- 听众
- 收听
- 积分
- 6085
- 主题
- 回帖
- 0
- 精华
注册时间2006-2-17
最后登录1970-1-1
该用户从未签到
|
- 2008-02-23,09:27:51
- System Repair Engineer 2.5.16.900
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- <FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe> [(Verified)Adobe Systems Incorporated]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <AntiARPStandalone><C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe> []
- <switch><c:\windows\system32\壁纸自动换.exe> []
- <YuanZhiStudent><C:\Program Files\YuanZhi\Multimedia Education Network\Student.exe RunServices> [N/A]
- <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
- <360Safetray><D:\D盘内容(软件)\⑤杀毒软件\360安全卫士\safemon\360tray.exe /start> [奇虎网]
- <360Antiarp><d:\d盘内容(软件)\⑤杀毒软件\360安全卫士\antiarp\AntiArp.exe /start> [奇虎网]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
- <wiasoisao><wiasoisao.exe> []
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> []
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{696ccf2b-badc-48ed-b6a6-4c74639663ba}><C:\WINDOWS\system32\CBBCBB1030.dll> []
- <{4f79092a-66ba-4317-b2c7-f839909661f0}><C:\WINDOWS\system32\KABKAB1032.dll> []
- <{9eb02d98-1c8f-45f5-93af-f66fa9174db0}><C:\WINDOWS\system32\BAABAA1028.dll> []
- <{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys> []
- <{cd51bd9c-6264-4df0-96bf-8603019818e5}><C:\WINDOWS\system32\HACHAC1035.dll> []
- <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll> []
- <{5aca2e15-0790-4170-812a-890df2fb6144}><C:\WINDOWS\system32\QABQAB1013.dll> []
- <{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
- <WinlogonNotify: DfLogon><LogonDll.dll> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
- <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
- <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [DF5Serv / DF5Serv][Running/Auto Start]
- <C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe><Faronics Corporation>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
- ==================================
- 驱动程序
- [360AntiArp / 360AntiArp][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><奇虎网>
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
- <system32\drivers\ac97intc.sys><Intel Corporation>
- [AliIde / AliIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
- [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
- <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
- [AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
- <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
- [CmdIde / CmdIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
- [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
- <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
- [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
- <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
- [npkcrypt / npkcrypt][Stopped/Auto Start]
- <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
- [nv / nv][Stopped/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
- <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
- [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
- <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
- [S3SavageNB / S3SavageNB][Running/Manual Start]
- <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [VIA AGP Filter / viaagp1][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
- [ViaIde / ViaIde][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
- [Vinyl AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
- <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
- [xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
- <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
- [fpids32 / fpids32][Running/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\msosfpids32.sys><N/A>
- [msertk / msertk][Running/Auto Start]
- <system32\drivers\msyecp.sys><N/A>
- [pop / pop][Running/Manual Start]
- <\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
- ==================================
- 浏览器加载项
- [ThunderAtOnce Class]
- {01443AEC-0FD1-40fd-9C87-E93D1494C233} <c:\program files\thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
- []
- {6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys, N/A>
- [Thunder Browser Helper]
- {B69F34DC-F0F9-42DC-9EDD-957187DA688D} <c:\program files\thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
- [SafeMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\D盘内~1\⑤杀毒~1\360安~1\safemon\safemon.dll, 奇虎网>
- [ThunderAtOnce Class]
- {01443AEC-0FD1-40FD-9C87-E93D1494C233} <c:\program files\thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
- [Thunder Agent Class]
- {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <c:\program files\thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
- []
- {6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys, N/A>
- [360SafeLive]
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\D盘内容(软件)\⑤杀毒软件\360安全卫士\live.dll, 360safe.com>
- [Microsoft Web 浏览器]
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [Thunder Browser Helper]
- {B69F34DC-F0F9-42DC-9EDD-957187DA688D} <c:\program files\thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
- [SafeMon Class]
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\D盘内~1\⑤杀毒~1\360安~1\safemon\safemon.dll, 奇虎网>
- [RDS.DataSpace]
- {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [使用迅雷下载]
- <c:\program files\thunder\Program\geturl.htm, N/A>
- [使用迅雷下载全部链接]
- <c:\program files\thunder\Program\getallurl.htm, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ表情]
- <d:\Program Files\QQ2007\AddEmotion.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 1644 / Administrator][C:\WINDOWS\Explorer.EXE] [N/A, ]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [PID: 1796 / Administrator][C:\WINDOWS\system32\dllcache\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
- [C:\WINDOWS\system32\dllcache\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
- [C:\WINDOWS\system32\dllcache\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
- [C:\WINDOWS\system32\dllcache\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
- [C:\WINDOWS\system32\dllcache\ntshrui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\ATL.DLL] [Microsoft Corporation, 3.05.2284]
- [C:\WINDOWS\system32\dllcache\msi.dll] [Microsoft Corporation, 3.1.4000.4039]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\dllcache\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\dllcache\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
- [C:\WINDOWS\system32\dllcache\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [C:\WINDOWS\system32\CBBCBB1030.dll] [N/A, ]
- [C:\WINDOWS\system32\KABKAB1032.dll] [N/A, ]
- [C:\WINDOWS\system32\BAABAA1028.dll] [N/A, ]
- [C:\WINDOWS\system32\HACHAC1035.dll] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\QABQAB1013.dll] [N/A, ]
- [C:\WINDOWS\system32\dllcache\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\rasman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\TAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\sensapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
- [C:\WINDOWS\system32\dllcache\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
- [C:\WINDOWS\system32\dllcache\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\dllcache\browselc.dll] [Microsoft Corporation, 6.00.2600.0000]
- [C:\WINDOWS\system32\dllcache\DUSER.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1880 / Administrator][C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe] [N/A, ]
- [C:\Program Files\AntiARP Stand-alone Edition\xantiarp.dll] [N/A, ]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [PID: 1900 / Administrator][C:\Program Files\YuanZhi\Multimedia Education Network\Student.exe] [TopDomain Technologies Co., LTD., 1.00.1.282]
- [C:\Program Files\YuanZhi\Multimedia Education Network\TDMaster.dll] [TopDomain Technologies Co., LTD., 1.00.1.282]
- [C:\Program Files\YuanZhi\Multimedia Education Network\Language\0804\StudentRes.dll] [TopDomain Technologies Co., LTD., 1.00.1.282]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [PID: 1916 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [PID: 1944 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [PID: 1592 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
- [C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll] [RealNetworks, Inc., 1.0.1.2254]
- [C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
- [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
- [C:\WINDOWS\system32\CBBCBB1030.dll] [N/A, ]
- [C:\WINDOWS\system32\KABKAB1032.dll] [N/A, ]
- [C:\WINDOWS\system32\BAABAA1028.dll] [N/A, ]
- [C:\WINDOWS\system32\HACHAC1035.dll] [N/A, ]
- [C:\WINDOWS\system32\QABQAB1013.dll] [N/A, ]
- [C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 20]
- [PID: 1608 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [PID: 2276 / Administrator][d:\d盘内容(软件)\⑤杀毒软件\360安全卫士\antiarp\AntiArp.exe] [奇虎网, 1, 0, 1, 1003]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [PID: 2552 / Administrator][c:\program files\thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 2, 300]
- [c:\program files\thunder\Program\ThunderEx.dll] [, 1, 1, 2, 6]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [c:\program files\thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 21]
- [c:\program files\thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85]
- [c:\program files\thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
- [c:\program files\thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85]
- [c:\program files\thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
- [c:\program files\thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2]
- [c:\program files\thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 0, 3]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [c:\program files\thunder\Program\iTargetAD.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [c:\program files\thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 7, 29]
- [c:\program files\thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1.0.0.10]
- [c:\program files\thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
- [c:\program files\thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
- [c:\program files\thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 8]
- [c:\program files\thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
- [c:\program files\thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 20]
- [c:\program files\thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
- [c:\program files\thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.0.4]
- [C:\WINDOWS\system32\CBBCBB1030.dll] [N/A, ]
- [C:\WINDOWS\system32\KABKAB1032.dll] [N/A, ]
- [C:\WINDOWS\system32\BAABAA1028.dll] [N/A, ]
- [C:\WINDOWS\system32\HACHAC1035.dll] [N/A, ]
- [C:\WINDOWS\system32\QABQAB1013.dll] [N/A, ]
- [PID: 1700 / Administrator][c:\documents and settings\administrator\桌面\srengps.exe] [Smallfrogs Studio, 2.5.16.900]
- [C:\WINDOWS\system32\ygoviotzyzj.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\WINDOWS\system32\fktyhotwow.dll] [Microsoft Corporation, 5.1.2600.3099]
- [C:\Program Files\Internet Explorer\PLUGINS\WinSys8k.Sys] [N/A, ]
- [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
- [C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
- [C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
- [C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
- [C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
- [C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
- [C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
- [C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
- [C:\WINDOWS\kiefncol.dll] [N/A, ]
- [C:\WINDOWS\kfnrthoh.dll] [N/A, ]
- [C:\WINDOWS\Fonts\gjcsdyc.dll] [N/A, ]
- [c:\documents and settings\administrator\桌面\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- ==================================
- 文件关联
- .TXT Error. [C:\WINDOWS\notepad.exe %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- 127.0.0.1 picon.chinaren.com
- 127.0.0.1 a.topxxxx.cn
- 127.0.0.1 588.star-google.com
- 127.0.0.1 mm.tt1890.com
- 127.0.0.1 ppp.buyaoni.com
- 127.0.0.1 ppp.749571.com
- 127.0.0.1 dd.749571.com
- 127.0.0.1 niu.xinniankl.com
- 127.0.0.1 xxx.haoqq1680.com
- 127.0.0.1 exe.xinniankl.com
- 127.0.0.1 the.microgood.net
- 127.0.0.1 iii.wzxyq.com
- 127.0.0.1 mm.sqmnoopt.com
- 127.0.0.1 ppp.buyaoni.com
- 127.0.0.1 keeppure.cn
- 127.0.0.1 aaa.1l1l1l.com
- 127.0.0.1 www.cfjs119.cn
- 127.0.0.1 cool.e0shop.cn
- 127.0.0.1 yun.yun878.com
- 127.0.0.1 web.47255.com
- 127.0.0.1 www.cike007.cn
- 127.0.0.1 www.exiao01.com
- 127.0.0.1 qqq.dzydhx.com
- 127.0.0.1 qqq.hao1658.com
- 127.0.0.1 www.333292.com
- 127.0.0.1 down.18dd.net
- 127.0.0.1 xxx.m111.biz
- 127.0.0.1 1.jopenqc.com
- 127.0.0.1 xxx.j41m.com
- 127.0.0.1 3.joppnqq.com
- 127.0.0.1 d.93se.com
- 127.0.0.1 1.jopenkk.com
- 127.0.0.1 xxx.vh7.biz
- 127.0.0.1 new.749571.com
- 127.0.0.1 xtx.kv8.info
- 127.0.0.1 cao.kv8.info
- 127.0.0.1 1.jopmmqq.com
- 127.0.0.1 yu.8s7.net
- 127.0.0.1 1.jopanqc.com
- 127.0.0.1 2.joppnqq.com
- 127.0.0.1 www.868wg.com
- 127.0.0.1 xxx.mmma.biz
- 127.0.0.1 ilove.com
- 127.0.0.1 www.22aaa.com
- 127.0.0.1 xx.exiao01.com
- 127.0.0.1 www.exiao01.com
- 127.0.0.1 tp.shpzhan.cn
- 127.0.0.1 www.tomwg.com
- 127.0.0.1 wg.47255.com
- 127.0.0.1 1.joppnqq.com
- 127.0.0.1 171817.171817.com
- 127.0.0.1 d2.llsging.com
- 127.0.0.1 llboss.com
- 127.0.0.1 nx.51ylb.cn
- 127.0.0.1 my.531jx.cn
- 127.0.0.1 up.22x44.com
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2276, D:\D盘内容(软件)\⑤杀毒软件\360安全卫士\ANTIARP\ANTIARP.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2552, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
- ==================================
- API HOOK
- 入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\LotusHlp.dll)
- ==================================
- 隐藏进程
- N/A
- ==================================
|
|
IP卡
狗仔卡
发表于 2008-2-23 09:28:48
提升卡
置顶卡
喧嚣卡
变色卡
抢沙发
显身卡
x学校电脑病毒真多呀....