto1.dll] [tencent, 1, 6, 0, 4]
[D:\QQ2007\Tencent\tencent-comlib.dll] [tencent, 1, 6, 0, 4]
[D:\QQ2007\Tencent\tencent-proto2.dll] [tencent, 1, 6, 0, 4]
[PID: 2720 / Administrator][D:\Program Files\QQ2007\TIMPlatform.exe] [TENCENT, 7,0,431,1723]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[D:\Program Files\QQ2007\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 1860 / Administrator][D:\QQ2007\Tencent\qqpet\QQPenguin\QQPenguin.exe] [腾讯公司, 2, 64, 101, 8]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[D:\QQ2007\Tencent\qqpet\QQPenguin\Pnet.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPenguin\Prm.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\QQ2007\Tencent\qqpet\QQPenguin\TerSafe.dll] [tencent, 1, 0, 11, 6]
[D:\QQ2007\Tencent\qqpet\QQPenguin\QQPetResDownloadPet.dll] [, 6, 1, 101, 1]
[D:\QQ2007\Tencent\qqpet\QQPenguin\QQPetCommunity.dll] [, 6, 5, 101, 1]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\WINDOWS\system32\shdocvw.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.6.0.8834]
[PID: 3120 / Administrator][D:\QQ2007\Tencent\qqpet\QQPig\QQPig.exe] [深圳市腾讯计算机系统有限公司, 1, 5, 0, 6]
[D:\QQ2007\Tencent\qqpet\QQPig\factory.dll] [N/A, ]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\QQ2007\Tencent\qqpet\QQPig\MainLogic.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPig\PEL.dll] [, 1, 0, 0, 1]
[D:\QQ2007\Tencent\qqpet\QQPig\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\QQ2007\Tencent\qqpet\QQPig\RSM.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPig\SCM.dll] [, 1, 0, 0, 1]
[D:\QQ2007\Tencent\qqpet\QQPig\TerSafe.dll] [tencent, 1, 0, 11, 6]
[D:\QQ2007\Tencent\qqpet\QQPig\SceneManager.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPig\Community.dll] [N/A, ]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[D:\QQ2007\Tencent\qqpet\QQPig\tenfact.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPig\tenpet1.dll] [N/A, ]
[D:\QQ2007\Tencent\qqpet\QQPig\BaseComponent.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\shdocvw.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.6.0.8834]
[PID: 2944 / Administrator][F:\视频\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[F:\视频\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 988, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1356, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1968, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1984, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1984, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================****.
感谢大家
[ 本帖最后由 only小熠 于 2008-2-25 16:16 编辑 ] |
|
发表于 2008-2-24 20:31
| 
发表于 2008-2-24 20:57
| 
发表于 2008-2-24 21:04
| 
发表于 2008-2-24 21:04
| 
