为什莫我的手机开机后很多wpf应用程序是什么变成灰色,无法使用。 并且无法安
点击联系发帖人
时间:2016-08-14 05:57
请完成以下验证码
查看: 29353|回复: 21
PE下点击setup.exe安装原版的XP系统时 按钮是灰色的
本帖最后由 eovlve 于
14:46 编辑
77c6a7efce1b9d166fdeb48f8c546402.jpg (14.63 KB, 下载次数: 42)
11:26 上传
我用的是通用U盘工具箱3.3
在I386下的winnt32.exe可以进入安装界面 不过等到复制完文件又自动退出
直接使用pe里的工具“windows通用安装器”安装试试。
a330391 发表于
直接使用pe里的工具“windows通用安装器”安装试试。
在里面显示UNknown版本
先用虚拟光驱加载
eovlve 发表于
在里面显示UNknown版本
你有没有解压出来或者是使用虚拟光驱加载的。
恋爱的夏娜
估计你用了高于XP版本的PE,把PE界面截图发上来看看吧?
应该是用PE安装XP吧,其实你可以在复制完成后拔出U盘,然后重启,这样可以继续安装下去了
蛾不过如此
格式化C盘 用NT6安装工具安装
蛾不过如此 发表于
格式化C盘 用NT6安装工具安装
a330391 发表于
你有没有解压出来或者是使用虚拟光驱加载的。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.3( 苏ICP备号 ) GMT+8,var sogou_ad_id=731545;
var sogou_ad_height=90;
var sogou_ad_width=980;请完成以下验证码
查看: 6016|回复: 23
开机后CPU长时间100%,很多程序无法正常运行
maxwelldemon
本帖最后由 maxwelldemon 于
12:22 编辑
电脑用了五年了,本来在网络环境中是正常的。4月10日搬家时开始停用了近一个月,然后开始在无法上网的环境下使用了不到一个星期,逐渐开始出问题了。这期间我只看过一些从能上网且装有最新NOD32的电脑上用U盘拷过来的媒体文件,没装任何新程序。
开始只是开机时显示桌面图标前在桌面图片停留的时间稍长了点;打开保存下来的mht网页文件时有异常,要花很长时间,然后出现红叉说找不到文件,然后网页内容又显示出来了。
用了快一个星期后,有一天发现开机后要在桌面图片停留半小时才会出现桌面的快捷方式,然后CPU维持在100%的状态还要持续半小时,打开任务管理器,显示占用CPU的主要是江民杀毒软件的两个进程和explorer.exe。后来每次开机都这样。有时桌面快捷方式较快出现了,但从开机到CPU维持在100%的状态结束总共也要一个小时(除非删掉江民)。如果用安全模式开机,则exploer.exe会使CPU达到100%。而且很多程序都无法正常运行:有的是能运行但不正常,如用ACDSEE看图片这样的小任务,ACDSEE的进程也要使CPU占用率达到100%;有的是无法运行,如用WORD无法正常打开文档,说normal.doc有错误,不少程序运行之后只在任务管理器里看到它的进程占用了绝大部份CPU,却不见窗口,如迅雷、KMplayer;有的能正常运行,如记事本、画图。
初次杀毒:
我用更新到3月底的360安全卫士扫描,没扫出新问题,我试图运行离线升级包升级360,在任务管理器中能看到升级程序的进程,但就是不显示其窗口,所以无法正常升级360,在安全模式也一样。我用病毒库更新到3月底的江民bootscan扫描系统盘,第一次在C:\Documents and Settings\Administrator\Local Settings\Temp文件夹里杀到一个后缀为.bat的病毒,可惜电压不稳重启导致扫描中断。这次重启后貌似恢复正常了,我以为大功告成,于是点了前两天下的两三个视频文件观看,仍无异样。但后来当我试图打开保存的mht网页文件,很久都没反应,再重启,又故态复萌了。再bootscan,却没扫到病毒。登陆XP系统后用江民扫描系统盘,没扫出病毒,我试图进安全模式运行江民扫描,在任务管理器中能看到江民主程序的进程,但就是不显示其窗口,所以无法扫描。不过刚才扫出病毒的temp文件夹里有一个在我最后一次重启进系统时(红字所述)修改过,在重启前我以为正常的那段时间里(蓝字所述)创建的tmp文件。
各种尝试:
后来我又用最新的360顽固木马专杀(即360急救箱)扫描,也没找到问题。我试图升级江民,就买了新授权文件,删了江民,打算再重装。在删除江民的状态下开机,开机后CPU占用率倒是正常的,但很多程序运行不正常的问题依旧。在删除江民的状态下进安全模式,explorer.exe使CPU占用率达到100%。但升级江民没成功,授权文件无法通过验证,以致装不了离线包。我装NOD32,只见任务管理器中有进程,不见窗口;装金山毒霸,装到2%停住了;装瑞星,装到60%左右复制某个东西时停住不动了。
最新发现:
我把在单位正常的电脑用授权离线装江民时system32文件夹下生成的两个文件拷进U盘,再拷进我家中毒的电脑的system32文件夹下,果然能用授权安装江民了。但是安装后再安装离线升级包还是无效。安装升级包时在屏幕中看到的过程与在正常电脑安装升级包一样,它也在右下角显示说安装已完成。但重启后bootscan显示的病毒库日期还是没变。
根据以上情况,我估计很可能是病毒限制了我的C盘里某些关键目录(而且很可能是某些临时文件夹)的读写权限。我装NOD32,只见任务管理器中有进程,不见窗口;装360离线升级包,跟NOD32一样;装金山毒霸,装到2%停住了;装瑞星,装到60%左右复制某个东西时停住不动了;打开mht网页文件,说没找到文件;打开word文档,说normal.doc有错误......以上很可能都是这个原因导致的。当然我水平不够,只是瞎猜。希望有高人能给我一点提示。
求高人救我。万分感谢!
附SREng扫描日志:
System Repair Engineer 2.8.4.1331
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
& & &aliim&&; D:\AliWangWang\aliim.exe&&&[(Verified)TaoBao(china) Software Co., Ltd]
& & &QvodPlayer&&; D:\QvodPlayer\QvodTerminal.exe&&&[(Verified)Shenzhen QVOD Technology Co.,Ltd]
& & &MSMSGS&&; &C:\Program Files\Messenger\msmsgs.exe& /background&&&[(Verified)Microsoft Windows XP Publisher]
& & &FlashGetBHO&&; &D:\FlashGet\mxhelper.exe&&&&[(Verified)Trend Media Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &OODefragTray&&; C:\WINDOWS\system32\oodtray.exe&&&[(Verified)O and O Software GmbH]
& & &Grid Service&&; &C:\Program Files\GridService\peer.exe& -n Grid&&&[FS2YOU]
& & &StartCCC&&&C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe& MSRun&&&[File is missing]
& & &360Safebox&&; &C:\Program Files\360safebox\safeboxTray.exe& /r&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &SKYNET Personal FireWall&&C:\Program Files\SkyNet\FireWall\PFW.exe&&&[广州众达天网技术有限公司]
& & &kmpctrl&&; &&&[N/A]
& & &QQDoctorRTP&&; &D:\Tencent\qq\QQDoctor\QQDoctorRTP.exe& /regrun&&&[(Verified)Tencent Technology(Shenzhen) Company Limited]
& & &ASUS Probe&&; C:\Program Files\ASUS\Asus Probe\AsusProb.exe&&&[]
& & &Adobe Reader Speed Launcher&&; &D:\Adobe\Reader 9.0\Reader\Reader_sl.exe&&&&[(Verified)Adobe Systems, Incorporated]
& & &Adobe ARM&&; &C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe&&&&[(Verified)Adobe Systems, Incorporated]
& & &DiscWizardMonitor.exe&&; C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe&&&[(Verified)Acronis, Inc]
& & &AcronisTimounterMonitor&&; C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe&&&[(Verified)Acronis, Inc]
& & &Seagate Scheduler2 Service&&; &C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe&&&&[(Verified)Acronis, Inc]
& & &KVMON&&&C:\Program Files\JiangMin\Antivirus\KVMonXP.exe&&&&[(Verified)Beijing Jiangmin New Sci.&Tec. Co. Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &Internet Explorer 版本更新&&C:\WINDOWS\system32\ieudinit.exe&&&[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install&&&[(Verified)Microsoft Corporation]
==================================
启动文件夹
==================================
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
&&&C:\WINDOWS\system32\Ati2evxx.exe&&ATI Technologies Inc.&
[ATI Smart / ATI Smart][Stopped/Auto Start]
&&&C:\WINDOWS\system32\ati2sgag.exe&&&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[Hotspot Shield Service / HotspotShieldService][Running/Auto Start]
&&&D:\Hotspot Shield\bin\openvpnas.exe&&N/A&
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
&&&C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe&&N/A&
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe&&&Macrovision Corporation&
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\LightScribe\LSSrvc.exe&&&Hewlett-Packard Company&
[NBService / NBService][Stopped/Manual Start]
&&&C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe&&Nero AG&
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe&&&Nero AG&
[O&O Defrag / O&O Defrag][Running/Auto Start]
&&&C:\WINDOWS\system32\oodag.exe&&O&O Software GmbH&
[PDAgent / PDAgent][Running/Auto Start]
&&&&C:\Program Files\Raxco\PerfectDisk\PDAgent.exe&&&Raxco Software, Inc.&
[PDEngine / PDEngine][Stopped/Manual Start]
&&&&C:\Program Files\Raxco\PerfectDisk\PDEngine.exe&&&Raxco Software, Inc.&
[Rising Personal Firewall Service / RfwService][Stopped/Manual Start]
&&&c:\program files\rising\rfw\rfwsrv.exe&&Beijing Rising Technology Corporation Limited&
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
&&&&C:\Program Files\WinPcap\rpcapd.exe& -d -f &C:\Program Files\WinPcap\rpcapd.ini&&&CACE Technologies&
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
&&&&C:\Program Files\PC Connectivity Solution\ServiceLayer.exe&&&Nokia.&
[Seagate Scheduler2 Service / SgtSch2Svc][Running/Auto Start]
&&&&C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe&&&Seagate&
[Tencent Software Update Service / TSUSVC][Stopped/Manual Start]
&&&&D:\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe& -run&&Tencent&
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&C:\WINDOWS\system32\mspmsnsv.dll&&Microsoft Corporation&
[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
&&&&C:\Program Files\360safe\deepscan\zhudongfangyu.exe&&&&
[KVSrvXP-{8-4D9B-B5C6-6C70E17D761D} / {8-4D9B-B5C6-6C70E17D761D}][Running/Auto Start]
&&&&C:\Program Files\JiangMin\Antivirus\KVSrvXp.exe& /Service&&Jiangmin Co., Ltd.&
==================================
[360netmon / 360netmon][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\360netmon.sys&&&
[360SelfProtection / 360SelfProtection][Stopped/System Start]
&&&system32\drivers\360SelfProtection.sys&&360安全中心&
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
&&&system32\drivers\ADIHdAud.sys&&Analog Devices, Inc.&
[AEAudio Service / AEAudioService][Running/Manual Start]
&&&system32\drivers\AEAudio.sys&&Andrea Electronics Corporation&
[aslm75 / aslm75][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\aslm75.sys&&N/A&
[ati2mtag / ati2mtag][Running/Manual Start]
&&&system32\DRIVERS\ati2mtag.sys&&ATI Technologies Inc.&
[BaseTDI / BaseTDI][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\basetdi.sys&&Rising&
[BsDeamon / BsDeamon][Running/System Start]
&&&\??\C:\Program Files\JiangMin\AntiVirus\BsDeamon.sys&&Jiangmin Co., Ltd.&
[CdaC15BA / CdaC15BA][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS&&Macrovision Europe Ltd&
[dtscsi / dtscsi][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\dtscsi.sys&&DT Soft Ltd.&
[EfiSystemMon / EfiMon][Running/System Start]
&&&System32\Drivers\Efimon.sys&&奇虎网&
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
&&&system32\drivers\HdAudio.sys&&Windows (R) Server 2003 DDK provider&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[HookPort / HookPort][Stopped/Boot Start]
&&&\SystemRoot\\??\C:\WINDOWS\system32\drivers\hookport.sys&&N/A&
[hotcore3 / hotcore3][Running/Boot Start]
&&&\SystemRoot\system32\drivers\hotcore3.sys&&Paragon Software Group&
[iCafe Service / iCafe Service][Stopped/Manual Start]
&&&\??\C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys&&N/A&
[iTouch Keyboard Filter / itchfltr][Running/Manual Start]
&&&system32\DRIVERS\itchfltr.sys&&Logitech, Inc.&
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
&&&\??\C:\Program Files\JiangMin\common\KSysCall.sys&&Jiangmin Co.,&&Ltd.&
[KVFileGuard From Jiangmin / KVFileGuard][Running/System Start]
&&&\??\C:\Program Files\JiangMin\AntiVirus\KVFG.sys&&Jiangmin Co., Ltd.&
[Jiangmin AntiVirus Software - System Guard / KvG293b][Running/Boot Start]
&&&\SystemRoot\system32\Drivers\SysGuard.sys&&Jiangmin Co., Ltd.&
[KvMemon / KvMemon][Stopped/Manual Start]
&&&\??\C:\PROGRA~1\KV2006\KvMemon.sys&&N/A&
[Jiangmin Antivirus Software - KvTrust Server / KvTrustSrv][Running/System Start]
&&&\??\C:\Program Files\JiangMin\common\KvTrustSrv.sys&&Jiangmin Co., Ltd.&
[Logitech PS/2 Mouse Filter Driver / L8042pr2][Running/Manual Start]
&&&system32\DRIVERS\L8042pr2.Sys&&Logitech, Inc.&
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
&&&system32\DRIVERS\LMouFlt2.Sys&&Logitech, Inc.&
[WinpkFilter Service / Ndisrd][Stopped/Manual Start]
&&&system32\DRIVERS\ndisrd.sys&&NT Kernel Resources&
[NdisrdMP / NdisrdMP][Running/Manual Start]
&&&system32\DRIVERS\ndisrd.sys&&NT Kernel Resources&
[Net Manager / Net Manager][Stopped/Manual Start]
&&&\??\C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys&&N/A&
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
&&&system32\drivers\ccdcmb.sys&&Nokia&
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
&&&system32\drivers\ccdcmbo.sys&&Nokia&
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
&&&system32\drivers\npf.sys&&Politecnico di Torino&
[npkcrypt / npkcrypt][Running/Auto Start]
&&&\??\D:\Tencent\qq\npkcrypt.sys&&INCA Internet Co., Ltd.&
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
&&&system32\DRIVERS\pccsmcfd.sys&&Nokia&
[Padus ASPI Shell / pfc][Running/Manual Start]
&&&system32\drivers\pfc.sys&&Padus, Inc.&
[PProtect / PProtect][Stopped/System Start]
&&&\??\C:\PROGRA~1\KV2006\PProtect.sys&&N/A&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmdrv.sys&&&
[qutmipc / qutmipc][Stopped/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmipc.sys&&&
[RsFwDrv / RsFwDrv][Running/Auto Start]
&&&\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys&&Rising&
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[SenFilt Service / SenFiltService][Running/Manual Start]
&&&system32\drivers\Senfilt.sys&&Sensaura&
[SKNFW / SKNFW][Running/System Start]
&&&\??\C:\WINDOWS\system32\Drivers\SKNFW.sys&&N/A&
[SkyProcs / SkyProcs][Running/Manual Start]
&&&\??\C:\Program Files\SkyNet\FireWall\SkyProcs.sys&&N/A&
[Acronis Snapshots Manager / snapman][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\snapman.sys&&Acronis&
[sptd / sptd][Stopped/Boot Start]
&&&\SystemRoot\System32\Drivers\sptd.sys&&Duplex Secure Ltd.&
[TAP VPN Adapter / tapvpn][Running/Manual Start]
&&&system32\DRIVERS\tapvpn.sys&&The OpenVPN Project&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[Acronis Try&Decide and Restore Points filter / tdrpman][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\tdrpman.sys&&Acronis&
[Seagate DiscWizard FS Filter / tifsfilter][Running/Auto Start]
&&&system32\DRIVERS\tifsfilt.sys&&Acronis&
[Seagate DiscWizard Image Backup Archive Explorer / timounter][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\timntr.sys&&Acronis&
[TSKSP / TSKSP][Stopped/Manual Start]
&&&\??\D:\Tencent\qq\QQDoctor\TSKSP.sys&&Tencent&
[upperdev / upperdev][Stopped/Manual Start]
&&&system32\DRIVERS\usbser_lowerflt.sys&&Windows (R) Codename Longhorn DDK provider&
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
&&&system32\DRIVERS\usbser_lowerfltj.sys&&Windows (R) Codename Longhorn DDK provider&
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
&&&system32\DRIVERS\yk51x86.sys&&Marvell&
maxwelldemon
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Link Helper]
&&{18DF081C-E8AD--FA578C2EBDC3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated&
[VagaSearch]
&&{468C8F9D-67F2-48A6-88C1-BB} &C:\WINDOWS\system32\Vagaa.dll, VagaaSearch&
[VnetCookie Class]
&&{4E83D567-B-B1F0-A513B01DB89A} &C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, &
[ed2k Dectector]
&&{-BC44-45f4-ADCE-52EAC919BB79} &, &
[超级兔子上网精灵]
&&{B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[SSVHelper Class]
&&{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[CTSWebSiteMon Class]
&&{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} &D:\Tencent\qq\QQDoctor\TSWebMon.dat, (Signed) Tencent&
[BrowseHelper Class]
&&{80BFF3-BB60-C5DD3D5FB7B9} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[FlashGetBHO]
&&{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &C:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[ICBC Anti-Phishing class]
&&{BBA-4c6b-91C0-BB} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行&
&&{bf00e119-21a3-4fd1-b178-3b} &, &
[RegisterHelper Class]
&&{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} &C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.&
[Java Plug-in 1.6.0_07]
&&{08B0E5C0-4FCB-11CF-AAA5-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &D:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD&
[手机短信]
&&{5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} &/ie/index.htm, N/A&
[运行 稞麦综合视频下载(xmlbar)]
&&{612F6E5C-B314-4bab-93D1-D266AAFBE700} &C:\Program Files\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe, , Inc.&
&&{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} &D:\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL, Nuclear Coffee Software&
[信息检索(&R)]
&&{CC-41C8-B9BE-3C9C571A8263} &D:\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation&
&&{77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} &, &
&&{E0E899AB-F487-11D5-8D29-E3} &, &
[卡卡上网安全助手]
&&{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.&
[超级兔子上网精灵]
&&{4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[CyberArticle Express]
&&{769A6A36-ED24-4376-BC7C-8} &D:\CyberArticle\CAExp.dll, Wizissoft&
[显示稞麦(Xmlbar)工具条]
&&{6B896ADB-4A82-46e2-858C-} &C:\Program Files\Xmlbar\FLV Downloader\IEBar\xbietb.dll, &
[江民杀毒工具栏]
&&{B5A34A93-D538-43A7-48D12} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
[MMCPlayer Class]
&&{05C-48E5-8E26-EEB9} &D:\sohutv_web\MMCShell.dll, N/A&
&&{0-AA00389B71} &, &
[GDGetTokenInfo Class]
&&{3AA9CF07-DF20-48FF-98BE-DED276E40146} &C:\WINDOWS\system32\GDREAD~1.DLL, &
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
[InfoSecNetSign Class]
&&{62B938C4--8CF0-A92B0A91CC77} &C:\WINDOWS\system32\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.&
[Uploader Control]
&&{654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} &C:\WINDOWS\system32\Uploader.ocx, 网易(杭州)网络有限公司&
[SfEdit32 Control]
&&{69A5F9C4-01CB-470B-8161-CE} &C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\system32\InputControl.dll, &
[DLoader Class]
&&{78ABDC59-D8E7-44D3-9A76-9AA} &C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com&
[CertEnroll Class]
&&{7978461C-CC22-48F2-BC69-D} &C:\WINDOWS\Downloaded Program Files\itrusenroll.dll, (Signed) iTruschina Co., Ltd.&
[GDGetVer Class]
&&{7CCE07A5-A590--2E} &C:\WINDOWS\DOWNLO~1\ICBC_G~1.DLL, (Signed) &
[Java Plug-in 1.6.0_07]
&&{8AD9C840-044E-11D1-B3E9-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\system32\SubmitControl.dll, (Signed) &
[photo_uploader Control]
&&{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} &C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, &
[InfoSecICBCNetSign Class]
&&{B1FBC1AD-2A-0F8BA85E7506} &C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.&
[Java Plug-in 1.5.0]
&&{CAFEEFAC-00-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.5.0_06]
&&{CAFEEFAC-06-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.6.0_07]
&&{CAFEEFAC-07-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.6.0_07]
&&{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10o.ocx, (Signed) Adobe Systems, Inc.&
[EditCtrl Class]
&&{E0E9F6EF-871B-42AE-89C9-CD6AF7A2E5D3} &C:\WINDOWS\system32\SecEdit\SecEdit.1.0.2.0.dll, (Signed) &
&&{0-} &, &
[ThunderIEHelper Class]
&&{0005A87D-D626-4B3A-84F9-1D} &C:\WINDOWS\system32\xunleibho_v10.dll, N/A&
&&{00EF-47C0-BD25-CF2D5D657FEB} &, &
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
&&{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} &, &
[MMCPlayer Class]
&&{05C-48E5-8E26-EEB9} &D:\sohutv_web\MMCShell.dll, N/A&
[PhotoDrawEx Class]
&&{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} &D:\Tencent\qq\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\QQPhotoDrawEx.dll, (Signed) Tencent&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated&
[ULiveCtrl Control]
&&{070CA17A-4BD2--32B1B9159B48} &C:\PROGRA~1\sina\SINAWE~1\304~1.0\UCLIVE~1.OCX, 北京新浪信息技术有限公司&
[Web Browser Applet Control]
&&{08B0E5C0-4FCB-11CF-AAA5-} &C:\WINDOWS\system32\msjava.dll, Microsoft Corporation&
[BDA 调节型号 MPEG2 微调请求]
&&{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} &C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation&
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
&&{09EA1F80-F40A-11D1-B792-} &, &
[IE2EMBHO Class]
&&{0A0DDBD3--873F-BBDD26D6C14E} &D:\MtvP2P\modules\IE2EM.dll, N/A&
[PeerDraw Class]
&&{10072CEC-8CC1-11D1-986E-00A0C955B42E} &C:\WINDOWS\system32\dllcache\vgx.dll, (Signed) Microsoft Corporation&
[IFlashGetNetscapeEx Class]
&&{116BA71C--9A1F-C9D} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetHook1.dll, (Signed) Trend Media Group&
[CEnroll Class]
&&{-E730-4E5C-A2B1-A1} &C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation&
&&{1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} &, &
&&{16B280C5-EE70-11D1-FD9189D} &C:\WINDOWS\system32\dxtmsft.dll, (Signed) Microsoft Corporation&
[Windows Genuine Advantage Validation Tool]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation&
&&{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} &, &
[Adobe PDF Link Helper]
&&{18DF081C-E8AD--FA578C2EBDC3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated&
&&{E-4E31-94A4-B} &, &
[WWPicUploadCtrl Class]
&&{1D6-4A42-890D-EE617AA1537D} &D:\AliWangWang\modules\1685\WWPictureUpload.dll, (Signed) Alibaba software (Shanghai) Corporation&
[InstallHelper Class]
&&{1DABF8D5-B7F-A30E53D709B3} &D:\Tencent\qq\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll, (Signed) Tencent&
[iTrusPTA Class]
&&{1E0DFFCF-27FF-007349FEDA} &C:\WINDOWS\system32\aliedit\pta.dll, (Signed) &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation&
&&{--9B18-CD4F} &, &
[Shockwave ActiveX Control]
&&{233C-46A4-5D258} &C:\WINDOWS\system32\Macromed\Director\SwDir.dll, (Signed) Macromedia, Inc.&
&&{24F-4D1C-8CFE-839C296B5530} &, &
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, (Signed) N/A&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[JetCarNetscape Class]
&&{1-4de5-b23c-b875f0a8522f} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetHook1.dll, (Signed) Trend Media Group&
[DHTML Edit Control Safe for Scripting for IE5]
&&{2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation&
[FGCatchUrl]
&&{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &D:\FlashGet\jccatch.dll, N/A&
[RealPlayer RAM Download Handler]
&&{2F542A2E-EDC9-4BF7-8CB1-87C} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
&&{-B461-4BC5-46192CA} &, &
[HtmlDlgSafeHelper Class]
&&{B5-11CF-BB82-00AA00BDCE0B} &C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation&
&&{0-AA00389B71} &, &
[Tabular Data Control]
&&{333C7BC4-460F-11D0-BC04-} &C:\WINDOWS\system32\tdc.ocx, (Signed) Microsoft Corporation&
&&{367E0A21-C9A-153BF5ACA118} &, &
&&{36C-01C7-9C6D-10DACDFEA59C} &, &
&&{377BE-4A2D-CAC86} &, &
[IETag Factory]
&&{-CA0E-42D2-BF39-B33AF135CC4D} &C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation&
&&{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &, &
[GDGetTokenInfo Class]
&&{3AA9CF07-DF20-48FF-98BE-DED276E40146} &C:\WINDOWS\system32\GDREAD~1.DLL, &
&&{3E422F49--B43D-077EF739AC32} &, &
&&{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} &, &
[超级兔子上网精灵]
&&{4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
&&{43BEAFD9-E005-483D-A367-146BA6C8A32E} &, &
&&{43E839C5-E10F-443A-BC1F-F09CFD2ABC77} &, &
[VagaSearch]
&&{468C8F9D-67F2-48A6-88C1-BB} &C:\WINDOWS\system32\Vagaa.dll, VagaaSearch&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
&&{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} &, &
[VnetCookie Class]
&&{4E83D567-B-B1F0-A513B01DB89A} &C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, &
&&{51D2C3A3-6E69-B} &, &
[HHCtrl Object]
&&{52A2AAAE-085D-4187-97EA-8C30DB990436} &C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation&
[Shell Name Space]
&&{DE-11D1-B9F2-00A0C98BC547} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[ed2k Dectector]
&&{-BC44-45F4-ADCE-52EAC919BB79} &, &
[WangWangX Class]
&&{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} &D:\AliWangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.&
&&{5DA5CC16-90A8-4C78-AB5E-596BAEDD1289} &, &
[PowerPlayer Control]
&&{5EC7C511-CD0F-42E6-830C-1BD} &D:\tvmao\PPStream\POWERP~1.DLL, (Signed) PPStream Inc.&
[CAntiVersion Object]
&&{5EFE0AA6-B28B-41BD-9B3C-02AA3F79EA9A} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\AntiPhishingVer.dll, (Signed) 中国工商银行&
&&{612F6E5C-B314-4BAB-93D1-D266AAFBE700} &, &
[InfoSecNetSign Class]
&&{62B938C4--8CF0-A92B0A91CC77} &C:\WINDOWS\system32\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[Microsoft 外壳 UI 帮助程序]
&&{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[Uploader Control]
&&{654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} &C:\WINDOWS\system32\Uploader.ocx, 网易(杭州)网络有限公司&
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[SfEdit32 Control]
&&{69A5F9C4-01CB-470B-8161-CE} &C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.&
[AddTask Class]
&&{6A19C29D-ED45-F939C8161F2} &C:\Program Files\eREAD\eREAD\WebHook.dll, N/A&
[显示稞麦(Xmlbar)工具条]
&&{6B896ADB-4A82-46E2-858C-} &C:\Program Files\Xmlbar\FLV Downloader\IEBar\xbietb.dll, &
&&{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} &, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
&&{6CFEF-4CD4-B654-D3AE55B4128C} &, &
&&{6D057F85-F1B7-4F85-863B-0E45E94C18C9} &, &
&&{6E2A-47B6-AEB2-} &, &
[MUWebControl Class]
&&{6E3D-4EE6-879C-DC1FA91D2FC3} &C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation&
[超级兔子上网精灵]
&&{B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\system32\InputControl.dll, &
&&{9--EDC1} &, &
&&{75BED22C-339D-4827-BA51-ECD7B55A8792} &, &
[SSVHelper Class]
&&{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
&&{F6-4D95-B2C4-F0DBD88E5DD5} &, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &D:\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD&
[CyberArticle Express]
&&{769A6A36-ED24-4376-BC7C-8} &D:\CyberArticle\CAExp.dll, Wizissoft&
&&{77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} &, &
[DLoader Class]
&&{78ABDC59-D8E7-44D3-9A76-9AA} &C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com&
[CertEnroll Class]
&&{7978461C-CC22-48F2-BC69-D} &C:\WINDOWS\Downloaded Program Files\itrusenroll.dll, (Signed) iTruschina Co., Ltd.&
&&{7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} &, &
[CTSWebSiteMon Class]
&&{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} &D:\Tencent\qq\QQDoctor\TSWebMon.dat, (Signed) Tencent&
[GDGetVer Class]
&&{7CCE07A5-A590--2E} &C:\WINDOWS\DOWNLO~1\ICBC_G~1.DLL, (Signed) &
[BrowseHelper Class]
&&{80BFF3-BB60-C5DD3D5FB7B9} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
&&{83B80A9C-D91A-4F22-8DCF-EA} &, &
[360SafeLive]
&&{C--D416CB8059E3} &C:\Program Files\360safe\Safelive.dll, (Signed) &
[Microsoft Web 浏览器]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
&&{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} &, &
[XML DOM Document 4.0]
&&{88D969C0-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[Free Threaded XML DOM Document 4.0]
&&{88D969C1-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XSL Template 4.0]
&&{88D969C3-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XML HTTP 4.0]
&&{88D969C5-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XML DOM Document 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[Free Threaded XML DOM Document 5.0]
&&{88D969E6-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[XSL Template 5.0]
&&{88D969E8-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[XML HTTP 5.0]
&&{88D969EA-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[Java Plug-in 1.6.0_07]
&&{8AD9C840-044E-11D1-B3E9-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\system32\SubmitControl.dll, (Signed) &
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
&&{CC-41C8-B9BE-3C9C571A8263} &, &
&&{95B3F550-91C4-4627-BCC4-78} &, &
&&{95B3F550-91C4-4627-BCC4-79} &, &
[FGDownMgr]
&&{97F14F61-B206-4F9E-B6A4-318E80B13440} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
&&{A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} &, &
[IETimeBehaviorFactory Class]
&&{AE-11D3-A490-00C04F6843FB} &C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation&
[IEAnimBehaviorFactory Class]
&&{A4E-11D3-A490-00C04F6843FB} &C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation&
&&{ACA-11D3-9CD9-B} &, &
&&{A8DC7D60-AD8F-491E-9A84-8FF901E7556E} &, &
[photo_uploader Control]
&&{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} &C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, &
&&{A986E409-30CC-4185-89BB-AB212C104524} &, &
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation&
[Qzone Media Tools]
&&{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} &D:\Tencent\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited&
[CCTVUpdateInstall]
&&{ACBB-4C2C-873B-EA53D2F3D23A} &C:\Documents and Settings\Frank\Application Data\CCTV\tv\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.1).dll, ShenZhen Thunder Networking Technologies Ltd.&
[Microsoft Scriptlet Component]
&&{AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation&
&&{AFF6E516-CBE5-4F8A-9C2F-38A} &, &
[FlashGetBHO]
&&{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
[InfoSecICBCNetSign Class]
&&{B1FBC1AD-2A-0F8BA85E7506} &C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[江民杀毒工具栏]
&&{B5A34A93-D538-43A7-48D12} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
&&{BE-4B48-836C-BC} &C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &C:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[ICBC Anti-Phishing class]
&&{BBA-4C6B-91C0-BB} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行&
[RDS.DataSpace]
&&{BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation&
&&{BF00E119-21A3-4FD1-B178-3B} &, &
&&{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} &, &
&&{C211C413--8FE9-CBD8F2473FBE} &, &
[Windows Live 上载工具]
&&{CA83-24BA117356} &C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll, (Signed) Microsoft Corporation&
&&{C68AE9C0-0909-4DDC-B661-C} &, &
[KooPlayer Control]
&&{C728DAB8-FDF5-4CD7-89DD-879D25794C77} &C:\DOCUME~1\Frank\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) &
&&{C95A4E8E-816D--D736DA1ADB6D} &, &
&&{C95FE080-8F5D-11D2-A20B-00AA003C157B} &, &
[Adobe PDF Reader]
&&{CA8ACF-A24D-} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.&
[AUDIO__MID Moniker Class]
&&{CD3AFA74-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__WAV Moniker Class]
&&{CD3AFA7B-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__AVI Moniker Class]
&&{CD3AFA88-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__MPEG Moniker Class]
&&{CD3AFA89-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[Microsoft Url 搜索挂接]
&&{CFBFAE00-17A6-11D0-99CB-00C04FD64497} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
&&{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} &, &
[Windows Live 登录控制]
&&{DCE-1E881B8C5C} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10o.ocx, (Signed) Adobe Systems, Inc.&
&&{D5CD69C4-F983-46E2-AF79-455E892729FA} &, &
&&{D6E814A0-E0C5-11D4-8D29-E3} &, &
[卡卡上网安全助手]
&&{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.&
[PlayerCtrl Class]
&&{E05BC2A3-9A46-4A32-80C9-023A473F5B23} &D:\Tencent\qq\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent&
&&{E0E899AB-F487-11D5-8D29-E3} &, &
[EditCtrl Class]
&&{E0E9F6EF-871B-42AE-89C9-CD6AF7A2E5D3} &C:\WINDOWS\system32\SecEdit\SecEdit.1.0.2.0.dll, (Signed) &
&&{E9AE3247-63CB-4BB5-ACFF-953AA3B4797B} &, &
&&{ECF2E268-F28C-48D2-9AB7-8F69C11CCB71} &, &
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[PPLive Lite Class]
&&{EF0D1A14--A589-240C01EDC078} &C:\Program Files\Common Files\PPLiveNetwork\plugin\pplugin2.dll, N/A&
[FlashGet GetFlash Class]
&&{FEF-470C-80DBA} &D:\FlashGet\getflash.dll, N/A&
[QvodCtrl Class]
&&{F3D0D36F-23F8-C92B03D4AF} &D:\QvodPlayer\QvodInsert.dll, (Signed) Shenzhen QVOD Technology Co.,Ltd&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.1).dll, Xunlei Networking Technologies,LTD&
[DropFile Class]
&&{F4BA-45C1-8D0A-A} &C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[FGAutoLive]
&&{F90D830D-C175-4bbe-82C7-FF} &D:\FlashGet\fgupdate.dll, N/A&
[FGCatchUrl]
&&{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} &D:\FlashGet\jccatch.dll, N/A&
&&{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} &, &
&&{FB5FD2-BB9E-00C04F795683} &, &
&&{FB7199AB-79BF-11D2-8D94-} &C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation&
&&{FD00D911-46-A29F1BDF4FE5} &, &
&&{FDC7A535--A0EA-D9994BCC0DC5} &, &
&&{FE063DB9-4EC0-403E-8DD8-394C54984B2C} &, &
&&{FEDF637B-F631-CC828D42DB} &, &
[RegisterHelper Class]
&&{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} &C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.&
[&QQ文件发布]
&&&C:\Program Files\QQmailFile\getqqfile.htm, N/A&
[&U使用纳米机器人下载并收藏]
&&&C:\Program Files\NamiRobot\Data\du.html, N/A&
[&使用优蛋下载]
&&&C:\Program Files\115\UDown\getUrl.htm, N/A&
[&使用优蛋下载全部链接]
&&&C:\Program Files\115\UDown\getAllUrl.htm, N/A&
[Google快照助手打开该网页]
&&&D:\Google快照助手\GoogleSnapshot_link.htm, N/A&
[使用 Mega 管理器下载链接...]
&&&C:\Program Files\Megaupload\Mega Manager\mm_file.htm, N/A&
[使用BID Link Explorer打开当前页]
&&& Image Downloader\iemenu\iebidlinkexplorer.htm, N/A&
[使用BID打开当前页]
&&& Image Downloader\iemenu\iebid.htm, N/A&
[使用BID打开链接指向]
&&& Image Downloader\iemenu\iebidlink.htm, N/A&
[使用BID排列当前页]
&&& Image Downloader\iemenu\iebidqueue.htm, N/A&
[使用BID排列链接指向]
&&& Image Downloader\iemenu\iebidlinkqueue.htm, N/A&
[使用MTV分享精灵下载]
&&&D:\MtvP2P\IE2EM.htm, N/A&
[使用快车3下载]
&&&C:\Documents and Settings\Frank\Application Data\FlashGetBHO\GetUrl.htm, N/A&
[使用快车3下载全部视频]
&&&D:\FlashGet\GetAllFlvUrl.htm, N/A&
[使用快车3下载全部链接]
&&&C:\Documents and Settings\Frank\Application Data\FlashGetBHO\GetAllUrl.htm, N/A&
[使用网络传送带下载]
&&&D:\NetXfer\NXAddLink.html, N/A&
[使用网络传送带下载全部链接]
&&&D:\NetXfer\NXAddList.html, N/A&
[使用迅雷下载]
&&&D:\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\Thunder\Program\getallurl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A&
[用flvcd下载本页的视频]
&&&C:\Program Files\flvcd\flvcd_link.htm, N/A&
[稞麦&Xmlbar搜索]
&&&/iebar/iemenu.php?lang=Chinese Simplified&ver=1.0, N/A&
==================================
正在运行的进程
[PID: 1500 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1580 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1616 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Ati2evxx.dll]&&[ATI Technologies Inc., 6.14.10.4177]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_qfe.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1672 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\relog_ap.dll]&&[Acronis, 1,0,0,10]
[PID: 1840 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]&&[ATI Technologies Inc., 6.14.10.4213]
& & [C:\WINDOWS\system32\Ati2edxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2513]
& & [C:\WINDOWS\system32\atipdlxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2543]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1968 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 464 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 492 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]&&[ATI Technologies Inc., 6.14.10.4213]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Ati2edxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2513]
& & [C:\WINDOWS\system32\atipdlxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2543]
& & [C:\WINDOWS\system32\ati2evxx.dll]&&[ATI Technologies Inc., 6.14.10.4177]
[PID: 616 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 972 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1044 / SYSTEM][D:\Hotspot Shield\bin\openvpnas.exe]&&[N/A, ]
& & [D:\Hotspot Shield\bin\libcurl.dll]&&[The cURL library, http://curl.haxx.se/, 7.18.0]
& & [D:\Hotspot Shield\bin\libeay32.dll]&&[N/A, ]
& & [D:\Hotspot Shield\bin\libssl32.dll]&&[N/A, ]
[PID: 1100 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe]&&[N/A, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\oodag.exe]&&[O&O Software GmbH, 10.0.1634]
& & [C:\WINDOWS\system32\OODAGRS.DLL]&&[O&O Software GmbH, 10.0.1.1617]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1140 / SYSTEM][C:\Program Files\Raxco\PerfectDisk\PDAgent.exe]&&[Raxco Software, Inc., 11, 0, 0, 182]
& & [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll]&&[Raxco Software, Inc., 11, 0, 0, 182]
& & [C:\Program Files\Raxco\PerfectDisk\PDUtils.dll]&&[Raxco Software, Inc, 11, 0, 0, 182]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1192 / SYSTEM][C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe]&&[Seagate, 1,0,0,259]
[PID: 1236 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]&&[Microsoft Corporation, 5.2. built by: dnsrv(bld4act)]
[PID: 1564 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2528 / Frank][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\Program Files\JiangMin\KvExpert\tools\JmPassBoxMenu.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 109]
& & [C:\Program Files\JiangMin\Antivirus\KVShell.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 825]
& & [C:\WINDOWS\system32\KVInstall.dll]&&[Jiangmin Co, Ltd., 13, 0, 10, 106]
& & [C:\Program Files\JiangMin\Common\GuiExt.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 917]
& & [C:\Program Files\JiangMin\Common\lang\GUIExt0804.lng]&&[Jiangmin Co., Ltd., 15, 0, 10, 928]
& & [C:\WINDOWS\system32\HiveBase.dll]&&[Jiangmin Co., Ltd., 12, 0, 10, 929]
& & [C:\Program Files\JiangMin\Antivirus\lang\KvXP0804.lng]&&[Jiangmin Co., Ltd., 15, 0, 10, 1013]
& & [D:\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [C:\Program Files\Super Rabbit\MagicSet\Scan.dll]&&[N/A, ]
& & [C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll]&&[Jiangmin Co., Ltd., 3, 0, 10, 925]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]&&[Nero AG, 2, 7, 3, 2]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\WinRAR\rarext.dll]&&[, ]
& & [D:\Unlocker\UnlockerCOM.dll]&&[N/A, ]
& & [C:\Program Files\360safe\Utils\shell360ext.dll]&&[, 7, 5, 0, 1005]
& & [C:\Program Files\360safe\360Common.dll]&&[, 7, 3, 0, 1021]
& & [C:\Program Files\Seagate\DiscWizard\tishell.dll]&&[Seagate, 11,0,0,8329]
& & [C:\Program Files\Seagate\DiscWizard\timounter.dll]&&[Acronis, 4,0,0,469]
& & [D:\ESTsoft\ALZip\AZCTM.dll]&&[ESTsoft, 6.1.13.56]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]&&[, ]
& & [D:\Better File Rename\BfrExt.dll]&&[publicspace.net, 5.6]
& & [C:\Program Files\7-Zip\7-zip.dll]&&[N/A, ]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 9.4.0.195]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]&&[Nokia, 7, 1, 105, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]&&[Nokia, 7, 1, 151, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]&&[Nokia, 7, 1, 66, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]&&[Nokia, 7, 1, 21, 0]
& & [D:\AliWangWang\AliIMExt.dll]&&[Alibaba software (Shanghai) Corporation., 1.0.0.1]
& & [C:\Program Files\NamiRobot\Data\NamipanExt1.dll]&&[N/A, ]
[PID: 2684 / Frank][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3072 / Frank][C:\WINDOWS\system32\taskmgr.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3308 / Frank][C:\新建文件夹\SREng\sreng 2.8.4.1331 简体中文版\SREngLdr.EXE]&&[Smallfrogs Studio, 2.8.4.1331]
[PID: 3316 / Frank][C:\新建文件夹\SREng\sreng 2.8.4.1331 简体中文版\SRE64df41d0.EXE]&&[Smallfrogs Studio, 2.8.4.1331]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
==================================
==================================
Winsock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
==================================
进程特权扫描
==================================
==================================
Windows 安全更新检查
==================================
==================================
最好可以把报告保存rar压缩后上传。
maxwelldemon
我起初是把报告压缩上传的,但上传失败,只好这样发了。请见谅哈。
本帖最后由 zhou0197 于
11:31 编辑
maxwelldemon 发表于
********************************************************************
*& & PLA'S Report For Your Problem [2.0.7]
*& && && && && && && && && && && && && & All rights Reserved by Evol
********************************************************************
* 报告分析日期: - 11:15:25
* 报告分析作者:zhou0197
* 作者邮件地址:
* 作者其他信息:
* 报告正文开始:
********************************************************************
★ 『建议您【替换】的文件』 ★
&&☆ HELP ☆
C:\WINDOWS\system32\mspmsnsv.dll(此文件先上传多引擎确认一下,没有问题就不管)
★ *********************************************** ★
★ 『建议您删除/关闭的服务或驱动项目』 ★
&&☆ HELP ☆
驱动名【aslm75】,对应文件【C:\WINDOWS\system32\drivers\aslm75.sys】(此文件先上传多引擎确认一下,没有问题就不管)
驱动名【iCafe Service】,对应文件【C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys】
驱动名【Net Manager】,对应文件【C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys】
此外,你的江民是否彻底卸载?为啥文件夹是KV2006?
★ *********************************************** ★
★ 『建议您删除的文件』 ★
&&☆ HELP ☆1.建议使用超级巡警暴力删除工具(请勾选“删除前备份”)或smtdel删除以下文件:( )
C:\WINDOWS\system32\drivers\aslm75.sys(此文件先上传多引擎确认一下,没有问题就不管)
C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys
C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys
★ *********************************************** ★
★ 『建议您清理的注册表项目』 ★
&&☆ HELP ☆
程序名称【kmpctrl】,映像路径【; 】
★ *********************************************** ★
然后尝试用金山急救箱+windows清理助手扫描一下(联网)。还有,会不会江民卸载不彻底或者还有软件冲突?
还有,最好先彻底卸载江民和天网,排除冲突。
疯狂的小鬼
2L给出了建议。。。
偶也没建议
maxwelldemon
本帖最后由 maxwelldemon 于
14:56 编辑
多谢高人出手相救!这么长的扫描报告,这么快就找到症结了。
昨天按照zhou0197兄的报告进行了研究,发现Net Manager和iCafe Service是“蠕虫病毒Win32.XinCrak Family”的东西,这个病毒是08年开始出现的,资料见
.cn/vir/ruchong/middle/5015.asp
所述症状果然与我的电脑的症状比较相符。
奇怪的是,我在C:\Documents and Settings\Frank\Local Settings\Temp\ 文件夹下找,显示隐藏和系统文件,也没找到1.sys和2.sys这两个文件;选中隐藏和系统文件一起搜索,也没搜到这两个文件,安全模式亦然,整个C盘里都没搜到1.sys这个文件。我再次用SREng扫描,依然显示有这两个驱动存在。在C:\Documents and Settings\Frank\Local Settings\Temp\ 这个文件夹及其子文件夹下,只有一个后缀为.sys的文件:在一个子文件夹里有一个CdaC15BA.SYS,是我装的AutoCAD带进来的反盗版的东西,与蠕虫无关。我还发现Local Settings下的Temp文件夹被锁定为灰色的只读状态,取消了它会自动改回来,而正常的电脑中这个Temp文件夹的只读状态是绿色的。
关于江民,我从06年开始至今一直用的江民加天网。升级07时怎么升的我也记不太清了,不是覆盖安装,就是用江民自己的卸载工具卸载的。后来几年都是用江民自己的卸载工具卸载的。几个月前我得了个叫uninstalltool的软件,卸载东西后会扫描注册表,把残余信息也删掉,我就一直用这个东西了。这几天各种杀软装了删,删了装,都用它。不过我的硬盘里目前不存在C:\Program Files\KV2006\ 这个文件夹,不知为何会扫描到这个路径下有驱动。
mspmsnsv.dll找到了;C:\WINDOWS\system32\drivers\aslm75.sys我百度了一下,好像是我的华硕主板的驱动里的东西,这些我都打了包。我是新人,不知上传多引擎确认是上传到哪里。注册表里的kmpctrl,好像是我以前装过的莫妮卡版KMplayer播放器留下的东西。
maxwelldemon 发表于
多谢高人出手相救!这么长的扫描报告,这么快就找到症结了。
昨天按照zhou0197兄的报告进行了研究,发现Ne ...
对于解决方案,我已经写了一个文件:
(58.18 KB, 下载次数: 57)
15:55 上传
点击文件名下载附件
解压,运行logaction.exe,开始处理。其他文件不要动!!!
然后金山急救箱+windows清理助手处理。
华硕主板的问题已经确认正常,排除了。现在看来,天网+江民的组合已经不是太合适了。
版区有你更精彩
maxwelldemon
本帖最后由 maxwelldemon 于
13:01 编辑
感谢zhou0197兄的帮助!
昨天功败垂成。
我先进安全模式,运行你写的logaction.exe。
运行后的记录:
(337 Bytes, 下载次数: 49)
11:14 上传
点击文件名下载附件
然后我打开注册表看了一下记录中显示删除失败的键值,都已不存在。用SREng扫描显示iCafe Service和Net Manager两个驱动也都已消失。各种程序不能正常运行的症状依然如故,local settings下的temp文件夹的写入依然被限制。然后我便重启,用安全模式进那个几年不用的管理员帐户,先运行金山急救箱扫描,再运行windows清理助手。这两个工具,我都是这两天下的最新版,但目前的住所上不了网。两件工具各扫出了三四个东西,处理后症状依然如故。然后我再重启,用安全模式进我平时用的帐户,先运行金山急救箱扫描,无果;再运行windows清理助手,这回又扫出几个东西,见清理记录中最后一次,其中有3个批处理文件。
(1.06 KB, 下载次数: 51)
11:32 上传
点击文件名下载附件
这次处理之后,我便重启,进正常模式,发现各种症状已经解除,各种程序能往local settings下的temp文件夹写入东西了,word能正常打开了。我用SREng扫描了日志备份。
(14.06 KB, 下载次数: 59)
12:50 上传
点击文件名下载附件
然后我进一步尝试其他程序,看看是不是真的好了。当我双击html文件时,ie6迅速正常的打开了它;当我再双击mht文件时,杯具发生了,窗口N久没有跳出来,ie进程又把CPU占到100%,又出现红叉说我要打开的这个文件不存在,在任务管理器中结束ie进程,各种症状又恢复了,local settings下的temp文件夹又被锁了。真后悔试mht文件之前没趁机装杀毒软件。不过我试图打开的mht文件本身绝对是没毒的,在单位正常电脑打开毫无问题。
我当即又用SREng扫描了一份日志,没再发现iCafe Service和Net Manager。我又运行金山急救箱和windows清理助手扫描,没再发现有.bat文件,也没新的发现。当初江民bootscan第一次扫到并删除批处理文件,我打开mht文件再中毒后,我曾在local settings下的temp文件夹里搜索过,也没发现有.bat文件,而这次扫出的三个.bat文件,我发现它创建和修改的日期有的是去年,有的是几个月前的,我在windows清理助手清除它之前把它和几个相同文件名的tmp文件一起打包备份了,不知可不可以用附件上传。代码很短,我也拷在txt里保存了。
从目前来看,这个病毒是通过ie打开mht文件来触发,锁定local settings下的temp文件夹的写入权限。到后期temp文件夹里会出现.bat,删除后症状会暂时解除,一旦再打开mht文件又会复原。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.3( 苏ICP备号 ) GMT+8,}
查看: 29353|回复: 21
PE下点击setup.exe安装原版的XP系统时 按钮是灰色的
本帖最后由 eovlve 于
14:46 编辑
77c6a7efce1b9d166fdeb48f8c546402.jpg (14.63 KB, 下载次数: 42)
11:26 上传
我用的是通用U盘工具箱3.3
在I386下的winnt32.exe可以进入安装界面 不过等到复制完文件又自动退出
直接使用pe里的工具“windows通用安装器”安装试试。
a330391 发表于
直接使用pe里的工具“windows通用安装器”安装试试。
在里面显示UNknown版本
先用虚拟光驱加载
eovlve 发表于
在里面显示UNknown版本
你有没有解压出来或者是使用虚拟光驱加载的。
恋爱的夏娜
估计你用了高于XP版本的PE,把PE界面截图发上来看看吧?
应该是用PE安装XP吧,其实你可以在复制完成后拔出U盘,然后重启,这样可以继续安装下去了
蛾不过如此
格式化C盘 用NT6安装工具安装
蛾不过如此 发表于
格式化C盘 用NT6安装工具安装
a330391 发表于
你有没有解压出来或者是使用虚拟光驱加载的。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.3( 苏ICP备号 ) GMT+8,var sogou_ad_id=731545;
var sogou_ad_height=90;
var sogou_ad_width=980;请完成以下验证码
查看: 6016|回复: 23
开机后CPU长时间100%,很多程序无法正常运行
maxwelldemon
本帖最后由 maxwelldemon 于
12:22 编辑
电脑用了五年了,本来在网络环境中是正常的。4月10日搬家时开始停用了近一个月,然后开始在无法上网的环境下使用了不到一个星期,逐渐开始出问题了。这期间我只看过一些从能上网且装有最新NOD32的电脑上用U盘拷过来的媒体文件,没装任何新程序。
开始只是开机时显示桌面图标前在桌面图片停留的时间稍长了点;打开保存下来的mht网页文件时有异常,要花很长时间,然后出现红叉说找不到文件,然后网页内容又显示出来了。
用了快一个星期后,有一天发现开机后要在桌面图片停留半小时才会出现桌面的快捷方式,然后CPU维持在100%的状态还要持续半小时,打开任务管理器,显示占用CPU的主要是江民杀毒软件的两个进程和explorer.exe。后来每次开机都这样。有时桌面快捷方式较快出现了,但从开机到CPU维持在100%的状态结束总共也要一个小时(除非删掉江民)。如果用安全模式开机,则exploer.exe会使CPU达到100%。而且很多程序都无法正常运行:有的是能运行但不正常,如用ACDSEE看图片这样的小任务,ACDSEE的进程也要使CPU占用率达到100%;有的是无法运行,如用WORD无法正常打开文档,说normal.doc有错误,不少程序运行之后只在任务管理器里看到它的进程占用了绝大部份CPU,却不见窗口,如迅雷、KMplayer;有的能正常运行,如记事本、画图。
初次杀毒:
我用更新到3月底的360安全卫士扫描,没扫出新问题,我试图运行离线升级包升级360,在任务管理器中能看到升级程序的进程,但就是不显示其窗口,所以无法正常升级360,在安全模式也一样。我用病毒库更新到3月底的江民bootscan扫描系统盘,第一次在C:\Documents and Settings\Administrator\Local Settings\Temp文件夹里杀到一个后缀为.bat的病毒,可惜电压不稳重启导致扫描中断。这次重启后貌似恢复正常了,我以为大功告成,于是点了前两天下的两三个视频文件观看,仍无异样。但后来当我试图打开保存的mht网页文件,很久都没反应,再重启,又故态复萌了。再bootscan,却没扫到病毒。登陆XP系统后用江民扫描系统盘,没扫出病毒,我试图进安全模式运行江民扫描,在任务管理器中能看到江民主程序的进程,但就是不显示其窗口,所以无法扫描。不过刚才扫出病毒的temp文件夹里有一个在我最后一次重启进系统时(红字所述)修改过,在重启前我以为正常的那段时间里(蓝字所述)创建的tmp文件。
各种尝试:
后来我又用最新的360顽固木马专杀(即360急救箱)扫描,也没找到问题。我试图升级江民,就买了新授权文件,删了江民,打算再重装。在删除江民的状态下开机,开机后CPU占用率倒是正常的,但很多程序运行不正常的问题依旧。在删除江民的状态下进安全模式,explorer.exe使CPU占用率达到100%。但升级江民没成功,授权文件无法通过验证,以致装不了离线包。我装NOD32,只见任务管理器中有进程,不见窗口;装金山毒霸,装到2%停住了;装瑞星,装到60%左右复制某个东西时停住不动了。
最新发现:
我把在单位正常的电脑用授权离线装江民时system32文件夹下生成的两个文件拷进U盘,再拷进我家中毒的电脑的system32文件夹下,果然能用授权安装江民了。但是安装后再安装离线升级包还是无效。安装升级包时在屏幕中看到的过程与在正常电脑安装升级包一样,它也在右下角显示说安装已完成。但重启后bootscan显示的病毒库日期还是没变。
根据以上情况,我估计很可能是病毒限制了我的C盘里某些关键目录(而且很可能是某些临时文件夹)的读写权限。我装NOD32,只见任务管理器中有进程,不见窗口;装360离线升级包,跟NOD32一样;装金山毒霸,装到2%停住了;装瑞星,装到60%左右复制某个东西时停住不动了;打开mht网页文件,说没找到文件;打开word文档,说normal.doc有错误......以上很可能都是这个原因导致的。当然我水平不够,只是瞎猜。希望有高人能给我一点提示。
求高人救我。万分感谢!
附SREng扫描日志:
System Repair Engineer 2.8.4.1331
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
& & &aliim&&; D:\AliWangWang\aliim.exe&&&[(Verified)TaoBao(china) Software Co., Ltd]
& & &QvodPlayer&&; D:\QvodPlayer\QvodTerminal.exe&&&[(Verified)Shenzhen QVOD Technology Co.,Ltd]
& & &MSMSGS&&; &C:\Program Files\Messenger\msmsgs.exe& /background&&&[(Verified)Microsoft Windows XP Publisher]
& & &FlashGetBHO&&; &D:\FlashGet\mxhelper.exe&&&&[(Verified)Trend Media Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &OODefragTray&&; C:\WINDOWS\system32\oodtray.exe&&&[(Verified)O and O Software GmbH]
& & &Grid Service&&; &C:\Program Files\GridService\peer.exe& -n Grid&&&[FS2YOU]
& & &StartCCC&&&C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe& MSRun&&&[File is missing]
& & &360Safebox&&; &C:\Program Files\360safebox\safeboxTray.exe& /r&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &SKYNET Personal FireWall&&C:\Program Files\SkyNet\FireWall\PFW.exe&&&[广州众达天网技术有限公司]
& & &kmpctrl&&; &&&[N/A]
& & &QQDoctorRTP&&; &D:\Tencent\qq\QQDoctor\QQDoctorRTP.exe& /regrun&&&[(Verified)Tencent Technology(Shenzhen) Company Limited]
& & &ASUS Probe&&; C:\Program Files\ASUS\Asus Probe\AsusProb.exe&&&[]
& & &Adobe Reader Speed Launcher&&; &D:\Adobe\Reader 9.0\Reader\Reader_sl.exe&&&&[(Verified)Adobe Systems, Incorporated]
& & &Adobe ARM&&; &C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe&&&&[(Verified)Adobe Systems, Incorporated]
& & &DiscWizardMonitor.exe&&; C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe&&&[(Verified)Acronis, Inc]
& & &AcronisTimounterMonitor&&; C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe&&&[(Verified)Acronis, Inc]
& & &Seagate Scheduler2 Service&&; &C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe&&&&[(Verified)Acronis, Inc]
& & &KVMON&&&C:\Program Files\JiangMin\Antivirus\KVMonXP.exe&&&&[(Verified)Beijing Jiangmin New Sci.&Tec. Co. Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &Internet Explorer 版本更新&&C:\WINDOWS\system32\ieudinit.exe&&&[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install&&&[(Verified)Microsoft Corporation]
==================================
启动文件夹
==================================
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
&&&C:\WINDOWS\system32\Ati2evxx.exe&&ATI Technologies Inc.&
[ATI Smart / ATI Smart][Stopped/Auto Start]
&&&C:\WINDOWS\system32\ati2sgag.exe&&&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[Hotspot Shield Service / HotspotShieldService][Running/Auto Start]
&&&D:\Hotspot Shield\bin\openvpnas.exe&&N/A&
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
&&&C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe&&N/A&
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe&&&Macrovision Corporation&
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\LightScribe\LSSrvc.exe&&&Hewlett-Packard Company&
[NBService / NBService][Stopped/Manual Start]
&&&C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe&&Nero AG&
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe&&&Nero AG&
[O&O Defrag / O&O Defrag][Running/Auto Start]
&&&C:\WINDOWS\system32\oodag.exe&&O&O Software GmbH&
[PDAgent / PDAgent][Running/Auto Start]
&&&&C:\Program Files\Raxco\PerfectDisk\PDAgent.exe&&&Raxco Software, Inc.&
[PDEngine / PDEngine][Stopped/Manual Start]
&&&&C:\Program Files\Raxco\PerfectDisk\PDEngine.exe&&&Raxco Software, Inc.&
[Rising Personal Firewall Service / RfwService][Stopped/Manual Start]
&&&c:\program files\rising\rfw\rfwsrv.exe&&Beijing Rising Technology Corporation Limited&
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
&&&&C:\Program Files\WinPcap\rpcapd.exe& -d -f &C:\Program Files\WinPcap\rpcapd.ini&&&CACE Technologies&
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
&&&&C:\Program Files\PC Connectivity Solution\ServiceLayer.exe&&&Nokia.&
[Seagate Scheduler2 Service / SgtSch2Svc][Running/Auto Start]
&&&&C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe&&&Seagate&
[Tencent Software Update Service / TSUSVC][Stopped/Manual Start]
&&&&D:\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe& -run&&Tencent&
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&C:\WINDOWS\system32\mspmsnsv.dll&&Microsoft Corporation&
[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
&&&&C:\Program Files\360safe\deepscan\zhudongfangyu.exe&&&&
[KVSrvXP-{8-4D9B-B5C6-6C70E17D761D} / {8-4D9B-B5C6-6C70E17D761D}][Running/Auto Start]
&&&&C:\Program Files\JiangMin\Antivirus\KVSrvXp.exe& /Service&&Jiangmin Co., Ltd.&
==================================
[360netmon / 360netmon][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\360netmon.sys&&&
[360SelfProtection / 360SelfProtection][Stopped/System Start]
&&&system32\drivers\360SelfProtection.sys&&360安全中心&
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
&&&system32\drivers\ADIHdAud.sys&&Analog Devices, Inc.&
[AEAudio Service / AEAudioService][Running/Manual Start]
&&&system32\drivers\AEAudio.sys&&Andrea Electronics Corporation&
[aslm75 / aslm75][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\aslm75.sys&&N/A&
[ati2mtag / ati2mtag][Running/Manual Start]
&&&system32\DRIVERS\ati2mtag.sys&&ATI Technologies Inc.&
[BaseTDI / BaseTDI][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\basetdi.sys&&Rising&
[BsDeamon / BsDeamon][Running/System Start]
&&&\??\C:\Program Files\JiangMin\AntiVirus\BsDeamon.sys&&Jiangmin Co., Ltd.&
[CdaC15BA / CdaC15BA][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS&&Macrovision Europe Ltd&
[dtscsi / dtscsi][Stopped/Manual Start]
&&&\SystemRoot\System32\Drivers\dtscsi.sys&&DT Soft Ltd.&
[EfiSystemMon / EfiMon][Running/System Start]
&&&System32\Drivers\Efimon.sys&&奇虎网&
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
&&&system32\drivers\HdAudio.sys&&Windows (R) Server 2003 DDK provider&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[HookPort / HookPort][Stopped/Boot Start]
&&&\SystemRoot\\??\C:\WINDOWS\system32\drivers\hookport.sys&&N/A&
[hotcore3 / hotcore3][Running/Boot Start]
&&&\SystemRoot\system32\drivers\hotcore3.sys&&Paragon Software Group&
[iCafe Service / iCafe Service][Stopped/Manual Start]
&&&\??\C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys&&N/A&
[iTouch Keyboard Filter / itchfltr][Running/Manual Start]
&&&system32\DRIVERS\itchfltr.sys&&Logitech, Inc.&
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
&&&\??\C:\Program Files\JiangMin\common\KSysCall.sys&&Jiangmin Co.,&&Ltd.&
[KVFileGuard From Jiangmin / KVFileGuard][Running/System Start]
&&&\??\C:\Program Files\JiangMin\AntiVirus\KVFG.sys&&Jiangmin Co., Ltd.&
[Jiangmin AntiVirus Software - System Guard / KvG293b][Running/Boot Start]
&&&\SystemRoot\system32\Drivers\SysGuard.sys&&Jiangmin Co., Ltd.&
[KvMemon / KvMemon][Stopped/Manual Start]
&&&\??\C:\PROGRA~1\KV2006\KvMemon.sys&&N/A&
[Jiangmin Antivirus Software - KvTrust Server / KvTrustSrv][Running/System Start]
&&&\??\C:\Program Files\JiangMin\common\KvTrustSrv.sys&&Jiangmin Co., Ltd.&
[Logitech PS/2 Mouse Filter Driver / L8042pr2][Running/Manual Start]
&&&system32\DRIVERS\L8042pr2.Sys&&Logitech, Inc.&
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
&&&system32\DRIVERS\LMouFlt2.Sys&&Logitech, Inc.&
[WinpkFilter Service / Ndisrd][Stopped/Manual Start]
&&&system32\DRIVERS\ndisrd.sys&&NT Kernel Resources&
[NdisrdMP / NdisrdMP][Running/Manual Start]
&&&system32\DRIVERS\ndisrd.sys&&NT Kernel Resources&
[Net Manager / Net Manager][Stopped/Manual Start]
&&&\??\C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys&&N/A&
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
&&&system32\drivers\ccdcmb.sys&&Nokia&
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
&&&system32\drivers\ccdcmbo.sys&&Nokia&
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
&&&system32\drivers\npf.sys&&Politecnico di Torino&
[npkcrypt / npkcrypt][Running/Auto Start]
&&&\??\D:\Tencent\qq\npkcrypt.sys&&INCA Internet Co., Ltd.&
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
&&&system32\DRIVERS\pccsmcfd.sys&&Nokia&
[Padus ASPI Shell / pfc][Running/Manual Start]
&&&system32\drivers\pfc.sys&&Padus, Inc.&
[PProtect / PProtect][Stopped/System Start]
&&&\??\C:\PROGRA~1\KV2006\PProtect.sys&&N/A&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmdrv.sys&&&
[qutmipc / qutmipc][Stopped/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmipc.sys&&&
[RsFwDrv / RsFwDrv][Running/Auto Start]
&&&\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys&&Rising&
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[SenFilt Service / SenFiltService][Running/Manual Start]
&&&system32\drivers\Senfilt.sys&&Sensaura&
[SKNFW / SKNFW][Running/System Start]
&&&\??\C:\WINDOWS\system32\Drivers\SKNFW.sys&&N/A&
[SkyProcs / SkyProcs][Running/Manual Start]
&&&\??\C:\Program Files\SkyNet\FireWall\SkyProcs.sys&&N/A&
[Acronis Snapshots Manager / snapman][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\snapman.sys&&Acronis&
[sptd / sptd][Stopped/Boot Start]
&&&\SystemRoot\System32\Drivers\sptd.sys&&Duplex Secure Ltd.&
[TAP VPN Adapter / tapvpn][Running/Manual Start]
&&&system32\DRIVERS\tapvpn.sys&&The OpenVPN Project&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[Acronis Try&Decide and Restore Points filter / tdrpman][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\tdrpman.sys&&Acronis&
[Seagate DiscWizard FS Filter / tifsfilter][Running/Auto Start]
&&&system32\DRIVERS\tifsfilt.sys&&Acronis&
[Seagate DiscWizard Image Backup Archive Explorer / timounter][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\timntr.sys&&Acronis&
[TSKSP / TSKSP][Stopped/Manual Start]
&&&\??\D:\Tencent\qq\QQDoctor\TSKSP.sys&&Tencent&
[upperdev / upperdev][Stopped/Manual Start]
&&&system32\DRIVERS\usbser_lowerflt.sys&&Windows (R) Codename Longhorn DDK provider&
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
&&&system32\DRIVERS\usbser_lowerfltj.sys&&Windows (R) Codename Longhorn DDK provider&
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
&&&system32\DRIVERS\yk51x86.sys&&Marvell&
maxwelldemon
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Link Helper]
&&{18DF081C-E8AD--FA578C2EBDC3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated&
[VagaSearch]
&&{468C8F9D-67F2-48A6-88C1-BB} &C:\WINDOWS\system32\Vagaa.dll, VagaaSearch&
[VnetCookie Class]
&&{4E83D567-B-B1F0-A513B01DB89A} &C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, &
[ed2k Dectector]
&&{-BC44-45f4-ADCE-52EAC919BB79} &, &
[超级兔子上网精灵]
&&{B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[SSVHelper Class]
&&{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[CTSWebSiteMon Class]
&&{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} &D:\Tencent\qq\QQDoctor\TSWebMon.dat, (Signed) Tencent&
[BrowseHelper Class]
&&{80BFF3-BB60-C5DD3D5FB7B9} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[FlashGetBHO]
&&{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &C:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[ICBC Anti-Phishing class]
&&{BBA-4c6b-91C0-BB} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行&
&&{bf00e119-21a3-4fd1-b178-3b} &, &
[RegisterHelper Class]
&&{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} &C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.&
[Java Plug-in 1.6.0_07]
&&{08B0E5C0-4FCB-11CF-AAA5-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &D:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD&
[手机短信]
&&{5DA5CC16-90A8-4c78-AB5E-596BAEDD1289} &/ie/index.htm, N/A&
[运行 稞麦综合视频下载(xmlbar)]
&&{612F6E5C-B314-4bab-93D1-D266AAFBE700} &C:\Program Files\Xmlbar\FLV Downloader\FLVDownloader(xmlbar).exe, , Inc.&
&&{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} &D:\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL, Nuclear Coffee Software&
[信息检索(&R)]
&&{CC-41C8-B9BE-3C9C571A8263} &D:\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation&
&&{77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} &, &
&&{E0E899AB-F487-11D5-8D29-E3} &, &
[卡卡上网安全助手]
&&{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.&
[超级兔子上网精灵]
&&{4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[CyberArticle Express]
&&{769A6A36-ED24-4376-BC7C-8} &D:\CyberArticle\CAExp.dll, Wizissoft&
[显示稞麦(Xmlbar)工具条]
&&{6B896ADB-4A82-46e2-858C-} &C:\Program Files\Xmlbar\FLV Downloader\IEBar\xbietb.dll, &
[江民杀毒工具栏]
&&{B5A34A93-D538-43A7-48D12} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
[MMCPlayer Class]
&&{05C-48E5-8E26-EEB9} &D:\sohutv_web\MMCShell.dll, N/A&
&&{0-AA00389B71} &, &
[GDGetTokenInfo Class]
&&{3AA9CF07-DF20-48FF-98BE-DED276E40146} &C:\WINDOWS\system32\GDREAD~1.DLL, &
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
[InfoSecNetSign Class]
&&{62B938C4--8CF0-A92B0A91CC77} &C:\WINDOWS\system32\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.&
[Uploader Control]
&&{654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} &C:\WINDOWS\system32\Uploader.ocx, 网易(杭州)网络有限公司&
[SfEdit32 Control]
&&{69A5F9C4-01CB-470B-8161-CE} &C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\system32\InputControl.dll, &
[DLoader Class]
&&{78ABDC59-D8E7-44D3-9A76-9AA} &C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com&
[CertEnroll Class]
&&{7978461C-CC22-48F2-BC69-D} &C:\WINDOWS\Downloaded Program Files\itrusenroll.dll, (Signed) iTruschina Co., Ltd.&
[GDGetVer Class]
&&{7CCE07A5-A590--2E} &C:\WINDOWS\DOWNLO~1\ICBC_G~1.DLL, (Signed) &
[Java Plug-in 1.6.0_07]
&&{8AD9C840-044E-11D1-B3E9-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\system32\SubmitControl.dll, (Signed) &
[photo_uploader Control]
&&{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} &C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, &
[InfoSecICBCNetSign Class]
&&{B1FBC1AD-2A-0F8BA85E7506} &C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.&
[Java Plug-in 1.5.0]
&&{CAFEEFAC-00-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.5.0_06]
&&{CAFEEFAC-06-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.6.0_07]
&&{CAFEEFAC-07-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[Java Plug-in 1.6.0_07]
&&{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} &C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10o.ocx, (Signed) Adobe Systems, Inc.&
[EditCtrl Class]
&&{E0E9F6EF-871B-42AE-89C9-CD6AF7A2E5D3} &C:\WINDOWS\system32\SecEdit\SecEdit.1.0.2.0.dll, (Signed) &
&&{0-} &, &
[ThunderIEHelper Class]
&&{0005A87D-D626-4B3A-84F9-1D} &C:\WINDOWS\system32\xunleibho_v10.dll, N/A&
&&{00EF-47C0-BD25-CF2D5D657FEB} &, &
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
&&{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} &, &
[MMCPlayer Class]
&&{05C-48E5-8E26-EEB9} &D:\sohutv_web\MMCShell.dll, N/A&
[PhotoDrawEx Class]
&&{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} &D:\Tencent\qq\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\QQPhotoDrawEx.dll, (Signed) Tencent&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated&
[ULiveCtrl Control]
&&{070CA17A-4BD2--32B1B9159B48} &C:\PROGRA~1\sina\SINAWE~1\304~1.0\UCLIVE~1.OCX, 北京新浪信息技术有限公司&
[Web Browser Applet Control]
&&{08B0E5C0-4FCB-11CF-AAA5-} &C:\WINDOWS\system32\msjava.dll, Microsoft Corporation&
[BDA 调节型号 MPEG2 微调请求]
&&{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} &C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation&
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
&&{09EA1F80-F40A-11D1-B792-} &, &
[IE2EMBHO Class]
&&{0A0DDBD3--873F-BBDD26D6C14E} &D:\MtvP2P\modules\IE2EM.dll, N/A&
[PeerDraw Class]
&&{10072CEC-8CC1-11D1-986E-00A0C955B42E} &C:\WINDOWS\system32\dllcache\vgx.dll, (Signed) Microsoft Corporation&
[IFlashGetNetscapeEx Class]
&&{116BA71C--9A1F-C9D} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetHook1.dll, (Signed) Trend Media Group&
[CEnroll Class]
&&{-E730-4E5C-A2B1-A1} &C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation&
&&{1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} &, &
&&{16B280C5-EE70-11D1-FD9189D} &C:\WINDOWS\system32\dxtmsft.dll, (Signed) Microsoft Corporation&
[Windows Genuine Advantage Validation Tool]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation&
&&{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} &, &
[Adobe PDF Link Helper]
&&{18DF081C-E8AD--FA578C2EBDC3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated&
&&{E-4E31-94A4-B} &, &
[WWPicUploadCtrl Class]
&&{1D6-4A42-890D-EE617AA1537D} &D:\AliWangWang\modules\1685\WWPictureUpload.dll, (Signed) Alibaba software (Shanghai) Corporation&
[InstallHelper Class]
&&{1DABF8D5-B7F-A30E53D709B3} &D:\Tencent\qq\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll, (Signed) Tencent&
[iTrusPTA Class]
&&{1E0DFFCF-27FF-007349FEDA} &C:\WINDOWS\system32\aliedit\pta.dll, (Signed) &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation&
&&{--9B18-CD4F} &, &
[Shockwave ActiveX Control]
&&{233C-46A4-5D258} &C:\WINDOWS\system32\Macromed\Director\SwDir.dll, (Signed) Macromedia, Inc.&
&&{24F-4D1C-8CFE-839C296B5530} &, &
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, (Signed) N/A&
[XML DOM Document]
&&{B36-11D2-B20E-00C04F983E60} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[JetCarNetscape Class]
&&{1-4de5-b23c-b875f0a8522f} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetHook1.dll, (Signed) Trend Media Group&
[DHTML Edit Control Safe for Scripting for IE5]
&&{2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation&
[FGCatchUrl]
&&{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &D:\FlashGet\jccatch.dll, N/A&
[RealPlayer RAM Download Handler]
&&{2F542A2E-EDC9-4BF7-8CB1-87C} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
&&{-B461-4BC5-46192CA} &, &
[HtmlDlgSafeHelper Class]
&&{B5-11CF-BB82-00AA00BDCE0B} &C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation&
&&{0-AA00389B71} &, &
[Tabular Data Control]
&&{333C7BC4-460F-11D0-BC04-} &C:\WINDOWS\system32\tdc.ocx, (Signed) Microsoft Corporation&
&&{367E0A21-C9A-153BF5ACA118} &, &
&&{36C-01C7-9C6D-10DACDFEA59C} &, &
&&{377BE-4A2D-CAC86} &, &
[IETag Factory]
&&{-CA0E-42D2-BF39-B33AF135CC4D} &C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation&
&&{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &, &
[GDGetTokenInfo Class]
&&{3AA9CF07-DF20-48FF-98BE-DED276E40146} &C:\WINDOWS\system32\GDREAD~1.DLL, &
&&{3E422F49--B43D-077EF739AC32} &, &
&&{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} &, &
[超级兔子上网精灵]
&&{4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
&&{43BEAFD9-E005-483D-A367-146BA6C8A32E} &, &
&&{43E839C5-E10F-443A-BC1F-F09CFD2ABC77} &, &
[VagaSearch]
&&{468C8F9D-67F2-48A6-88C1-BB} &C:\WINDOWS\system32\Vagaa.dll, VagaaSearch&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
&&{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} &, &
[VnetCookie Class]
&&{4E83D567-B-B1F0-A513B01DB89A} &C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, &
&&{51D2C3A3-6E69-B} &, &
[HHCtrl Object]
&&{52A2AAAE-085D-4187-97EA-8C30DB990436} &C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation&
[Shell Name Space]
&&{DE-11D1-B9F2-00A0C98BC547} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[ed2k Dectector]
&&{-BC44-45F4-ADCE-52EAC919BB79} &, &
[WangWangX Class]
&&{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} &D:\AliWangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.&
&&{5DA5CC16-90A8-4C78-AB5E-596BAEDD1289} &, &
[PowerPlayer Control]
&&{5EC7C511-CD0F-42E6-830C-1BD} &D:\tvmao\PPStream\POWERP~1.DLL, (Signed) PPStream Inc.&
[CAntiVersion Object]
&&{5EFE0AA6-B28B-41BD-9B3C-02AA3F79EA9A} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\AntiPhishingVer.dll, (Signed) 中国工商银行&
&&{612F6E5C-B314-4BAB-93D1-D266AAFBE700} &, &
[InfoSecNetSign Class]
&&{62B938C4--8CF0-A92B0A91CC77} &C:\WINDOWS\system32\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[Microsoft 外壳 UI 帮助程序]
&&{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[Uploader Control]
&&{654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} &C:\WINDOWS\system32\Uploader.ocx, 网易(杭州)网络有限公司&
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[SfEdit32 Control]
&&{69A5F9C4-01CB-470B-8161-CE} &C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.&
[AddTask Class]
&&{6A19C29D-ED45-F939C8161F2} &C:\Program Files\eREAD\eREAD\WebHook.dll, N/A&
[显示稞麦(Xmlbar)工具条]
&&{6B896ADB-4A82-46E2-858C-} &C:\Program Files\Xmlbar\FLV Downloader\IEBar\xbietb.dll, &
&&{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} &, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
&&{6CFEF-4CD4-B654-D3AE55B4128C} &, &
&&{6D057F85-F1B7-4F85-863B-0E45E94C18C9} &, &
&&{6E2A-47B6-AEB2-} &, &
[MUWebControl Class]
&&{6E3D-4EE6-879C-DC1FA91D2FC3} &C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation&
[超级兔子上网精灵]
&&{B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, 北京千兆时代科技有限公司&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\system32\InputControl.dll, &
&&{9--EDC1} &, &
&&{75BED22C-339D-4827-BA51-ECD7B55A8792} &, &
[SSVHelper Class]
&&{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
&&{F6-4D95-B2C4-F0DBD88E5DD5} &, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &D:\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD&
[CyberArticle Express]
&&{769A6A36-ED24-4376-BC7C-8} &D:\CyberArticle\CAExp.dll, Wizissoft&
&&{77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} &, &
[DLoader Class]
&&{78ABDC59-D8E7-44D3-9A76-9AA} &C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com&
[CertEnroll Class]
&&{7978461C-CC22-48F2-BC69-D} &C:\WINDOWS\Downloaded Program Files\itrusenroll.dll, (Signed) iTruschina Co., Ltd.&
&&{7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} &, &
[CTSWebSiteMon Class]
&&{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} &D:\Tencent\qq\QQDoctor\TSWebMon.dat, (Signed) Tencent&
[GDGetVer Class]
&&{7CCE07A5-A590--2E} &C:\WINDOWS\DOWNLO~1\ICBC_G~1.DLL, (Signed) &
[BrowseHelper Class]
&&{80BFF3-BB60-C5DD3D5FB7B9} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
&&{83B80A9C-D91A-4F22-8DCF-EA} &, &
[360SafeLive]
&&{C--D416CB8059E3} &C:\Program Files\360safe\Safelive.dll, (Signed) &
[Microsoft Web 浏览器]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
&&{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} &, &
[XML DOM Document 4.0]
&&{88D969C0-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[Free Threaded XML DOM Document 4.0]
&&{88D969C1-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XSL Template 4.0]
&&{88D969C3-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XML HTTP 4.0]
&&{88D969C5-F192-11D4-A65F-E5} &C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation&
[XML DOM Document 5.0]
&&{88D969E5-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[Free Threaded XML DOM Document 5.0]
&&{88D969E6-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[XSL Template 5.0]
&&{88D969E8-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[XML HTTP 5.0]
&&{88D969EA-F192-11D4-A65F-E5} &C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation&
[Java Plug-in 1.6.0_07]
&&{8AD9C840-044E-11D1-B3E9-} &C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\system32\SubmitControl.dll, (Signed) &
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
&&{CC-41C8-B9BE-3C9C571A8263} &, &
&&{95B3F550-91C4-4627-BCC4-78} &, &
&&{95B3F550-91C4-4627-BCC4-79} &, &
[FGDownMgr]
&&{97F14F61-B206-4F9E-B6A4-318E80B13440} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
&&{A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} &, &
[IETimeBehaviorFactory Class]
&&{AE-11D3-A490-00C04F6843FB} &C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation&
[IEAnimBehaviorFactory Class]
&&{A4E-11D3-A490-00C04F6843FB} &C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation&
&&{ACA-11D3-9CD9-B} &, &
&&{A8DC7D60-AD8F-491E-9A84-8FF901E7556E} &, &
[photo_uploader Control]
&&{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} &C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, &
&&{A986E409-30CC-4185-89BB-AB212C104524} &, &
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation&
[Qzone Media Tools]
&&{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} &D:\Tencent\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited&
[CCTVUpdateInstall]
&&{ACBB-4C2C-873B-EA53D2F3D23A} &C:\Documents and Settings\Frank\Application Data\CCTV\tv\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.1).dll, ShenZhen Thunder Networking Technologies Ltd.&
[Microsoft Scriptlet Component]
&&{AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation&
&&{AFF6E516-CBE5-4F8A-9C2F-38A} &, &
[FlashGetBHO]
&&{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} &C:\Documents and Settings\Frank\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) Trend Media Group&
[InfoSecICBCNetSign Class]
&&{B1FBC1AD-2A-0F8BA85E7506} &C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[江民杀毒工具栏]
&&{B5A34A93-D538-43A7-48D12} &C:\Program Files\JiangMin\Antivirus\KVShell.dll, (Signed) Jiangmin Co., Ltd.&
&&{BE-4B48-836C-BC} &C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation&
[SafeMon Class]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &C:\Program Files\360safe\safemon\safemon.dll, (Signed) &
[ICBC Anti-Phishing class]
&&{BBA-4C6B-91C0-BB} &C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行&
[RDS.DataSpace]
&&{BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation&
&&{BF00E119-21A3-4FD1-B178-3B} &, &
&&{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} &, &
&&{C211C413--8FE9-CBD8F2473FBE} &, &
[Windows Live 上载工具]
&&{CA83-24BA117356} &C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll, (Signed) Microsoft Corporation&
&&{C68AE9C0-0909-4DDC-B661-C} &, &
[KooPlayer Control]
&&{C728DAB8-FDF5-4CD7-89DD-879D25794C77} &C:\DOCUME~1\Frank\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) &
&&{C95A4E8E-816D--D736DA1ADB6D} &, &
&&{C95FE080-8F5D-11D2-A20B-00AA003C157B} &, &
[Adobe PDF Reader]
&&{CA8ACF-A24D-} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.&
[AUDIO__MID Moniker Class]
&&{CD3AFA74-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__WAV Moniker Class]
&&{CD3AFA7B-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__AVI Moniker Class]
&&{CD3AFA88-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__MPEG Moniker Class]
&&{CD3AFA89-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_ASF Moniker Class]
&&{CD3AFA8F-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[Microsoft Url 搜索挂接]
&&{CFBFAE00-17A6-11D0-99CB-00C04FD64497} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.&
&&{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} &, &
[Windows Live 登录控制]
&&{DCE-1E881B8C5C} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10o.ocx, (Signed) Adobe Systems, Inc.&
&&{D5CD69C4-F983-46E2-AF79-455E892729FA} &, &
&&{D6E814A0-E0C5-11D4-8D29-E3} &, &
[卡卡上网安全助手]
&&{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.&
[PlayerCtrl Class]
&&{E05BC2A3-9A46-4A32-80C9-023A473F5B23} &D:\Tencent\qq\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent&
&&{E0E899AB-F487-11D5-8D29-E3} &, &
[EditCtrl Class]
&&{E0E9F6EF-871B-42AE-89C9-CD6AF7A2E5D3} &C:\WINDOWS\system32\SecEdit\SecEdit.1.0.2.0.dll, (Signed) &
&&{E9AE3247-63CB-4BB5-ACFF-953AA3B4797B} &, &
&&{ECF2E268-F28C-48D2-9AB7-8F69C11CCB71} &, &
[XML HTTP Request]
&&{ED8C108E--91A4-00C04F7969E8} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[PPLive Lite Class]
&&{EF0D1A14--A589-240C01EDC078} &C:\Program Files\Common Files\PPLiveNetwork\plugin\pplugin2.dll, N/A&
[FlashGet GetFlash Class]
&&{FEF-470C-80DBA} &D:\FlashGet\getflash.dll, N/A&
[QvodCtrl Class]
&&{F3D0D36F-23F8-C92B03D4AF} &D:\QvodPlayer\QvodInsert.dll, (Signed) Shenzhen QVOD Technology Co.,Ltd&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.1).dll, Xunlei Networking Technologies,LTD&
[DropFile Class]
&&{F4BA-45C1-8D0A-A} &C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.&
[XML DOM Document 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML HTTP 3.0]
&&{F1-11D3-89B9-1} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML DOM Document]
&&{F6D90F11-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[XML HTTP]
&&{F6D90F16-9C73-11D3-B32E-00C04F990BB4} &C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation&
[FGAutoLive]
&&{F90D830D-C175-4bbe-82C7-FF} &D:\FlashGet\fgupdate.dll, N/A&
[FGCatchUrl]
&&{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} &D:\FlashGet\jccatch.dll, N/A&
&&{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} &, &
&&{FB5FD2-BB9E-00C04F795683} &, &
&&{FB7199AB-79BF-11D2-8D94-} &C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation&
&&{FD00D911-46-A29F1BDF4FE5} &, &
&&{FDC7A535--A0EA-D9994BCC0DC5} &, &
&&{FE063DB9-4EC0-403E-8DD8-394C54984B2C} &, &
&&{FEDF637B-F631-CC828D42DB} &, &
[RegisterHelper Class]
&&{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} &C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.&
[&QQ文件发布]
&&&C:\Program Files\QQmailFile\getqqfile.htm, N/A&
[&U使用纳米机器人下载并收藏]
&&&C:\Program Files\NamiRobot\Data\du.html, N/A&
[&使用优蛋下载]
&&&C:\Program Files\115\UDown\getUrl.htm, N/A&
[&使用优蛋下载全部链接]
&&&C:\Program Files\115\UDown\getAllUrl.htm, N/A&
[Google快照助手打开该网页]
&&&D:\Google快照助手\GoogleSnapshot_link.htm, N/A&
[使用 Mega 管理器下载链接...]
&&&C:\Program Files\Megaupload\Mega Manager\mm_file.htm, N/A&
[使用BID Link Explorer打开当前页]
&&& Image Downloader\iemenu\iebidlinkexplorer.htm, N/A&
[使用BID打开当前页]
&&& Image Downloader\iemenu\iebid.htm, N/A&
[使用BID打开链接指向]
&&& Image Downloader\iemenu\iebidlink.htm, N/A&
[使用BID排列当前页]
&&& Image Downloader\iemenu\iebidqueue.htm, N/A&
[使用BID排列链接指向]
&&& Image Downloader\iemenu\iebidlinkqueue.htm, N/A&
[使用MTV分享精灵下载]
&&&D:\MtvP2P\IE2EM.htm, N/A&
[使用快车3下载]
&&&C:\Documents and Settings\Frank\Application Data\FlashGetBHO\GetUrl.htm, N/A&
[使用快车3下载全部视频]
&&&D:\FlashGet\GetAllFlvUrl.htm, N/A&
[使用快车3下载全部链接]
&&&C:\Documents and Settings\Frank\Application Data\FlashGetBHO\GetAllUrl.htm, N/A&
[使用网络传送带下载]
&&&D:\NetXfer\NXAddLink.html, N/A&
[使用网络传送带下载全部链接]
&&&D:\NetXfer\NXAddList.html, N/A&
[使用迅雷下载]
&&&D:\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\Thunder\Program\getallurl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A&
[用flvcd下载本页的视频]
&&&C:\Program Files\flvcd\flvcd_link.htm, N/A&
[稞麦&Xmlbar搜索]
&&&/iebar/iemenu.php?lang=Chinese Simplified&ver=1.0, N/A&
==================================
正在运行的进程
[PID: 1500 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1580 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1616 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Ati2evxx.dll]&&[ATI Technologies Inc., 6.14.10.4177]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_qfe.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1672 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\relog_ap.dll]&&[Acronis, 1,0,0,10]
[PID: 1840 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]&&[ATI Technologies Inc., 6.14.10.4213]
& & [C:\WINDOWS\system32\Ati2edxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2513]
& & [C:\WINDOWS\system32\atipdlxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2543]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1968 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 464 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 492 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]&&[ATI Technologies Inc., 6.14.10.4213]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Ati2edxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2513]
& & [C:\WINDOWS\system32\atipdlxx.dll]&&[ATI Technologies, Inc., 6, 14, 10, 2543]
& & [C:\WINDOWS\system32\ati2evxx.dll]&&[ATI Technologies Inc., 6.14.10.4177]
[PID: 616 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 972 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1044 / SYSTEM][D:\Hotspot Shield\bin\openvpnas.exe]&&[N/A, ]
& & [D:\Hotspot Shield\bin\libcurl.dll]&&[The cURL library, http://curl.haxx.se/, 7.18.0]
& & [D:\Hotspot Shield\bin\libeay32.dll]&&[N/A, ]
& & [D:\Hotspot Shield\bin\libssl32.dll]&&[N/A, ]
[PID: 1100 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe]&&[N/A, ]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\oodag.exe]&&[O&O Software GmbH, 10.0.1634]
& & [C:\WINDOWS\system32\OODAGRS.DLL]&&[O&O Software GmbH, 10.0.1.1617]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1140 / SYSTEM][C:\Program Files\Raxco\PerfectDisk\PDAgent.exe]&&[Raxco Software, Inc., 11, 0, 0, 182]
& & [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll]&&[Raxco Software, Inc., 11, 0, 0, 182]
& & [C:\Program Files\Raxco\PerfectDisk\PDUtils.dll]&&[Raxco Software, Inc, 11, 0, 0, 182]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 1192 / SYSTEM][C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe]&&[Seagate, 1,0,0,259]
[PID: 1236 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]&&[Microsoft Corporation, 5.2. built by: dnsrv(bld4act)]
[PID: 1564 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 2528 / Frank][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\Program Files\JiangMin\KvExpert\tools\JmPassBoxMenu.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 109]
& & [C:\Program Files\JiangMin\Antivirus\KVShell.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 825]
& & [C:\WINDOWS\system32\KVInstall.dll]&&[Jiangmin Co, Ltd., 13, 0, 10, 106]
& & [C:\Program Files\JiangMin\Common\GuiExt.dll]&&[Jiangmin Co., Ltd., 15, 0, 10, 917]
& & [C:\Program Files\JiangMin\Common\lang\GUIExt0804.lng]&&[Jiangmin Co., Ltd., 15, 0, 10, 928]
& & [C:\WINDOWS\system32\HiveBase.dll]&&[Jiangmin Co., Ltd., 12, 0, 10, 929]
& & [C:\Program Files\JiangMin\Antivirus\lang\KvXP0804.lng]&&[Jiangmin Co., Ltd., 15, 0, 10, 1013]
& & [D:\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [C:\Program Files\Super Rabbit\MagicSet\Scan.dll]&&[N/A, ]
& & [C:\Program Files\JiangMin\AntiVirus\UrlGuard.dll]&&[Jiangmin Co., Ltd., 3, 0, 10, 925]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]&&[Nero AG, 2, 7, 3, 2]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\WinRAR\rarext.dll]&&[, ]
& & [D:\Unlocker\UnlockerCOM.dll]&&[N/A, ]
& & [C:\Program Files\360safe\Utils\shell360ext.dll]&&[, 7, 5, 0, 1005]
& & [C:\Program Files\360safe\360Common.dll]&&[, 7, 3, 0, 1021]
& & [C:\Program Files\Seagate\DiscWizard\tishell.dll]&&[Seagate, 11,0,0,8329]
& & [C:\Program Files\Seagate\DiscWizard\timounter.dll]&&[Acronis, 4,0,0,469]
& & [D:\ESTsoft\ALZip\AZCTM.dll]&&[ESTsoft, 6.1.13.56]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]&&[, ]
& & [D:\Better File Rename\BfrExt.dll]&&[publicspace.net, 5.6]
& & [C:\Program Files\7-Zip\7-zip.dll]&&[N/A, ]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 9.4.0.195]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]&&[Nokia, 7, 1, 105, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]&&[Nokia, 7, 1, 151, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]&&[Nokia, 7, 1, 66, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]&&[Nokia, 7, 1, 21, 0]
& & [D:\AliWangWang\AliIMExt.dll]&&[Alibaba software (Shanghai) Corporation., 1.0.0.1]
& & [C:\Program Files\NamiRobot\Data\NamipanExt1.dll]&&[N/A, ]
[PID: 2684 / Frank][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3072 / Frank][C:\WINDOWS\system32\taskmgr.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\UxTheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
[PID: 3308 / Frank][C:\新建文件夹\SREng\sreng 2.8.4.1331 简体中文版\SREngLdr.EXE]&&[Smallfrogs Studio, 2.8.4.1331]
[PID: 3316 / Frank][C:\新建文件夹\SREng\sreng 2.8.4.1331 简体中文版\SRE64df41d0.EXE]&&[Smallfrogs Studio, 2.8.4.1331]
& & [C:\WINDOWS\system32\uxtheme.dll]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\sfc_os.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
==================================
==================================
Winsock 提供者
==================================
Autorun.inf
==================================
HOSTS 文件
==================================
进程特权扫描
==================================
==================================
Windows 安全更新检查
==================================
==================================
最好可以把报告保存rar压缩后上传。
maxwelldemon
我起初是把报告压缩上传的,但上传失败,只好这样发了。请见谅哈。
本帖最后由 zhou0197 于
11:31 编辑
maxwelldemon 发表于
********************************************************************
*& & PLA'S Report For Your Problem [2.0.7]
*& && && && && && && && && && && && && & All rights Reserved by Evol
********************************************************************
* 报告分析日期: - 11:15:25
* 报告分析作者:zhou0197
* 作者邮件地址:
* 作者其他信息:
* 报告正文开始:
********************************************************************
★ 『建议您【替换】的文件』 ★
&&☆ HELP ☆
C:\WINDOWS\system32\mspmsnsv.dll(此文件先上传多引擎确认一下,没有问题就不管)
★ *********************************************** ★
★ 『建议您删除/关闭的服务或驱动项目』 ★
&&☆ HELP ☆
驱动名【aslm75】,对应文件【C:\WINDOWS\system32\drivers\aslm75.sys】(此文件先上传多引擎确认一下,没有问题就不管)
驱动名【iCafe Service】,对应文件【C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys】
驱动名【Net Manager】,对应文件【C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys】
此外,你的江民是否彻底卸载?为啥文件夹是KV2006?
★ *********************************************** ★
★ 『建议您删除的文件』 ★
&&☆ HELP ☆1.建议使用超级巡警暴力删除工具(请勾选“删除前备份”)或smtdel删除以下文件:( )
C:\WINDOWS\system32\drivers\aslm75.sys(此文件先上传多引擎确认一下,没有问题就不管)
C:\DOCUME~1\Frank\LOCALS~1\Temp\2.sys
C:\DOCUME~1\Frank\LOCALS~1\Temp\1.sys
★ *********************************************** ★
★ 『建议您清理的注册表项目』 ★
&&☆ HELP ☆
程序名称【kmpctrl】,映像路径【; 】
★ *********************************************** ★
然后尝试用金山急救箱+windows清理助手扫描一下(联网)。还有,会不会江民卸载不彻底或者还有软件冲突?
还有,最好先彻底卸载江民和天网,排除冲突。
疯狂的小鬼
2L给出了建议。。。
偶也没建议
maxwelldemon
本帖最后由 maxwelldemon 于
14:56 编辑
多谢高人出手相救!这么长的扫描报告,这么快就找到症结了。
昨天按照zhou0197兄的报告进行了研究,发现Net Manager和iCafe Service是“蠕虫病毒Win32.XinCrak Family”的东西,这个病毒是08年开始出现的,资料见
.cn/vir/ruchong/middle/5015.asp
所述症状果然与我的电脑的症状比较相符。
奇怪的是,我在C:\Documents and Settings\Frank\Local Settings\Temp\ 文件夹下找,显示隐藏和系统文件,也没找到1.sys和2.sys这两个文件;选中隐藏和系统文件一起搜索,也没搜到这两个文件,安全模式亦然,整个C盘里都没搜到1.sys这个文件。我再次用SREng扫描,依然显示有这两个驱动存在。在C:\Documents and Settings\Frank\Local Settings\Temp\ 这个文件夹及其子文件夹下,只有一个后缀为.sys的文件:在一个子文件夹里有一个CdaC15BA.SYS,是我装的AutoCAD带进来的反盗版的东西,与蠕虫无关。我还发现Local Settings下的Temp文件夹被锁定为灰色的只读状态,取消了它会自动改回来,而正常的电脑中这个Temp文件夹的只读状态是绿色的。
关于江民,我从06年开始至今一直用的江民加天网。升级07时怎么升的我也记不太清了,不是覆盖安装,就是用江民自己的卸载工具卸载的。后来几年都是用江民自己的卸载工具卸载的。几个月前我得了个叫uninstalltool的软件,卸载东西后会扫描注册表,把残余信息也删掉,我就一直用这个东西了。这几天各种杀软装了删,删了装,都用它。不过我的硬盘里目前不存在C:\Program Files\KV2006\ 这个文件夹,不知为何会扫描到这个路径下有驱动。
mspmsnsv.dll找到了;C:\WINDOWS\system32\drivers\aslm75.sys我百度了一下,好像是我的华硕主板的驱动里的东西,这些我都打了包。我是新人,不知上传多引擎确认是上传到哪里。注册表里的kmpctrl,好像是我以前装过的莫妮卡版KMplayer播放器留下的东西。
maxwelldemon 发表于
多谢高人出手相救!这么长的扫描报告,这么快就找到症结了。
昨天按照zhou0197兄的报告进行了研究,发现Ne ...
对于解决方案,我已经写了一个文件:
(58.18 KB, 下载次数: 57)
15:55 上传
点击文件名下载附件
解压,运行logaction.exe,开始处理。其他文件不要动!!!
然后金山急救箱+windows清理助手处理。
华硕主板的问题已经确认正常,排除了。现在看来,天网+江民的组合已经不是太合适了。
版区有你更精彩
maxwelldemon
本帖最后由 maxwelldemon 于
13:01 编辑
感谢zhou0197兄的帮助!
昨天功败垂成。
我先进安全模式,运行你写的logaction.exe。
运行后的记录:
(337 Bytes, 下载次数: 49)
11:14 上传
点击文件名下载附件
然后我打开注册表看了一下记录中显示删除失败的键值,都已不存在。用SREng扫描显示iCafe Service和Net Manager两个驱动也都已消失。各种程序不能正常运行的症状依然如故,local settings下的temp文件夹的写入依然被限制。然后我便重启,用安全模式进那个几年不用的管理员帐户,先运行金山急救箱扫描,再运行windows清理助手。这两个工具,我都是这两天下的最新版,但目前的住所上不了网。两件工具各扫出了三四个东西,处理后症状依然如故。然后我再重启,用安全模式进我平时用的帐户,先运行金山急救箱扫描,无果;再运行windows清理助手,这回又扫出几个东西,见清理记录中最后一次,其中有3个批处理文件。
(1.06 KB, 下载次数: 51)
11:32 上传
点击文件名下载附件
这次处理之后,我便重启,进正常模式,发现各种症状已经解除,各种程序能往local settings下的temp文件夹写入东西了,word能正常打开了。我用SREng扫描了日志备份。
(14.06 KB, 下载次数: 59)
12:50 上传
点击文件名下载附件
然后我进一步尝试其他程序,看看是不是真的好了。当我双击html文件时,ie6迅速正常的打开了它;当我再双击mht文件时,杯具发生了,窗口N久没有跳出来,ie进程又把CPU占到100%,又出现红叉说我要打开的这个文件不存在,在任务管理器中结束ie进程,各种症状又恢复了,local settings下的temp文件夹又被锁了。真后悔试mht文件之前没趁机装杀毒软件。不过我试图打开的mht文件本身绝对是没毒的,在单位正常电脑打开毫无问题。
我当即又用SREng扫描了一份日志,没再发现iCafe Service和Net Manager。我又运行金山急救箱和windows清理助手扫描,没再发现有.bat文件,也没新的发现。当初江民bootscan第一次扫到并删除批处理文件,我打开mht文件再中毒后,我曾在local settings下的temp文件夹里搜索过,也没发现有.bat文件,而这次扫出的三个.bat文件,我发现它创建和修改的日期有的是去年,有的是几个月前的,我在windows清理助手清除它之前把它和几个相同文件名的tmp文件一起打包备份了,不知可不可以用附件上传。代码很短,我也拷在txt里保存了。
从目前来看,这个病毒是通过ie打开mht文件来触发,锁定local settings下的temp文件夹的写入权限。到后期temp文件夹里会出现.bat,删除后症状会暂时解除,一旦再打开mht文件又会复原。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.3( 苏ICP备号 ) GMT+8,}
我要回帖
更多推荐
- ·知乎小说哪里可以免费阅读怎样免费看小说
- ·QQqq怎么看好友最近上线时间是什么状态
- ·因为比较胖,多 囊 肥胖多囊卵巢能怀上孩子吗不孕吗?
- ·我看刚到的货怎么发朋友圈圈很多人在带货乔妃恋清养餐,她们赚钱钱吗,效果真的有那么好吗?
- ·看到小红书博主推荐的merikit十大公认好用的防晒霜便宜的品牌,想问一下在香港哪里可以取得?
- ·杭州下城西湖文化广场附近初中化学补习班秋季辅导班,有没有好的地道求介绍?
- ·歌词里有you s be about aroundto have you around me before的歌,男歌手唱的,声音有点
- ·北京学习日语和办理留学可以一起办理的学校
- ·龙华新区锦华实验学校錦华第三幼儿园招保育老師?
- ·建造电影院1500平米,5个厅的土建一级建造师教材工程大概多钱,不算装修
- ·云南现代职业技术学院与昆明冶金高等专科官网学校是什么关系?
- ·RuN是什么意思在百度地图左上角浮出这个和一个三角形图片
- ·nswindowcontrollerandroid弹出框样式为卷帘样式怎么做
- ·怎么破!手贱扫了二维码被撕破了怎么扫,然后他就自己会转发,评论,如下图!
- ·求王者荣耀牛逼号
- ·海马7防盗平板电脑防盗报警器板上的码片型号是多少
- ·关于深圳电全网通充值卡骗局无线流量骗局,承诺的9999G流量都是骗人的。那些自问自
- ·禄宏商品行情系统微交易邀请码是901000050这个么
- ·收到一个出版商的邮件,不知道是什么意思
- ·逐浪网的点击怎么算?太水了这点击
- ·为什莫我的手机开机后很多wpf应用程序是什么变成灰色,无法使用。 并且无法安
- ·联想3600屏幕安装
- ·微博怎么找我看过的人的微博
- ·求百度云男女资源
- ·读书郎g600平板电脑g60和g600哪种更先进
- ·u罗汉全集本子库1-12 就是全集 我不知道出到哪了 最好百度云 谢谢了!!
- ·夏有乔木雅望天堂云盘电影百度云资源,要免费的,不免费的请别回答
- ·ubuntu服务器上删除的文件能不能恢复
- ·斐讯k2刷华硕固件好处T300 Chi怎么样?斐讯k2刷华硕固件好处T300 Chi好用吗
- ·qq手机qq怎么看删除的好友怎样恢复
- ·江堰什么地方有苹果平板电脑众泰汽车售后服务站站
- ·电脑上插磁铁多了会点亮大灯泡灯?
- ·如何安装win7u盘重装系统win7,求大神教我
- ·修改了淘宝宝贝标题优化技巧的描述和预览图,交易信息还在吗?我想把标题,预览图
- ·为什么会出现如:error:undefined10 reference to ‘
