vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#1 紧急求助
中了一病毒,主要症状表现为,把正常文件夹属性更改为系统文件夹属性,可能是创建跟这个文件夹一样名称的可执行程序,图标是普通文件夹一样的图标,写入大量的计划任务,指向IE文件夹(后面的没看到),然后进程里就弹出什么SYSTEN.EXE、FIND.EXE等进程,然后机器变的很慢,请问各位高手,这个是什么病毒?微点、金山、瑞星、卡巴都查不出``紧急!WINXPSP3系统!尽快回复为盼!
看第二页那份SRE日志
[ Last edited by vestige on 2009-5-5 at 15:22 ]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
 |
|
2009-5-5 14:16 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#2
坐沙发等待中!!!
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:19 |
|
jaber
版主
使用与技巧区版主
积分 2861
发帖 2835
注册 2006-6-6
|
#3
扫一份SRE日志 瞧瞧!
| |
※ ※ ※ 本文纯属【jaber】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
XP2(原版未打补丁)
单独微点预升级
|
|
|
|
2009-5-5 14:24 |
|
jaber
版主
使用与技巧区版主
积分 2861
发帖 2835
注册 2006-6-6
|
#4
另外把样本发给微点测试下:virus@micropoint.com.cn 这种程序微点应该处理的!
| |
※ ※ ※ 本文纯属【jaber】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
XP2(原版未打补丁)
单独微点预升级
|
|
|
|
2009-5-5 14:24 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#5
[CODE]
2009-05-05,14:30:15
System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com)[/url]
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [(Verified)Tencent Technology(Shenzhen) Company Limited]
<U盘专杀助手><C:\Program Files\U盘专杀助手\U盘专杀助手.exe> [珑嘉软件]
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon><; ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QQDownload><; "D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [(Verified)Tencent Technology(Shenzhen) Company Limited]
==================================
启动文件夹
N/A
==================================
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:35 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#6
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
<"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
<C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE"><Kingsoft Corporation>
[MPSVC Service / MPSVCService][Running/Auto Start]
<C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
==================================
驱动程序
[AFD / AFD][Running/System Start]
<\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[ahcix86 / ahcix86][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ahci8086.sys><AMD Technologies Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATSpy / ATSpy][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Intel RAID Controller / iaStor5][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastor5.sys><Intel Corporation>
[Intel AHCI Controller 6 / iaStor6][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastor6.sys><Intel Corporation>
[Intel AHCI Controller 7 / iaStor7][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastor7.sys><Intel Corporation>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\iteatapi.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[KAVBase / KAVBase][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KWatch3.sys><Kingsoft Corporation>
[lbrtfdc / lbrtfdc][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[m5228 / m5228][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[mp110001 / mp110001][Running/Auto Start]
<system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
<system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
<system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
<system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
<system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
<system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
<system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
<system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
<system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[nvatabus / nvatabus][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[PCIDump / PCIDump][Stopped/Boot Start]
<2 - 系统找不到指定的文件。
><N/A>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiSRaid / SiSRaid][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\vmscsi.sys><VMware, Inc.>
==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) 腾讯>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:36 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#7
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[AnyInstaller Control]
{6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) 腾讯>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AnyInstaller Control]
{6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[KUpdateObj2 Class]
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\Program Files\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[&使用超级旋风下载]
<D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 472 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:36 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#8
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1268 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1484 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1584 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1668 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\Program Files\FreeLaunchBar\flb.dll] [TrueSoft, 1.0.0.0]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\ktaskbar.dll] [Kingsoft Corporation, 2009,01,13,731]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVEXT.DLL] [Kingsoft Corporation, 2008,07,09,459]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 168 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1396 / Administrator][C:\Program Files\U盘专杀助手\U盘专杀助手.exe] [珑嘉软件, 6.00]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\U盘专杀助手\olepro32.dll] [Microsoft Corporation, 5.1.2600.2180]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\Program Files\U盘专杀助手\MyTubrTray.ocx] [http://www.tubr.com, 1.00.0003]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[PID: 1288 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:36 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#9
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 2208 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\MSWSOCK.DLL] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 2948 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 2, 86, 86]
[C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\TENCENT\SSPlus\SAddr1.dll] [腾讯, 5, 1, 4, 11]
[C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL] [Kingsoft Corporation, 2009,04,13,824]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddy.dll] [Kingsoft Corporation, 2008,12,12,694]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,12,12,694]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KANTray.dll] [Kingsoft Corporation, 2008,06,26,421]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVAFish.DLL] [Kingsoft Corporation, 2008,06,26,421]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kisfree.dll] [Kingsoft Corporation, 2009,04,13,824]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.5.0.0]
[C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.5.0.0]
[PID: 1608 / Administrator][D:\Program Files\Tencent\QQDownload\QQDownload.exe] [Tencent Technology (Shenzhen) Company Limited, 1, 2, 86, 86]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[D:\Program Files\Tencent\QQDownload\xmain.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 2, 86, 86]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[D:\Program Files\Tencent\QQDownload\xcore.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066]
[PID: 3012 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[PID: 3576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[PID: 3040 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\SREcec25149.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll] [Kingsoft Corporation, 2009,02,13,759]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.3.3.345]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:37 |
|
vestige
新手上路
积分 23
发帖 23
注册 2007-11-20
|
#10
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{10A5BD45-9EFB-45B5-BD9A-25539E2D4A80}] SEQPACKET 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{10A5BD45-9EFB-45B5-BD9A-25539E2D4A80}] DATAGRAM 0
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 858656.com
127.0.0.1 my123.com
127.0.0.1 8749.com
127.0.0.1 4199.com
127.0.0.1 7379.com
127.0.0.1 7255.com
127.0.0.1 3448.com
127.0.0.1 7939.com
127.0.0.1 8009.com
127.0.0.1 piaoxue.com
127.0.0.1 kzdh.com
127.0.0.1 about.blank.la
127.0.0.1 6781.com
127.0.0.1 7322.com
127.0.0.1 9991.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1396, C:\PROGRAM FILES\U盘专杀助手\U盘专杀助手.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3012, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.360\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x849F695D)
==================================
隐藏进程
N/A
==================================
[/CODE]
| |
※ ※ ※ 本文纯属【vestige】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2009-5-5 14:38 |
|
|
