vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#11
等一下,我再扫描一份日志帖上去!
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2009-5-5 14:49 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#12
[CODE]
2009-05-05,14:49:26
System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com)[/url]
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<QQ2009><"D:\Program Files\Tencent\QQ2009\Bin\QQ.exe" /background> [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<百度安全中心><"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe" /StartApp /baidusafecenter /Autorun> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
<wdcertm_ccb><C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe> [ Beijing WatchData System Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon><; ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
[风影网络电视]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\风影网络电视.lnk --> C:\PROGRA~1\fengfilm\fengfilm.exe [风影网络电视]><N>
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:00 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#13
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MPSVC Service / MPSVCService][Running/Auto Start]
<C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start]
<C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe><Beijing WatchData System Co., Ltd.>
==================================
驱动程序
[AFD / AFD][Running/System Start]
<\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BdGuard / BdGuard][Running/Boot Start]
<\SystemRoot\system32\drivers\BDGuard.SYS><>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[mp110001 / mp110001][Running/Auto Start]
<system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
<system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
<system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
<system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
<system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
<system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
<system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
<system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
<system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Kingsoft Trojan Webshield]
{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\baidu\safecenter\iebuddy.dll, (Signed) Kingsoft Corporation>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeCenterEyeOnIE Class]
{D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} <C:\Program Files\baidu\safecenter\safecenterstatus.dll, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\baidu\safecenter\iebuddyext.dll, (Signed) Kingsoft Corporation>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[JWEditor Pro for HMC-GSW]
{674161FD-469E-4DB6-93DC-41250B73B4B3} <C:\WINDOWS\DOWNLO~1\JWEDIT~1.OCX, JWSoft>
[AnyInstaller Control]
{6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\baidu\safecenter\iebuddyext.dll, (Signed) Kingsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Kingsoft Trojan Webshield]
{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\baidu\safecenter\iebuddy.dll, (Signed) Kingsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[JWEditor Pro for HMC-GSW]
{674161FD-469E-4DB6-93DC-41250B73B4B3} <C:\WINDOWS\DOWNLO~1\JWEDIT~1.OCX, JWSoft>
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AnyInstaller Control]
{6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:00 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#14
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[WDCCBCtrl Class]
{CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\WINDOWS\system32\wdccb.dll, (Signed) >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[SafeCenterEyeOnIE Class]
{D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} <C:\Program Files\baidu\safecenter\safecenterstatus.dll, (Signed) Kingsoft Corporation>
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 472 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 1128 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1328 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1472 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1528 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1684 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\FreeLaunchBar\flb.dll] [TrueSoft, 1.0.0.0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1976 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1240 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1928 / SYSTEM][C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll] [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2]
[C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL] [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20]
[C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll] [Watchdata, 1, 0, 0, 39]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3920 / Administrator][D:\Program Files\Tencent\QQ2009\Bin\QQ.exe] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\Common.dll] [Tencent, 1, 24, 562, 0]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:01 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#15
[D:\Program Files\Tencent\QQ2009\Bin\KernelUtil.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\GF.dll] [Tencent, 1, 24, 562, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[D:\Program Files\Tencent\QQ2009\Bin\AppUtil.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\MainFrame.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\TaskTray.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\TXPFProxy.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2009\Bin\AppMisc.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\ChatFrame.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\ConfigCenter.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\CustomFace.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\IM.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\KernelMisc.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\LongCnn.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\ContactInfoFrame.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\MsgMgr.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\SkinMgr.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\QInterLive.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\AppCtrl.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\SystemMsg.dll] [Tencent, 1, 24, 562, 0]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.0.1.21]
[D:\Program Files\Tencent\QQ2009\Bin\BasicCtrlDll.dll] [TENCENT, 8,0,773,1801]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll] [Tencent, 1.0.0.1]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Soso\Bin\Soso.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Weather\Bin\Weather.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.taotao\Bin\Taotao.dll] [Tencent, 1, 24, 562, 0]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.NetBar\Bin\NetBar.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qbar\Bin\QBar.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqchat\Bin\QQChat.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 1, 24, 562, 0]
[D:\Program Files\Tencent\QQ2009\Bin\vqqsdl.dll] [Tencent Technology (Shenzhen) Company Limited, 5, 0, 3, 21]
[D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.gamelife\Bin\GameLife.dll] [Tencent, 1, 24, 562, 0]
[C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll] [ Microsoft Corporation, 1.0.30401.0]
[PID: 3052 / Administrator][D:\Program Files\Tencent\QQ2009\Bin\TXPlatform.exe] [Tencent, 1, 24, 562, 0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[D:\Program Files\Tencent\QQ2009\Bin\TXPFProxy.dll] [N/A, ]
[PID: 2396 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2504 / SYSTEM][C:\WINDOWS\system32\Systen.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3560 / SYSTEM][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\PROGRA~1\baidu\bar\baidubar.dll] [Baidu.com, Inc., 2, 0, 2, 183]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\Gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\baidu\safecenter\iebuddy.dll] [Kingsoft Corporation, 2008,05,15,156]
[C:\Program Files\baidu\safecenter\iebuddyext.dll] [Kingsoft Corporation, 2007,09,29,200]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\baidu\safecenter\safecenterstatus.dll] [Kingsoft Corporation, 2008,07,02,143]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[PID: 2752 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 2728 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\SREcec25149.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:04 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#16
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F4A6B93-CD06-4F45-95CA-9436DF6868E7}] SEQPACKET 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F4A6B93-CD06-4F45-95CA-9436DF6868E7}] DATAGRAM 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 858656.com
127.0.0.1 my123.com
127.0.0.1 8749.com
127.0.0.1 4199.com
127.0.0.1 7379.com
127.0.0.1 7255.com
127.0.0.1 3448.com
127.0.0.1 7939.com
127.0.0.1 8009.com
127.0.0.1 piaoxue.com
127.0.0.1 kzdh.com
127.0.0.1 about.blank.la
127.0.0.1 6781.com
127.0.0.1 7322.com
127.0.0.1 9991.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1928, C:\WINDOWS\SYSTEM32\WATCHDATA\WATCHDATA CCB CSP V3.2\WDKEYMONITORCCB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3000, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2752, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.671\SRENGLDR.EXE]
==================================
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:04 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#17
计划任务
[已启用] At102.job
cmd
[已启用] At101.job
cmd
[已启用] At100.job
cmd
[已启用] At10.job
cmd
[已启用] At1.job
cmd
[已启用] At107.job
cmd
[已启用] At106.job
cmd
[已启用] At105.job
cmd
[已启用] At104.job
cmd
[已启用] At103.job
cmd
[已启用] At111.job
cmd
[已启用] At110.job
cmd
[已启用] At11.job
cmd
[已启用] At109.job
cmd
[已启用] At108.job
cmd
[已启用] At116.job
cmd
[已启用] At115.job
cmd
[已启用] At114.job
cmd
[已启用] At113.job
cmd
[已启用] At112.job
cmd
[已启用] At120.job
cmd
[已启用] At12.job
cmd
[已启用] At119.job
cmd
[已启用] At118.job
cmd
[已启用] At117.job
cmd
[已启用] At125.job
cmd
[已启用] At124.job
cmd
[已启用] At123.job
cmd
[已启用] At122.job
cmd
[已启用] At121.job
cmd
[已启用] At13.job
cmd
[已启用] At129.job
cmd
[已启用] At128.job
cmd
[已启用] At127.job
cmd
[已启用] At126.job
cmd
[已启用] At134.job
cmd
[已启用] At133.job
cmd
[已启用] At132.job
cmd
[已启用] At131.job
cmd
[已启用] At130.job
cmd
[已启用] At139.job
cmd
[已启用] At138.job
cmd
[已启用] At137.job
cmd
[已启用] At136.job
cmd
[已启用] At135.job
cmd
[已启用] At143.job
cmd
[已启用] At142.job
cmd
[已启用] At141.job
cmd
[已启用] At140.job
cmd
[已启用] At14.job
cmd
[已启用] At148.job
cmd
[已启用] At147.job
cmd
[已启用] At146.job
cmd
[已启用] At145.job
cmd
[已启用] At144.job
cmd
[已启用] At152.job
cmd
[已启用] At151.job
cmd
[已启用] At150.job
cmd
[已启用] At15.job
cmd
[已启用] At149.job
cmd
[已启用] At157.job
cmd
[已启用] At156.job
cmd
[已启用] At155.job
cmd
[已启用] At154.job
cmd
[已启用] At153.job
cmd
[已启用] At161.job
cmd
[已启用] At160.job
cmd
[已启用] At16.job
cmd
[已启用] At159.job
cmd
[已启用] At158.job
cmd
[已启用] At166.job
cmd
[已启用] At165.job
cmd
[已启用] At164.job
cmd
[已启用] At163.job
cmd
[已启用] At162.job
cmd
[已启用] At170.job
cmd
[已启用] At17.job
cmd
[已启用] At169.job
cmd
[已启用] At168.job
cmd
[已启用] At167.job
cmd
[已启用] At175.job
cmd
[已启用] At174.job
cmd
[已启用] At173.job
cmd
[已启用] At172.job
cmd
[已启用] At171.job
cmd
[已启用] At18.job
cmd
[已启用] At179.job
cmd
[已启用] At178.job
cmd
[已启用] At177.job
cmd
[已启用] At176.job
cmd
[已启用] At184.job
cmd
[已启用] At183.job
cmd
[已启用] At182.job
cmd
[已启用] At181.job
cmd
[已启用] At180.job
cmd
[已启用] At189.job
cmd
[已启用] At188.job
cmd
[已启用] At187.job
cmd
[已启用] At186.job
cmd
[已启用] At185.job
cmd
[已启用] At193.job
cmd
[已启用] At192.job
cmd
[已启用] At191.job
cmd
[已启用] At190.job
cmd
[已启用] At19.job
cmd
[已启用] At198.job
cmd
[已启用] At197.job
cmd
[已启用] At196.job
cmd
[已启用] At195.job
cmd
[已启用] At194.job
cmd
[已启用] At201.job
cmd
[已启用] At200.job
cmd
[已启用] At20.job
cmd
[已启用] At2.job
cmd
[已启用] At199.job
cmd
[已启用] At206.job
cmd
[已启用] At205.job
cmd
[已启用] At204.job
cmd
[已启用] At203.job
cmd
[已启用] At202.job
cmd
[已启用] At210.job
cmd
[已启用] At21.job
cmd
[已启用] At209.job
cmd
[已启用] At208.job
cmd
[已启用] At207.job
cmd
[已启用] At215.job
cmd
[已启用] At214.job
cmd
[已启用] At213.job
cmd
[已启用] At212.job
cmd
[已启用] At211.job
cmd
[已启用] At22.job
cmd
[已启用] At219.job
cmd
[已启用] At218.job
cmd
[已启用] At217.job
cmd
[已启用] At216.job
cmd
[已启用] At224.job
cmd
[已启用] At223.job
cmd
[已启用] At222.job
cmd
[已启用] At221.job
cmd
[已启用] At220.job
cmd
[已启用] At229.job
cmd
[已启用] At228.job
cmd
[已启用] At227.job
cmd
[已启用] At226.job
cmd
[已启用] At225.job
cmd
[已启用] At233.job
cmd
[已启用] At232.job
cmd
[已启用] At231.job
cmd
[已启用] At230.job
cmd
[已启用] At23.job
cmd
[已启用] At24.job
cmd
[已启用] At237.job
cmd
[已启用] At236.job
cmd
[已启用] At235.job
cmd
[已启用] At234.job
cmd
[已启用] At29.job
cmd
[已启用] At28.job
cmd
[已启用] At27.job
cmd
[已启用] At26.job
cmd
[已启用] At25.job
cmd
[已启用] At33.job
cmd
[已启用] At32.job
cmd
[已启用] At31.job
cmd
[已启用] At30.job
cmd
[已启用] At3.job
cmd
[已启用] At38.job
cmd
[已启用] At37.job
cmd
[已启用] At36.job
cmd
[已启用] At35.job
cmd
[已启用] At34.job
cmd
[已启用] At42.job
cmd
[已启用] At41.job
cmd
[已启用] At40.job
cmd
[已启用] At4.job
cmd
[已启用] At39.job
cmd
[已启用] At47.job
cmd
[已启用] At46.job
cmd
[已启用] At45.job
cmd
[已启用] At44.job
cmd
[已启用] At43.job
cmd
[已启用] At51.job
cmd
[已启用] At50.job
cmd
[已启用] At5.job
cmd
[已启用] At49.job
cmd
[已启用] At48.job
cmd
[已启用] At56.job
cmd
[已启用] At55.job
cmd
[已启用] At54.job
cmd
[已启用] At53.job
cmd
[已启用] At52.job
cmd
[已启用] At60.job
cmd
[已启用] At6.job
cmd
[已启用] At59.job
cmd
[已启用] At58.job
cmd
[已启用] At57.job
cmd
[已启用] At65.job
cmd
[已启用] At64.job
cmd
[已启用] At63.job
cmd
[已启用] At62.job
cmd
[已启用] At61.job
cmd
[已启用] At7.job
cmd
[已启用] At69.job
cmd
[已启用] At68.job
cmd
[已启用] At67.job
cmd
[已启用] At66.job
cmd
[已启用] At74.job
cmd
[已启用] At73.job
cmd
[已启用] At72.job
cmd
[已启用] At71.job
cmd
[已启用] At70.job
cmd
[已启用] At79.job
cmd
[已启用] At78.job
cmd
[已启用] At77.job
cmd
[已启用] At76.job
cmd
[已启用] At75.job
cmd
[已启用] At83.job
cmd
[已启用] At82.job
cmd
[已启用] At81.job
cmd
[已启用] At80.job
cmd
[已启用] At8.job
cmd
[已启用] At88.job
cmd
[已启用] At87.job
cmd
[已启用] At86.job
cmd
[已启用] At85.job
cmd
[已启用] At84.job
cmd
[已启用] At92.job
cmd
[已启用] At91.job
cmd
[已启用] At90.job
cmd
[已启用] At9.job
cmd
[已启用] At89.job
cmd
[已启用] At97.job
cmd
[已启用] At96.job
cmd
[已启用] At95.job
cmd
[已启用] At94.job
cmd
[已启用] At93.job
cmd
[已启用] At99.job
cmd
[已启用] At98.job
cmd
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:04 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#18
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x849F695D)
==================================
隐藏进程
N/A
==================================
[/CODE]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:05 |
|
jaber
版主
使用与技巧区版主
积分 2861
发帖 2835
注册 2006-6-6
|
#19
怎么微点没有启动起来?
卸载微点,然后重启到安全模式,用清理助手或者其他工具清理流氓软件,在C:\WINDOWS\Tasks删除里面的计划任务,安装微点,重启。然后再看看!
| |
※ ※ ※ 本文纯属【jaber】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
XP2(原版未打补丁)
单独微点预升级
|
|
|
|
2009-5-5 15:12 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#20
病毒自动结束的微点~我也没办法·如果你重新启动机器就可以。
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 15:16 |
|
|
