收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 软件综合讨论区 请大虾帮忙看下SREngLOG
返回列表 发新帖
查看: 5164|回复: 3
收起左侧

[求助] 请大虾帮忙看下SREngLOG

 关闭 [复制链接]
yu2481
发表于 2012-4-11 00:28:21 | 显示全部楼层 |阅读模式
好像中了感染型病毒 卡巴也杀不掉 囧.....Windows 7 Enterprise Edition  (Build 7600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <IAAnotif><C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe>  [(Verified)Intel Corporation]
    <EnergyUtility><C:\Program Files\Lenovo\Energy Management\utility.exe>  [(Verified)Lenovo (Beijing) Limited]
    <Energy Management><C:\Program Files\Lenovo\Energy Management\Energy Management.exe>  [(Verified)Lenovo (Beijing) Limited]
    <IME14 CHS Setup><C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log>  [(Verified)Microsoft Corporation]
    <GKR><C:\Program Files\中嘉华诚\中嘉华诚GKR\GKR.exe -auto>  [北京中嘉华诚网络安全技术有限公司]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe">  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL>  [(Verified)Microsoft Corporation]
    <{4562B511-62E9-4533-B7B2-56A8BB10B482}><C:\Program Files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(292).dll>  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\Windows\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\System32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\aetsprov]
    <N/A><C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\aetsprov.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Web Platform Customizations><C:\Windows\System32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Kaspersky PURE / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" -r><Kaspersky Lab>
[CryptoStorage control service / CSObjectsSrv][Running/Auto Start]
  <"C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe"><Infowatch>
[Symantec Eraser Service / EraserSvc11013][Stopped/Auto Start]
  <"C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe" /h ccCommon><(File is missing)>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[GKRAgent / GKRAgent][Running/Auto Start]
  <C:\Program Files\中嘉华诚\中嘉华诚GKR\GKRAgent.exe><北京中嘉华诚网络安全技术有限公司>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe><Intel Corporation>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe><N/A>
[Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start]
  <C:\Program Files\kingsoft\KSM\ksmsvc.exe><>
[NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  <C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[Tenpay Certificate Service / QQCertificateService][Running/Auto Start]
  <"C:\Program Files\Common Files\Tencent\Paycenter\tenpaycert.exe"><Tencent>

==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[adp94xx / adp94xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adpahci.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[RCT / aec][Stopped/Manual Start]
  <\??\C:\Windows\system32\drivers\aec.SYS><N/A>
[aic78xx / aic78xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[amdsata / amdsata][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\amdsata.sys><Advanced Micro Devices>
[amdsbs / amdsbs][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\amdsbs.sys><AMD Technologies Inc.>
[amdxata / amdxata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdxata.sys><Advanced Micro Devices>
[arc / arc][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\arcsas.sys><Adaptec, Inc.>
[Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\bxvbdx.sys><Broadcom Corporation>
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start]
  <system32\DRIVERS\b57nd60x.sys><Broadcom Corporation>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\BrFiltLo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\BrFiltUp.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[InfoWatch Encrypt Sector Library driver / CSCrySec][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\CSCrySec.sys><Infowatch>
[InfoWatch Virtual Disk driver / CSVirtualDiskDrv][Running/System Start]
  <system32\DRIVERS\CSVirtualDiskDrv.sys><Infowatch>
[EagleXNt / EagleXNt][Stopped/Manual Start]
  <\??\C:\Windows\system32\drivers\EagleXNt.sys><N/A>
[Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\evbdx.sys><Broadcom Corporation>
[elxstor / elxstor][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\elxstor.sys><Emulex>
[EraserUtilDrvI10 / EraserUtilDrvI10][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys><N/A>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[GFSFILTER / GFSFILTER][Running/System Start]
  <\??\C:\Program Files\中嘉华诚\中嘉华诚GKR\FsFilter.sys><北京中嘉华诚网络安全技术有限公司>
[GGLOBALFILTER / GGLOBALFILTER][Running/System Start]
  <\??\C:\Program Files\中嘉华诚\中嘉华诚GKR\GlobalFilter.sys><北京中嘉华诚网络安全技术有限公司>
[GPROCFILTER / GPROCFILTER][Running/System Start]
  <\??\C:\Program Files\中嘉华诚\中嘉华诚GKR\ProcFilter.sys><北京中嘉华诚网络安全技术有限公司>
[GREGFILTER / GREGFILTER][Running/System Start]
  <\??\C:\Program Files\中嘉华诚\中嘉华诚GKR\RegFilter.sys><北京中嘉华诚网络安全技术有限公司>
[Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
[HpSAMD / HpSAMD][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\HpSAMD.sys><Hewlett-Packard Company>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[iaStorV / iaStorV][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\iaStorV.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\iirsp.sys><Intel Corp./ICP vortex GmbH>
[kl1 / kl1][Running/System Start]
  <system32\DRIVERS\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / KLBG][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\klbg.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS 6 Filter / KLIM6][Running/System Start]
  <system32\DRIVERS\klim6.sys><Kaspersky Lab>
[Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start]
  <system32\DRIVERS\klmouflt.sys><Kaspersky Lab>
[krpr / krpr][Stopped/Manual Start]
  <\??\C:\Windows\system32\Drivers\krpr.sys><Kingsoft Corporation>
[LSI_FC / LSI_FC][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_fc.sys><LSI Corporation>
[LSI_SAS / LSI_SAS][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_sas.sys><LSI Corporation>
[LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_sas2.sys><LSI Corporation>
[LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_scsi.sys><LSI Corporation>
[megasas / megasas][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\MegaSR.sys><LSI Corporation, Inc.>
[WinpkFilter Service / Ndisrd][Stopped/Manual Start]
  <system32\DRIVERS\ndisrd.sys><NT Kernel Resources>
[NdisrdMP / NdisrdMP][Running/Manual Start]
  <system32\DRIVERS\ndisrd.sys><NT Kernel Resources>
[Vista 的 RT2870 USB 无线 LAN 卡驱动程序 / netr28u][Stopped/Manual Start]
  <system32\DRIVERS\netr28u.sys><Ralink Technology Corp.>
[适用于 Windows Vista 32 位的 Intel(R) Wireless WiFi 链接 5000 系列适配器驱动程序 / netw5v32][Running/Manual Start]
  <system32\DRIVERS\netw5v32.sys><Intel Corporation>
[nfrd960 / nfrd960][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\nfrd960.sys><IBM Corporation>
[Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
  <system32\drivers\nvhda32v.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\nvstor.sys><NVIDIA Corporation>
[nznwkasc / nznwkasc][Stopped/System Start]
  <\??\C:\Windows\system32\drivers\nznwkasc.sys><N/A>
[ql2300 / ql2300][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\ql2300.sys><QLogic Corporation>
[ql40xx / ql40xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\ql40xx.sys><QLogic Corporation>
[USB Token Holder Service / R5BaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccard.sys><OEM>
[SiSRaid2 / SiSRaid2][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[SrvHsfHDA / SrvHsfHDA][Running/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[SrvHsfV92 / SrvHsfV92][Running/Manual Start]
  <system32\DRIVERS\VSTDPV3.SYS><Conexant Systems, Inc.>
[SrvHsfWinac / SrvHsfWinac][Running/Manual Start]
  <system32\DRIVERS\VSTCNXT3.SYS><Conexant Systems, Inc.>
[stexstor / stexstor][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\stexstor.sys><Promise Technology>
[SVN3000 Adapter V1.0 / SVN3000Drv][Stopped/Manual Start]
  <system32\DRIVERS\SVN3000Drv.sys><>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\Windows\system32\TesSafe.sys><TENCENT>
[LGE Mobile Composite USB Device / usbbus][Stopped/Manual Start]
  <system32\DRIVERS\lgusbbus.sys><LG Electronics Inc.>
[LGE Mobile USB Serial Port / UsbDiag][Stopped/Manual Start]
  <system32\DRIVERS\lgusbdiag.sys><LG Electronics Inc.>
[LGE Mobile USB Modem / USBModem][Stopped/Manual Start]
  <system32\DRIVERS\lgusbmodem.sys><LG Electronics Inc.>
[PortableVBoxDRV / VBoxDRV][Running/Auto Start]
  <\??\E:\win7\[oidvd\VirtualBox\app32\drivers\VBoxDrv\VBoxDrv.sys><Sun Microsystems, Inc.>
[PortableVBoxNetAdp / VBoxNetAdp][Stopped/Auto Start]
  <\??\E:\win7\[oidvd\VirtualBox\app32\drivers\network\netadp\VBoxNetAdp.sys><Sun Microsystems, Inc.>
[PortableVBoxUSB / VBoxUSB][Stopped/Auto Start]
  <\??\E:\win7\[oidvd\VirtualBox\app32\drivers\USB\device\VBoxUSB.sys><Sun Microsystems, Inc.>
[PortableVBoxUSBMon / VBoxUSBMon][Running/Auto Start]
  <\??\E:\win7\[oidvd\VirtualBox\app32\drivers\USB\filter\VBoxUSBMon.sys><Sun Microsystems, Inc.>
[viaide / viaide][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\vsmraid.sys><VIA Technologies Inc.,Ltd>

==================================
浏览器加载项
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll, (Signed) Kaspersky Lab>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL, (Signed) Microsoft Corporation>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll, (Signed) Xunlei Tech Network>
[Office Document Cache Handler]
  {B4F3A835-0E21-4959-BA22-42B3008E02FF} <C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL, (Signed) Microsoft Corporation>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[FilterBHO Class]
  {E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll, (Signed) Microsoft Corporation>
[VirtualKeyboardButtonHandler Class]
  {4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[Linked Notes button]
  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} <C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll, (Signed) Microsoft Corporation>
[FilterButtonHandler Class]
  {CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[ClientBindingCtrl Class]
  {04A39EFC-FDF5-4819-98C9-BBC864DB2F90} <C:\Windows\system32\ClientBinding.dll, (Signed) >
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\Windows\system32\GDREAD~1.DLL, (Signed) >
[GDGetVer Class]
  {7CCE07A5-A590-4554-B5C3-082840D7012E} <C:\Windows\DOWNLO~1\ICBC_G~1.DLL, (Signed) >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\Windows\system32\SubmitControl.dll, (Signed) >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\Windows\system32\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[PPLive Lite Class]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\Common Files\PPLiveNetwork\plugin\pplugin2.dll, (Signed) >
[PowerPasswordXPSBC Control]
  {01D4C318-44D5-4AB8-894F-5F95341E4459} <C:\Windows\DOWNLO~1\POWERE~1.OCX, (Signed) CSII>
[ClientBindingCtrl Class]
  {04A39EFC-FDF5-4819-98C9-BBC864DB2F90} <C:\Windows\system32\ClientBinding.dll, (Signed) >
[PhotoDrawEx Class]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <C:\Program Files\Tencent\Qzone\QQPhotoDrawEx.dll, (Signed) Tencent>
[]
  {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <, >
[JsObject Class]
  {11CC93E4-0BE6-4F8F-82AA-D577FB955B05} <C:\Program Files\BaiduAddr\Addr.dll, N/A>
[Player Class]
  {11F2A418-94B2-4e16-9B0C-B00C0435F903} <C:\Program Files\Tencent\QQLive\LiveMedia.dll, (Signed) Tencent>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Windows\system32\MMInstaller.dll, (Signed) Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[QQCPHelper.CPAdder]
  {23752AA7-CAD7-40C2-99EE-7A9CD3C20C6D} <C:\PROGRA~1\Tencent\QQ\Bin\CPHelper.dll, (Signed) Tencent>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\System32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Groove Folder Synchronization]
  {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} <C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL, (Signed) Microsoft Corporation>
[Axcleanctrl Class]
  {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} <C:\Windows\system32\icbcclean.dll, (Signed) >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\Windows\system32\GDREAD~1.DLL, (Signed) >
[VirtualKeyboardButtonHandler Class]
  {4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[QQRightClick Class]
  {4836C333-208E-4BCE-B30B-00B9545B0F6E} <D:\PROGRA~1\Tencent\QQDOWN~1\QQIEHE~1.DLL, N/A>
[Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\MiniThunder\BHO\ThunderAgent7.2.4.3316.dll, (Signed) 深圳市迅雷网络技术有限公司>
[QQPYChecker Class]
  {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <C:\Program Files\Tencent\QQPinyin\4.4.1108.400\QQImeChecker.dll, (Signed) Tencent>
[]
  {52FC33A2-DC09-4A7D-975C-0B8D860B7445} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll, (Signed) Kaspersky Lab>
[QQLiveOcx Class]
  {5EF7B131-C278-4034-BC88-2CE28B128681} <C:\Program Files\Tencent\QQLive\LiveOcx\LiveOcx.dll, (Signed) Tencent>
[CAntiVersion Object]
  {5EFE0AA6-B28B-41BD-9B3C-02AA3F79EA9A} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll, (Signed) 中国工商银行>
[]
  {5FFF24BC-DC02-4808-B4E0-A8E2C93FE407} <, >
[]
  {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} <, >
[QQLiveFile Class]
  {6B232760-90F1-41c3-9902-C8552C1D8A72} <C:\Program Files\Tencent\QQLive\LiveOcx\FileVersion.dll, (Signed) Tencent>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <, >
[]
  {6EE9CD3E-A386-4DAE-9737-A759DBF927AE} <, >
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\Windows\system32\InputControl.dll, (Signed) >
[]
  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} <, >
[GDGetVer Class]
  {7CCE07A5-A590-4554-B5C3-082840D7012E} <C:\Windows\DOWNLO~1\ICBC_G~1.DLL, (Signed) >
[]
  {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} <, >
[XunleiBHO Class]
  {802F530B-A8F6-4631-AE49-6BACAAC6373E} <C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll, (Signed) Xunlei Tech Network>
[]
  {814953B0-3DE7-4171-A0DD-A7A38322B6C7} <, >
[WebCallCompEx Class]
  {824838E7-26FB-4037-8E7B-7D0B2DBDA8D1} <C:\Windows\System32\WebCallCtrl.dll, (Signed) 中国移动通信集团广东有限公司>
[AxAssistComm Class]
  {84894428-B1F9-4C88-8A45-D6B8524E53B3} <C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\IcbcAssistComm.dll, (Signed) Industrial and Commercial Bank of China>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[iLookControl Control]
  {88829D03-A19F-40D6-8F59-CF2AAE406401} <D:\PROGRA~1\ilook\ILOOKC~1.OCX, N/A>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll, (Signed) Xunlei Tech Network>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[QQDownload Class]
  {8AC3BC28-E145-4385-A694-8AAC128ACB16} <D:\PROGRA~1\Tencent\QQDOWN~1\QQIEHE~1.DLL, N/A>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\Windows\system32\SubmitControl.dll, (Signed) >
[SharePoint OpenDocuments Class]
  {9203C2CB-1DC1-482D-967E-597AFF270F0D} <C:\Program Files\Microsoft Office\Office14\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7201.403.(44).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.32.(291).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <, >
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7201.403.(44).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[]
  {B0E2F470-0B07-48F0-B3B1-5749505FAE9B} <, >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\Windows\system32\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[Office Document Cache Handler]
  {B4F3A835-0E21-4959-BA22-42B3008E02FF} <C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL, (Signed) Microsoft Corporation>
[]
  {B8E07826-0971-4F16-B133-047B88034E89} <, >
[QQCertificateCtrl Class]
  {BAEA0695-03A4-43BB-8495-C7025E1A8F42} <C:\Program Files\Common Files\Tencent\Paycenter\qqcert.dll, (Signed) Tencent>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[]
  {BC96F5A4-C930-4226-ADAB-59349AE585E9} <, >
[FTNUpload Class]
  {BDEACC50-F56D-4D60-860F-CF6ED1766D65} <C:\Program Files\Common Files\Tencent\TXFTN\TXFTNActiveX1.17.dll, (Signed) Tencent>
[SharePoint Stssync Handler]
  {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} <C:\Program Files\Microsoft Office\Office14\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[SecInputX Class]
  {BEB753CB-F082-403F-B550-1D251454BA5D} <C:\Program Files\Seckey2\SecActiveX2.ocx, (Signed) 深圳市支点信息技术有限公司>
[FilterButtonHandler Class]
  {CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[WDCCBCtrl Class]
  {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash11f.ocx, (Signed) Adobe Systems, Inc.>
[QQLive Class]
  {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} <C:\Program Files\Tencent\QQLive\LiveAPI.dll, (Signed) Tencent>
[xoliimpl Class]
  {DD5BF6D1-6663-47E0-9DFA-5C343CAF178E} <C:\Windows\xinstaller.dll, (Signed) 深圳市迅雷技术有限公司>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.dll, (Signed) Tencent>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\Office14\NAME.DLL, (Signed) Microsoft Corporation>
[FilterBHO Class]
  {E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll, (Signed) Kaspersky Lab>
[Xunlei Digital Video DRM Control]
  {E577393C-3468-4911-9DA0-484C3F4C47D7} <C:\Program Files\Common Files\Thunder Network\APlayer\Codecs\xlvsource.ax, (Signed) >
[QQPasswordCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\Program Files\Common Files\Tencent\Paycenter\qqedit.dll, (Signed) Tencent>
[SSOForPTLogin2 Class]
  {EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll, (Signed) >
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Bin\Timwp.dll, (Signed) Tencent>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[PPLive Lite Class]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\Common Files\PPLiveNetwork\plugin\pplugin2.dll, (Signed) >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML Document 3.0]
  {F5078F40-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[QQLiveOcxShell Class]
  {F7E55BDF-9528-46ba-B550-777859627591} <C:\Program Files\Tencent\QQLive\LiveOcx\LiveOcx.dll, (Signed) Tencent>
[&使用QQ旋风下载]
  <D:\Program Files\Tencent\QQDownload2\geturl.htm, N/A>
[&使用QQ旋风下载全部链接]
  <D:\Program Files\Tencent\QQDownload2\getAllurl.htm, N/A>
[使用迅雷看看播放器播放]
  <C:\Users\Public\Thunder Network\XMP4\core\program\XmpIEMenu.htm, N/A>
[使用迅雷精简版下载]
  <C:\Program Files\Thunder Network\MiniThunder\BHO\minixlgeturl.htm, N/A>
[使用迅雷精简版下载全部链接]
  <C:\Program Files\Thunder Network\MiniThunder\BHO\minixlgetAllurl.htm, N/A>
[发送至 OneNote(&N)]
  <res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000, N/A>
[添加到卡巴斯基反广告列表]
  <C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm, N/A>
[添加到飞信表情]
  <res://C:\Program Files\China Mobile\Fetion\FetionExt.dll/202, N/A>
[通过飞信短信发送]
  <res://C:\Program Files\China Mobile\Fetion\FetionExt.dll/201, N/A>

==================================
正在运行的进程
[PID: 360 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 504 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 560 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
[PID: 588 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 792 / SYSTEM][C:\Windows\system32\nvvsvc.exe]  [NVIDIA Corporation, 8.15.11.8678]
[PID: 1396 / SYSTEM][C:\Windows\system32\nvvsvc.exe]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Windows\system32\NVSVC.DLL]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Windows\system32\NVSVCR.DLL]  [NVIDIA Corporation, 8.15.11.8678]
[PID: 1656 / SYSTEM][C:\Program Files\kingsoft\KSM\ksmsvc.exe]  [, 2011,07,05,2082]
    [C:\Program Files\kingsoft\KSM\kdump.dll]  [Kingsoft Corporation, 2010,10,11,1453]
    [C:\Program Files\kingsoft\KSM\kxestat.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\Program Files\kingsoft\KSM\kxebase.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\kingsoft\KSM\scom.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\kingsoft\KSM\ksapi.dll]  [Kingsoft Corporation, 2012,03,13,80]
    [C:\Program Files\kingsoft\KSM\ksinst.dll]  [Kingsoft Corporation, 2012,02,16,2618]
    [C:\Program Files\kingsoft\KSM\kxecore\kxelog.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\kingsoft\KSM\kxecore\kxecore.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [C:\Program Files\kingsoft\KSM\kxecore\kxestat.dll]  [Kingsoft Corporation, 2010,07,30,986]
    [C:\Program Files\kingsoft\KSM\ksmcorex.dll]  [Kingsoft Corporation, 2012,03,16,2739]
    [C:\Program Files\kingsoft\KSM\ksmbrfix.dll]  [Kingsoft Corporation, 2010,09,13,1403]
    [C:\Program Files\kingsoft\KSM\ksbwsspx.dll]  [Kingsoft Corporation, 2011,10,12,2328]
    [C:\Program Files\kingsoft\KSM\sqlite.dll]  [N/A, ]
    [C:\Program Files\kingsoft\KSM\khandler.dll]  [Kingsoft Corporation, 2011,06,15,2036]
    [C:\Program Files\kingsoft\KSM\kseescan.dll]  [Kingsoft Corporation, 2012,01,30,1967]
    [C:\Program Files\kingsoft\KSM\ksesscan.dll]  [Kingsoft Corporation, 2012,01,30,1967]
    [C:\Program Files\kingsoft\KSM\kseutil.dll]  [Kingsoft Corporation, 2012,01,15,1960]
    [C:\Program Files\kingsoft\KSM\wfs.dll]  [Kingsoft Corporation, 2011,09,21,1809]
    [C:\Program Files\kingsoft\KSM\ksbwdet2.dll]  [Kingsoft Corporation, 2012,03,07,2707]
    [C:\Program Files\kingsoft\KSM\kae\kaecore.dat]  [Kingsoft Corporation, 2011,09,20,1807]
    [C:\Program Files\kingsoft\KSM\kavifr.dll]  [Kingsoft Corporation, 2010,05,25,74]
[PID: 1852 / Loafer][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
    [C:\Windows\system32\nvwgf2um.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 1892 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
[PID: 108 / Loafer][C:\Windows\system32\taskhost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0401]
[PID: 1452 / SYSTEM][C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe]  [Infowatch, 1.1.223.0]
[PID: 1784 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe]  [N/A, ]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
[PID: 2076 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE]  [Microsoft Corporation, 14.0.4734.1000]
[PID: 2120 / SYSTEM][C:\Program Files\Common Files\Tencent\Paycenter\tenpaycert.exe]  [Tencent, 2, 0, 0, 3]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\aetpkss1.dll]  [A.E.T. Europe B.V., 3.0.0.2110]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
[PID: 2444 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe]  [Intel Corporation, 8.9.2.1002]
    [C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll]  [Intel Corporation, 8.9.2.1002]
    [C:\Program Files\Intel\Intel Matrix Storage Manager\CHS\PlugInRAID_CHS.dll]  [Intel Corporation, 8.9.2.1002]
[PID: 2720 / Loafer][C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe]  [Intel Corporation, 8.9.2.1002]
    [C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll]  [Intel Corporation, 8.9.2.1002]
    [C:\Program Files\Intel\Intel Matrix Storage Manager\CHS\IAAMon_CHS.dll]  [Intel Corporation, 8.9.2.1002]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 2736 / Loafer][C:\Program Files\Lenovo\Energy Management\utility.exe]  [Lenovo(beijing) Limited, 4, 3, 1, 2]
    [C:\Program Files\Lenovo\Energy Management\kbdhook.dll]  [N/A, ]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 2968 / Loafer][C:\Program Files\Lenovo\Energy Management\Energy Management.exe]  [Lenovo (Beijing) Limited, 4, 2, 0, 2]
    [C:\Program Files\Lenovo\Energy Management\HookLib.dll]  [N/A, ]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 3148 / Loafer][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\scrchpg.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klscav.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 3536 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[PID: 4040 / Loafer][C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\stpass.exe]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\aetcsss1.dll]  [A.E.T. Europe B.V., 3.0.0."2012]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\aetpkss1.dll]  [A.E.T. Europe B.V., 3.0.0.2110]
    [C:\Windows\system32\bxscard.dll]  [BlueX B.V., 4.2.5.1827]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\avpapplication.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf]  [, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 4088 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe]  [Microsoft Corporation, 12.0.7600.16385 (win7_rtm.090713-1255)]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
[PID: 10064 / NETWORK SERVICE][C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE]  [Microsoft Corporation, 14.0.0370.400 (longhorn(wmbla).090811-1833)]
[PID: 19444 / Loafer][C:\Program Files\KuGou2012\KuGou.exe]  [, 7,1,50,15137]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf]  [, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\scrchpg.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klscav.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Windows\system32\Macromed\Flash\Flash11f.ocx]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Program Files\KuGou2012\KGPlayer.dll]  [, 1.1.0.0]
    [C:\Windows\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0401]
[PID: 19528 / Loafer][C:\Program Files\KuGou2012\KgDaemon.exe]  [, 1,0,0,15137]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 26964 / Loafer][C:\Program Files\Tencent\QQ\Bin\QQExternal.exe]  [Tencent, 1.75.2991.674]
    [C:\Program Files\Tencent\QQ\Bin\Common.dll]  [Tencent, 1.75.254.0]
    [C:\Program Files\Tencent\QQ\Bin\zlib.dll]  [, 1.2.5.0]
    [C:\Program Files\Tencent\QQ\Bin\libexpatw.dll]  [, 2.0.1.0]
    [C:\Program Files\Tencent\QQ\Bin\tinyxml.dll]  [Tencent, 1.75.2991.674]
    [C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\Tencent\QQ\Bin\ProcessSession.DLL]  [Tencent, 1.75.254.0]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Program Files\Tencent\QQ\Bin\FlashService.dll]  [Tencent, 1.75.2991.674]
    [C:\Program Files\Tencent\QQ\Bin\IPC.dll]  [Tencent, 1.75.254.0]
    [C:\Program Files\Tencent\QQ\Bin\xGraphic32.dll]  [Tencent, 1.75.254.0]
    [C:\Windows\system32\Macromed\Flash\Flash11f.ocx]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 8.15.11.8678]
[PID: 27348 / Loafer][C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.dll]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 24052 / Loafer][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf]  [, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spIEBho.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 27596 / Loafer][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll]  [Xunlei Tech Network, 7, 2, 4, 3316]
    [C:\Windows\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll]  [中国工商银行, 1.0.11.25]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\KeyMonitor.dll]  [N/A, ]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spIEBho.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\Macromed\Flash\Flash11f.ocx]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Windows\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0401]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblc.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\kltbar.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\winreg.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\propmap.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\nfio.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\filemap.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Windows\system32\QQPINYIN.IME]  [Tencent, 4.4.1108.400]
[PID: 28448 / Loafer][C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe]  [Kaspersky Lab, 9.1.0.144]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
[PID: 27732 / Loafer][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll]  [Xunlei Tech Network, 7, 2, 4, 3316]
    [C:\Windows\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll]  [中国工商银行, 1.0.11.25]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\KeyMonitor.dll]  [N/A, ]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spIEBho.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\Windows\system32\Macromed\Flash\Flash11f.ocx]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblc.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\kltbar.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\winreg.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\propmap.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\nfio.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\filemap.ppl]  [Kaspersky Lab, 9.1.0.144]
[PID: 27528 / Loafer][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spCapBtn.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.4.3316.dll]  [Xunlei Tech Network, 7, 2, 4, 3316]
    [C:\Windows\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll]  [中国工商银行, 1.0.11.25]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\KeyMonitor.dll]  [N/A, ]
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~2\MODULE~1\spIEBho.dll]  [Kaspersky Lab, 4.1.0.187]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblc.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\kltbar.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prremote.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\prloader.dll]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\pxstub.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\params.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\winreg.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\propmap.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\nfio.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Program Files\Kaspersky Lab\Kaspersky PURE\filemap.ppl]  [Kaspersky Lab, 9.1.0.144]
    [C:\Windows\system32\Macromed\Flash\Flash11f.ocx]  [Adobe Systems, Inc., 11,1,102,62]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 8.15.11.8678]
    [C:\Windows\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0401]
[PID: 28852 / Loafer][E:\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
[PID: 28868 / Loafer][E:\桌面\sreng2\SREc820db45.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    [C:\Windows\system32\gamelsp.dll]  [Copyright (C) GameCap, 6, 0, 4, 50]
    [C:\Windows\system32\aetsprov.dll]  [A.E.T. Europe B.V., 3.0.0.2121]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\aetpkss1.dll]  [A.E.T. Europe B.V., 3.0.0.2110]
    [C:\Windows\system32\bxscard.dll]  [BlueX B.V., 4.2.5.1827]

==================================
文件关联
.TXT  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  Error. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
GameLSP on MSAFD Tcpip [TCP/IP]
    C:\Windows\system32\gamelsp.dll(Copyright (C) GameCap, GameLSP Sockets 2.0 Service Provider)
GameLSP on MSAFD Tcpip [UDP/IP]
    C:\Windows\system32\gamelsp.dll(Copyright (C) GameCap, GameLSP Sockets 2.0 Service Provider)
GameLSP on MSAFD Tcpip [RAW/IP]
    C:\Windows\system32\gamelsp.dll(Copyright (C) GameCap, GameLSP Sockets 2.0 Service Provider)
GameLSP IPLayer
    C:\Windows\system32\gamelsp.dll(Copyright (C) GameCap, GameLSP Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
N/A

==================================
计划任务
[已启用] \\{336F53E3-97CC-4159-A5EC-BED750B28682}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe
[已启用] \\{50C73994-B09A-47CE-9AC6-6959911756AB}
        E:\game\装机程序\fg698x\fg698x.exe
[已启用] \\{750D8C94-C058-4622-9C80-CBAD93655CF8}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe
[已启用] \\{D9B34C0A-FB22-4A48-8F42-D969E72A4E77}
        C:\Windows\system32\pcalua.exe -a F:\game\TLBB2-2.30.0230.exe -d F:\game
[已启用] \\{E07F06BC-FC3F-4E7A-AB85-D9B230DFE077}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe -a F:\game\TLBB2-2.30.0230.exe -d F:\game
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
        N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
        N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
        %windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
        %windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
        aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
        %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
        %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
        BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
        N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
        N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
        %SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
        %windir%\system32\defrag.exe -c
[已启用] \Microsoft\Windows\Location\Notifications
        %windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
        N/A
[已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
        %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
        %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
        %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ehDRMInit
        %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已启用] \Microsoft\Windows\Media Center\InstallPlayReady
        %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已启用] \Microsoft\Windows\Media Center\mcupdate
        %SystemRoot%\ehome\mcupdate $(Arg0)
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\OCURActivate
        %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已启用] \Microsoft\Windows\Media Center\OCURDiscovery
        %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已启用] \Microsoft\Windows\Media Center\PBDADiscovery
        %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
        %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
        %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
        %windir%\ehome\MCUpdate.exe -pscn 0
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
        %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
        %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
        %SystemRoot%\ehome\ehrec /RestartRecording
[已启用] \Microsoft\Windows\Media Center\RegisterSearch
        %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
        %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\StartRecording
        %SystemRoot%\ehome\ehrec /StartRecording
[已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
        %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
        N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
        %windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
        N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
        %windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
        N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
        N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
        %SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
        N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
        N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
        N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
        N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
        N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
        %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
        %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
        %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
        %windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
        sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
        N/A
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
        %windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
        "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
        %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
        N/A

==================================
Windows 安全更新检查
KB972813,  西班牙语语言包 - Windows 7 (KB972813)
KB972813,  希腊语语言包 - Windows 7 (KB972813)
KB972813,  立陶宛语语言包 - Windows 7 (KB972813)
KB972813,  阿拉伯语语言包 - Windows 7 (KB972813)
KB972813,  瑞典语语言包 - Windows 7 (KB972813)
KB972813,  德语语言包 - Windows 7 (KB972813)
KB972813,  斯洛伐克语语言包 - Windows 7 (KB972813)
KB972813,  乌克兰语语言包 - Windows 7 (KB972813)
KB972813,  繁体中文语言包 - Windows 7 (KB972813)
KB972813,  挪威语语言包 - Windows 7 (KB972813)
KB972813,  爱沙尼亚语语言包 - Windows 7 (KB972813)
KB972813,  捷克语语言包 - Windows 7 (KB972813)
KB972813,  斯洛文尼亚语语言包 - Windows 7 (KB972813)
KB972813,  日语语言包 - Windows 7 (KB972813)
KB972813,  法语语言包 - Windows 7 (KB972813)
KB972813,  英语语言包 - Windows 7 (KB972813)
KB972813,  罗马尼亚语语言包 - Windows 7 (KB972813)
KB972813,  波兰语语言包 - Windows 7 (KB972813)
KB972813,  泰语语言包 - Windows 7 (KB972813)
KB972813,  保加利亚语语言包 - Windows 7 (KB972813)
KB972813,  俄语语言包 - Windows 7 (KB972813)
KB972813,  克罗地亚语语言包 - Windows 7 (KB972813)
KB972813,  塞尔维亚语(拉丁语)语言包 - Windows 7 (KB972813)
KB972813,  葡萄牙语(葡萄牙)语言包 - Windows 7 (KB972813)
KB972813,  朝鲜语语言包 - Windows 7 (KB972813)
KB972813,  意大利语语言包 - Windows 7 (KB972813)
KB972813,  匈牙利语语言包 - Windows 7 (KB972813)
KB972813,  土耳其语语言包 - Windows 7 (KB972813)
KB972813,  丹麦语语言包 - Windows 7 (KB972813)
KB972813,  芬兰语语言包 - Windows 7 (KB972813)
KB972813,  拉脱维亚语语言包 - Windows 7 (KB972813)
KB972813,  希伯来语语言包 - Windows 7 (KB972813)
KB972813,  荷兰语语言包 - Windows 7 (KB972813)
KB972813,  葡萄牙语(巴西)语言包 - Windows 7 (KB972813)
KB979099,  用于 Windows 7 的 Rights Management Services 客户端更新程序 (KB979099)
KB975496,  Windows 7 更新程序 (KB975496)
KB976422,  Windows 7 更新程序 (KB976422)
KB979538,  Windows 7 更新程序 (KB979538)
KB2284742,  Media Center for Windows 7 累积更新程序 (KB2284742)
KB2467023,  Windows 7 更新程序 (KB2467023)
KB2387530,  Windows 7 更新程序 (KB2387530)
KB2454826,  Windows 7 更新程序 (KB2454826)
KB2502285,  Windows 7 更新程序 (KB2502285)
KB2484033,  Windows 7 更新程序 (KB2484033)
KB2505438,  Windows 7 更新程序 (KB2505438)
KB2511250,  Windows 7 更新程序 (KB2511250)
KB2515325,  Windows 7 更新程序 (KB2515325)
KB2506928,  Windows 7 更新程序 (KB2506928)
KB2492386,  Windows 7 更新程序 (KB2492386)
KB2522422,  Windows 7 更新程序 (KB2522422)
KB2541014,  Windows 7 更新程序 (KB2541014)
KB2488113,  Windows 7 更新程序 (KB2488113)
KB2545698,  Windows 7 更新程序 (KB2545698)
KB2547666,  Windows 7 更新程序 (KB2547666)
KB2529073,  Windows 7 更新程序 (KB2529073)
KB982018,  Windows 7 更新程序 (KB982018)
KB2532531,  Windows 7 安全更新程序 (KB2532531) MS11-053
KB2563227,  Windows 7 更新程序 (KB2563227)
KB982670,  用于 Windows 7 x86 的 Microsoft .NET Framework 4 Client Profile (KB982670)
KB2510690,  Microsoft Office 2010 Service Pack 1 (KB2510690) 32 位版本
KB2598845,  用于 Windows 7 的 Internet Explorer 8 兼容性视图列表的更新程序 (KB2598845)
KB2607576,  Windows 7 更新程序 (KB2607576)
KB982861,  用于 Windows 7 的 Windows Internet Explorer 9
KB2656355,  用于 Windows 7 x86 上的 Microsoft .NET Framework 3.5.1 的安全更新程序 (KB2656355) MS11-100
KB2584146,  Windows 7 安全更新程序 (KB2584146) MS12-005
KB2631813,  Windows 7 安全更新程序 (KB2631813) MS12-004
KB2585542,  Windows 7 安全更新程序 (KB2585542) MS12-006
KB2644615,  Windows 7 安全更新程序 (KB2644615) MS12-001
KB2632503,  Windows 7 更新程序 (KB2632503)
KB2597170,  Microsoft Visio Viewer 2010 安全更新 (KB2597170) 32 位版本 MS12-015
KB2597091,  Microsoft Office 2010 更新 (KB2597091) 32 位版本
KB2633879,  用于 Windows 7 x86 上的 Microsoft .NET Framework 3.5.1 的安全更新程序 (KB2633879) MS12-016
KB2654428,  Windows 7 安全更新程序 (KB2654428) MS12-013
KB2647516,  用于 Windows 7 的 Internet Explorer 8 累积安全更新程序 (KB2647516) MS12-010
KB2660075,  Windows 7 更新程序 (KB2660075)
KB2640148,  Windows 7 更新程序 (KB2640148)
KB2621440,  Windows 7 安全更新程序 (KB2621440) MS12-020
KB2641653,  Windows 7 安全更新程序 (KB2641653) MS12-018
KB2647518,  用于 Windows 7 的 ActiveX Killbit 更新汇总 (KB2647518)
KB2665364,  Windows 7 安全更新程序 (KB2665364) MS12-019
KB2667402,  Windows 7 安全更新程序 (KB2667402) MS12-020
KB2639308,  Windows 7 更新程序 (KB2639308)
KB890830,  Windows 恶意软件删除工具 - 2012 年 3 月 (KB890830)
KB982726,  Microsoft Office 2010 定义更新 (KB982726) 32 位版本
KB2668562,  Microsoft Silverlight (KB2668562)
KB976932,  Windows 7 Service Pack 1 (KB976932)
KB915597,  Definition Update for Windows Defender - KB915597 (Definition 1.123.1430.0)

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
回复

举报

7246255
头像被屏蔽
发表于 2012-4-15 17:32:43 | 显示全部楼层
不懂,帮你顶一下
回复

举报

陈识宇
发表于 2012-4-15 20:03:48 | 显示全部楼层
你有GKR和卡巴,防御应该不错,有用了金山急救箱,如果有什么问题,应该进一步说明白。如果真有感染性病毒,SREng不一定能反应出来。

上传查杀截图或者隔离区截图;
上传样本
这几个计划任务,建议关闭:
[已启用] \\{336F53E3-97CC-4159-A5EC-BED750B28682}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe
[已启用] \\{50C73994-B09A-47CE-9AC6-6959911756AB}
        E:\game\装机程序\fg698x\fg698x.exe
[已启用] \\{750D8C94-C058-4622-9C80-CBAD93655CF8}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe
[已启用] \\{D9B34C0A-FB22-4A48-8F42-D969E72A4E77}
        C:\Windows\system32\pcalua.exe -a F:\game\TLBB2-2.30.0230.exe -d F:\game
[已启用] \\{E07F06BC-FC3F-4E7A-AB85-D9B230DFE077}
        D:\TDDOWNLOAD\Sid.Meier's.Civilization.V.CN-Gamersky\Sid Meier's Civilization V\Sid Meier's Civilization V\CivilizationV.exe -a F:\game\TLBB2-2.30.0230.exe -d F:\game

评分

参与人数 2经验 +3 人气 +1 收起 理由
Amazing + 1 感谢解答: )
飞霜流华 + 3 感谢解答: )

查看全部评分

回复

举报

m220011
发表于 2012-4-15 21:28:20 | 显示全部楼层
本帖最后由 m220011 于 2012-4-15 21:32 编辑

C:\Windows\system32\pcalua.exe   
据说是程序兼容性助手
LZ核对一下签名
据说神马见下面
http://www.oswhy.com/archives/22


E:\game\装机程序\fg698x\fg698x.exe
这个启动项是亮点
那啥门?


E:\game\装机程序\
怎么LZ会有这种路径

LZ的服务  有卡巴 有诺顿【貌似卸载了】 有GKR  有金山

安全模式查杀无效?

[Kaspersky PURE / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" -r><Kaspersky Lab>
[CryptoStorage control service / CSObjectsSrv][Running/Auto Start]
  <"C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe"><Infowatch>
[Symantec Eraser Service / EraserSvc11013][Stopped/Auto Start]
  <"C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe" /h ccCommon><(File is missing)>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[GKRAgent / GKRAgent][Running/Auto Start]
  <C:\Program Files\中嘉华诚\中嘉华诚GKR\GKRAgent.exe><北京中嘉华诚网络安全技术有限公司>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe><Intel Corporation>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe><N/A>
[Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start]
  <C:\Program Files\kingsoft\KSM\ksmsvc.exe><>
[NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  <C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[Tenpay Certificate Service / QQCertificateService][Running/Auto Start]
  <"C:\Program Files\Common Files\Tencent\Paycenter\tenpaycert.exe"><Tencent>

评分

参与人数 2经验 +3 人气 +1 收起 理由
Amazing + 1 感谢解答: )
飞霜流华 + 3 感谢解答: )

查看全部评分

回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-4 00:02 , Processed in 0.137716 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表