已解决、感谢大家★★这是什么情况，红伞报微软补丁★★

显示全部楼层 · 发表于 2012-5-9 12:51:13

本帖最后由自然卷丨依佐于 2012-5-9 16:36 编辑

小白第一次遇见这问题，金山给出解释是误报，算是学习了，感谢各位！！各位参考金山论坛答复：

红伞误报.tdl文件，该文件为旋风下载引擎所产生的临时文件，举个不太恰当但是形象的例子，一个文件有abcd是个字符，该临时文件里面就改改下载了ac两个字符，而这两个字符正好是红伞的特征码，报了。
从你的描述中明显就能看出来，红伞误报的是没下载的完整的文件，而下载完整的文件是没有报毒的。

再说细点，可能你这一次报了，下一次再下载就不报，或者你在10%进度时报警，你下载到20%又可能不报。

另外你说的windows update不报警是因为下载机制的问题，红伞误报.tdl临时文件已经不是一例两例了。

http://bbs.duba.net/forum.php?mod=viewthread&tid=22698101&page=1#pid7575605

11楼主也是正解，感谢了：http://bbs.kafan.cn/forum.php?mo ... 7094&fromuid=734480

有没有一样的情况？？

今天下课回来开机看见金山漏洞然后修复

下载时红伞报office2010的excel一个补丁KB2597166：excel2010-kb2597166-fullfile-x86-glb.exe.tdl，下载完成后为文件：excel2010-kb2597166-fullfile-x86-glb.exe

执行的操作:传输至扫描程序，这个应该是没问题吧，红伞默认认为这个是流氓恶意行为？

安装时毛豆监控会连接，这个是给微软报告？？：

2012-05-09 12:25:41

C:\Program Files (x86)\ksafe\hotfix\excel2010-kb2597166-fullfile-x86-glb.exe

询问

出

TCP

125.82.145.202

49964

96.17.155.248

80

下载完后右键扫描不报、双击也不报？？？

金山设置为在微软官方下载补丁！！！   现在补丁是打好了，关键是不知道后面系统扫描什么会不会出问题！！，另外如果报告给官方这个文件也太大了，50多M！！

导出的事件:

2012/5/9 12:16 [Realtime Protection] 发现恶意软件
   在文件“C:\Program Files
   (x86)\ksafe\hotfix\excel2010-kb2597166-fullfile-x86-glb.exe.tdl”中检测到病毒或
   恶意程序“TR/Crypt.XPACK.Gen2 [trojan]”。
   执行的操作:传输至扫描程序

下载时报：

下载完成后右键不报：

双击不报：

毛豆防火墙：

金山设置：

文件签名：

文件：

SREngLOG.log日志帮忙看看：

2012-05-09,16:02:17
System Repair Engineer 2.8.4.1331
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows 7 Ultimate Edition Service Pack 1 (Build 7601) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KSafeTray><"c:\program files (x86)\ksafe\KSafeTray.exe" -autorun> [(Verified)Kingsoft Security Co.,Ltd]
<avgnt><"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min> [(Verified)Avira Operations GmbH & Co. KG]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Infected) Microsoft Corporation]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs>< C:\Windows\SysWOW64\guard32.dll> [(Verified)Comodo Security Solutions, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows><"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Web Platform Customizations><C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
<C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe><Adobe Systems Incorporated>
[Application Experience / AeLookupSvc][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\aelupsvc.dll><Microsoft Corporation>
[Avira 计划程序 / AntiVirSchedulerService][Running/Auto Start]
<"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"><Avira Operations GmbH & Co. KG>
[Avira Realtime Protection / AntiVirService][Running/Auto Start]
<"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"><Avira Operations GmbH & Co. KG>
[Application Identity / AppIDSvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation-->%SystemRoot%\System32\appidsvc.dll><Microsoft Corporation>
[Application Information / Appinfo][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appinfo.dll><Microsoft Corporation>
[Windows Audio Endpoint Builder / AudioEndpointBuilder][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\Audiosrv.dll><Microsoft Corporation>
[Windows Audio / AudioSrv][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted-->%SystemRoot%\System32\Audiosrv.dll><Microsoft Corporation>
[ActiveX Installer (AxInstSV) / AxInstSV][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k AxInstSVGroup-->%SystemRoot%\System32\AxInstSV.dll><Microsoft Corporation>
[BitLocker Drive Encryption Service / BDESVC][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\bdesvc.dll><Microsoft Corporation>
[Base Filtering Engine / BFE][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\System32\bfe.dll><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\qmgr.dll><Microsoft Corporation>
[Computer Browser / Browser][Running/Manual Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><Microsoft Corporation>
[Bluetooth Support Service / bthserv][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k bthsvcs-->%SystemRoot%\system32\bthserv.dll><Microsoft Corporation>
[Certificate Propagation / CertPropSvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\certprop.dll><Microsoft Corporation>
[COMODO Internet Security Helper Service / cmdAgent][Running/Auto Start]
<"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"><COMODO>
[Offline Files / CscService][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\cscsvc.dll><Microsoft Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Disk Defragmenter / defragsvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k defragsvc-->%Systemroot%\System32\defragsvc.dll><Microsoft Corporation>
[DNS Client / Dnscache][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k NetworkService-->%SystemRoot%\System32\dnsrslvr.dll><Microsoft Corporation>
[Wired AutoConfig / dot3svc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\dot3svc.dll><Microsoft Corporation>
[Diagnostic Policy Service / DPS][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\system32\dps.dll><Microsoft Corporation>
[Extensible Authentication Protocol / EapHost][Running/Manual Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\eapsvc.dll><Microsoft Corporation>
[HDZB Comm Service For V3.0 / HZ_CommSrv][Running/Auto Start]
<C:\Windows\SysWOW64\HZ_CommSrv.exe><华大智宝电子系统有限公司>
[Intel(R) Rapid Storage Technology / IAStorDataMgrSvc][Stopped/Manual Start]
<"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"><Intel Corporation>
[IKE and AuthIP IPsec Keying Modules / IKEEXT][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ikeext.dll><Microsoft Corporation>
[Intel(R) Capability Licensing Service Interface / Intel(R) Capability Licensing Service Interface][Stopped/Manual Start]
<"C:\Program Files\Intel\iCLS Client\HeciServer.exe"><Intel(R) Corporation>
[PnP-X IP Bus Enumerator / IPBusEnum][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\system32\ipbusenum.dll><Microsoft Corporation>
[IP Helper / iphlpsvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k NetSvcs-->%SystemRoot%\System32\iphlpsvc.dll><Microsoft Corporation>
[KMService / KMService][Stopped/Manual Start]
<C:\Windows\system32\srvany.exe><(File is missing)>
[KSafe service / KSafeSvc][Running/Auto Start]
<"c:\program files (x86)\ksafe\KSafeSvc.exe" -svc><Kingsoft Corporation>
[KtmRm for Distributed Transaction Coordinator / KtmRm][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation-->%systemroot%\system32\msdtckrm.dll><Microsoft Corporation>
[Server / LanmanServer][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\srvsvc.dll><Microsoft Corporation>
[Workstation / LanmanWorkstation][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k NetworkService-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[Link-Layer Topology Discovery Mapper / lltdsvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalService-->%SystemRoot%\System32\lltdsvc.dll><Microsoft Corporation>
[TCP/IP NetBIOS Helper / lmhosts][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted-->%SystemRoot%\System32\lmhsvc.dll><Microsoft Corporation>
[Intel(R) Management and Security Application Local Management Service / LMS][Stopped/Manual Start]
<C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe><Intel Corporation>
[Media Center Extender Service / Mcx2Svc][Stopped/Disabled]
<C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation-->%SystemRoot%\system32\Mcx2Svc.dll><Microsoft Corporation>
[Multimedia Class Scheduler / MMCSS][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\mmcss.dll><Microsoft Corporation>
[Windows Firewall / MpsSvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\system32\mpssvc.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / nvsvc][Stopped/Manual Start]
<C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[Peer Networking Identity Manager / p2pimsvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalServicePeerNet-->%SystemRoot%\system32\pnrpsvc.dll><Microsoft Corporation>
[Peer Networking Grouping / p2psvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalServicePeerNet-->%SystemRoot%\system32\p2psvc.dll><Microsoft Corporation>
[Program Compatibility Assistant Service / PcaSvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\pcasvc.dll><Microsoft Corporation>
[BranchCache / PeerDistSvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k PeerDist-->%SystemRoot%\system32\peerdistsvc.dll><Microsoft Corporation>
[Plug and Play / PlugPlay][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\umpnpmgr.dll><Microsoft Corporation>
[PnkBstrA / PnkBstrA][Stopped/Manual Start]
<C:\Windows\system32\PnkBstrA.exe><N/A>
[PNRP Machine Name Publication Service / PNRPAutoReg][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalServicePeerNet-->%SystemRoot%\system32\pnrpauto.dll><Microsoft Corporation>
[Peer Name Resolution Protocol / PNRPsvc][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalServicePeerNet-->%SystemRoot%\system32\pnrpsvc.dll><Microsoft Corporation>
[IPsec Policy Agent / PolicyAgent][Stopped/Disabled]
<C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted-->%SystemRoot%\System32\ipsecsvc.dll><Microsoft Corporation>
[Power / Power][Running/Manual Start]
<C:\Windows\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\umpo.dll><Microsoft Corporation>
[User Profile Service / ProfSvc][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%systemroot%\system32\profsvc.dll><Microsoft Corporation>
[NVIDIA Stereoscopic 3D Driver Service / Stereo Service][Stopped/Manual Start]
<C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe><NVIDIA Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Disabled]
<C:\Windows\system32\svchost.exe -k imgsvc-->%SystemRoot%\System32\wiaservc.dll><Microsoft Corporation>
[Microsoft Software Shadow Copy Provider / swprv][Running/Manual Start]
<C:\Windows\System32\svchost.exe -k swprv-->%Systemroot%\System32\swprv.dll><Microsoft Corporation>
[Superfetch / SysMain][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%systemroot%\system32\sysmain.dll><Microsoft Corporation>
[Tablet PC Input Service / TabletInputService][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\TabSvc.dll><Microsoft Corporation>
[TPM Base Services / TBS][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation-->%SystemRoot%\System32\tbssvc.dll><Microsoft Corporation>
[Remote Desktop Services / TermService][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k NetworkService-->%SystemRoot%\System32\termsrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\themeservice.dll><Microsoft Corporation>
[Thread Ordering Server / THREADORDER][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k LocalService-->%SystemRoot%\system32\mmcss.dll><Microsoft Corporation>
[Distributed Link Tracking Client / TrkWks][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\trkwks.dll><Microsoft Corporation>
[Intel(R) Management and Security Application User Notification Service / UNS][Stopped/Manual Start]
<"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"><Intel Corporation>
[Desktop Window Manager Session Manager / UxSms][Running/Auto Start]
<C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\uxsms.dll><Microsoft Corporation>
[VMware Authorization Service / VMAuthdService][Stopped/Manual Start]
<"D:\Program Files\VMware Workstation\VMware\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Stopped/Manual Start]
<C:\Windows\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware USB Arbitration Service / VMUSBArbService][Stopped/Manual Start]
<"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Stopped/Manual Start]
<C:\Windows\system32\vmnat.exe><VMware, Inc.>
[WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start]
<C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe><Beijing WatchData System Co., Ltd.>
[Windows Event Collector / Wecsvc][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k NetworkService-->%SystemRoot%\system32\wecsvc.dll><Microsoft Corporation>
[Problem Reports and Solutions Control Panel Support / wercplsupport][Stopped/Manual Start]
<C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wercplsupport.dll><Microsoft Corporation>
[Windows Error Reporting Service / WerSvc][Stopped/Disabled]
<C:\Windows\System32\svchost.exe -k WerSvcGroup-->%SystemRoot%\System32\WerSvc.dll><Microsoft Corporation>
[Windows Defender / WinDefend][Stopped/Disabled]
<C:\Windows\System32\svchost.exe -k secsvcs-->%ProgramFiles%\Windows Defender\mpsvc.dll><N/A>
[Windows Management Instrumentation / Winmgmt][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
[WLAN AutoConfig / Wlansvc][Running/Auto Start]
<C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\wlansvc.dll><Microsoft Corporation>
==================================
驱动程序
[adp94xx / adp94xx][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdsata / amdsata][Stopped/Manual Start]
<\SystemRoot\system32\drivers\amdsata.sys><Advanced Micro Devices>
[amdsbs / amdsbs][Stopped/Manual Start]
<\SystemRoot\system32\drivers\amdsbs.sys><AMD Technologies Inc.>
[amdxata / amdxata][Running/Boot Start]
<\SystemRoot\system32\drivers\amdxata.sys><Advanced Micro Devices>
[arc / arc][Stopped/Manual Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Manual Start]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Qualcomm Atheros Extensible Wireless LAN device driver / athr][Running/Manual Start]
<system32\DRIVERS\athrx.sys><Qualcomm Atheros Communications, Inc.>
[avgntflt / avgntflt][Running/Auto Start]
<system32\DRIVERS\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><Avira GmbH>
[avkmgr / avkmgr][Running/System Start]
<system32\DRIVERS\avkmgr.sys><Avira GmbH>
[Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
<\SystemRoot\system32\drivers\bxvbda.sys><Broadcom Corporation>
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60a][Stopped/Manual Start]
<system32\DRIVERS\b57nd60a.sys><Broadcom Corporation>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\BrFiltLo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\BrFiltUp.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[COMODO Internet Security Sandbox Driver / cmdGuard][Running/System Start]
<System32\DRIVERS\cmdguard.sys><COMODO>
[COMODO Internet Security Helper Driver / cmdHlp][Running/System Start]
<System32\DRIVERS\cmdhlp.sys><COMODO>
[cmdide / cmdide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[cpuz135 / cpuz135][Stopped/Manual Start]
<\??\C:\Users\ADMINI~1\AppData\Local\Temp\DTL135\DTL135_x64.sys><N/A>
[Realtek Turbo Disk Filter Driver / diskperf64][Running/Manual Start]
<System32\Drivers\diskperf64.sys><Realtek Semiconductor Corp.>
[Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
<\SystemRoot\system32\drivers\evbda.sys><Broadcom Corporation>
[elxstor / elxstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ELAN PS/2 Port Input Device / ETD][Running/Manual Start]
<system32\DRIVERS\ETD.sys><ELAN Microelectronic Corp.>
[VMware hcmon / hcmon][Running/Auto Start]
<\??\C:\Windows\system32\drivers\hcmon.sys><VMware, Inc.>
[Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
<\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
[HpSAMD / HpSAMD][Stopped/Manual Start]
<\SystemRoot\system32\drivers\HpSAMD.sys><Hewlett-Packard Company>
[HWCore / HWCore][Stopped/Manual Start]
<\??\D:\安装软件\驱动人生\DriveTheLife2012\hwcore.sys><N/A>
[HWiNFO32/64 Kernel Driver / HWiNFO32][Stopped/System Start]
<\??\C:\Users\ADMINI~1\AppData\Local\Temp\Mydrivers64A.SYS><N/A>
[Intel AHCI Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[iaStorV / iaStorV][Stopped/Manual Start]
<\SystemRoot\system32\drivers\iaStorV.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[COMODO Internet Security Firewall Driver / inspect][Running/System Start]
<system32\DRIVERS\inspect.sys><COMODO>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RTKVHD64.sys><Realtek Semiconductor Corp.>
[Keyboard Filter / kbfiltr][Running/Manual Start]
<system32\DRIVERS\kbfiltr.sys><>
[kmodurl / kmodurl][Running/System Start]
<\??\c:\program files (x86)\ksafe\kmodurl64.sys><Kingsoft Corporation>
[ksfmonsys / ksfmonsys][Running/Manual Start]
<\??\c:\program files (x86)\ksafe\ksfmonsys64.sys><Kingsoft Corporation>
[LSI_FC / LSI_FC][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Corporation>
[LSI_SAS / LSI_SAS][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Corporation>
[LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_sas2.sys><LSI Corporation>
[LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Corporation>
[megasas / megasas][Stopped/Manual Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Manual Start]
<\SystemRoot\system32\drivers\MegaSR.sys><LSI Corporation, Inc.>
[Intel(R) Management Engine Interface / MEIx64][Running/Manual Start]
<system32\DRIVERS\HECIx64.sys><Intel Corporation>
[nfrd960 / nfrd960][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
<system32\drivers\NPF.sys><N/A>
[Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
<system32\drivers\nvhda64v.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[ql2300 / ql2300][Stopped/Manual Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[ql40xx / ql40xx][Stopped/Manual Start]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[RtsUVStor.Sys Realtek USB Card Reader / RSUSBVSTOR][Running/Manual Start]
<System32\Drivers\RtsUVStor.sys><Realtek Semiconductor Corp.>
[Realtek 8167 NT Driver / RTL8167][Running/Manual Start]
<system32\DRIVERS\Rt64win7.sys><Realtek>
[Serial / Serial][Stopped/Manual Start]
<\SystemRoot\system32\drivers\serial.sys><Brother Industries Ltd.>
[SiSRaid2 / SiSRaid2][Stopped/Manual Start]
<\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Manual Start]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[stexstor / stexstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\stexstor.sys><Promise Technology>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\Windows\system32\TesSafe.sys><TENCENT>
[TweakCubeVD / TweakCubeVD][Stopped/Manual Start]
<system32\drivers\TweakCubeVD.sys><青岛软媒网络科技有限公司>
[VGPU / VGPU][Stopped/Manual Start]
<System32\drivers\rdvgkmd.sys><N/A>
[viaide / viaide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[VMware VMCI Bus Driver / vmci][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\vmci.sys><VMware, Inc.>
[VMware kbd / vmkbd][Stopped/Manual Start]
<\??\C:\Windows\system32\drivers\VMkbd.sys><VMware, Inc.>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]
<system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
<\??\C:\Windows\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware USB Client Driver / vmusb][Stopped/Manual Start]
<System32\Drivers\vmusb.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
<\??\C:\Windows\system32\drivers\vmx86.sys><VMware, Inc.>
[vsmraid / vsmraid][Stopped/Manual Start]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[Vstor2 MntApi 1.0 Driver (shared) / vstor2-mntapi10-shared][Running/Auto Start]
<\??\C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys><VMware, Inc.>
==================================
浏览器加载项
[迅雷FLV视频嗅探及下载支持]
{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <D:\安装软件\迅雷\BHO\XlBrowserAddin1.0.7.70.dll, (Signed) 深圳市迅雷网络技术有限公司>
[迅雷下载支持]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装软件\迅雷\BHO\XunleiBHO7.2.6.3428.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Office Document Cache Handler]
{B4F3A835-0E21-4959-BA22-42B3008E02FF} <D:\安装软件\office\Office14\URLREDIR.DLL, (Signed) Microsoft Corporation>
[]
{002AE4F2-96AB-4dfa-AE2E-605217F8A84C} <, >
[]
{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} <, >
[迅雷FLV视频嗅探及下载支持代{过}{滤}理]
{0C27ADC4-E826-4620-A3A7-990D7E05545F} <D:\安装软件\迅雷\BHO\XlBrowserAddin1.0.7.70.dll, (Signed) 深圳市迅雷网络技术有限公司>
[迅雷FLV视频嗅探及下载支持]
{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <D:\安装软件\迅雷\BHO\XlBrowserAddin1.0.7.70.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
{1663ED61-23EB-11D2-B92F-008048FDD814} <, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\Windows\SysWow64\aliedit\2.5.0.3\pta.dll, (Signed) iTruschina Co., Ltd.>
[InfoScan Control]
{1F14548F-6975-40F1-AE24-6E2D1D449B2F} <C:\PROGRA~2\CCBCOM~1\Detector\InfoScan.dll, CCB>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\SysWOW64\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\SysWOW64\mshtml.dll, (Signed) Microsoft Corporation>
[Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\安装软件\迅雷\BHO\ThunderAgent7.2.6.3428.dll, (Signed) 深圳市迅雷网络技术有限公司>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\Windows\SysWow64\aliedit\2.5.0.3\aliedit.dll, (Signed) >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <%SystemRoot%\System32\hhctrl.ocx, (Signed) N/A>
[迅雷发行IE支持]
{5FFF24BC-DC02-4808-B4E0-A8E2C93FE407} <D:\安装软件\迅雷\BHO\xlfxctrl1.0.1.64.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Access UserInfo by Script]
{6EE9CD3E-A386-4DAE-9737-A759DBF927AE} <D:\安装软件\迅雷\BHO\UserAgent1.0.2.10.dll, (Signed) 深圳市迅雷网络技术有限公司>
[CertEnroll Class]
{7978461C-CC22-48F2-BC69-02220D3E101D} <C:\Windows\SysWow64\aliedit\2.5.0.3\itrusenroll.dll, (Signed) iTruschina Co., Ltd.>
[XunleiBHO Class]
{802F530B-A8F6-4631-AE49-6BACAAC6373E} <D:\安装软件\迅雷\BHO\XunleiBHO7.2.6.3428.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <, >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\SysWOW64\ieframe.dll, (Signed) Microsoft Corporation>
[迅雷下载支持]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装软件\迅雷\BHO\XunleiBHO7.2.6.3428.dll, (Signed) 深圳市迅雷网络技术有限公司>
[迅雷资源关键字嗅探]
{9AA238FE-8298-48C9-B188-05B6AEE76C3A} <, >
[Office Document Cache Handler]
{B4F3A835-0E21-4959-BA22-42B3008E02FF} <D:\安装软件\office\Office14\URLREDIR.DLL, (Signed) Microsoft Corporation>
[]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
[InfosecCCBNetSign Class]
{BC96F5A4-C930-4226-ADAB-59349AE585E9} <C:\Program Files (x86)\CCBComponents\Detector\CCBNetSignCom.dll, (Signed) Infosec Technologies Co., Ltd.>
[Google Update Plugin]
{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} <C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll, (Signed) Google Inc.>
[Google Update Plugin]
{C442AC41-9200-4770-8CC0-7CDB4F245C55} <C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll, (Signed) Google Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[WDCCBCtrl Class]
{CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\Windows\SysWow64\wdccb.dll, (Signed) >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx, (Signed) Adobe Systems, Inc.>
[SSOForPTLogin2 Class]
{EAAED308-7322-4B9B-965E-171933ADD473} <D:\安装软件\腾讯\qq\bin\npSSOAxCtrlForPTLogin.dll, (Signed) >
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[webmod Class]
{FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <C:\Windows\SysWow64\aliedit\2.5.0.3\alidcp.dll, (Signed) Alipay.com Co.,Ltd>
[使用迅雷下载]
<D:\安装软件\迅雷\BHO\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\安装软件\迅雷\BHO\GetAllUrl.htm, N/A>
==================================
正在运行的进程
[PID: 1292 / SYSTEM][C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\cfglib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpgen.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\gpgrd.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpipc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpavgio.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\gpgui.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gplegacy.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpgenrep.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\onlcfg.dll] [Avira Operations GmbH & Co. KG, 12.1.1.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll] [, 3.07.00.00]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll] [Avira Operations GmbH & Co. KG, 12.1.6.4]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVGIO.DLL] [Avira Operations GmbH & Co. KG, 12.1.19.17]
[c:\program files (x86)\avira\antivir desktop\avpref.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll] [Avira Operations GmbH & Co. KG, 8.1.25.6]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll] [Avira Operations GmbH & Co. KG, 8.1.2.2]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll] [Avira Operations GmbH & Co. KG, 8.1.4.18]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll] [Avira Operations GmbH & Co. KG, 8.1.8.2]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll] [Avira Operations GmbH & Co. KG, 8.2.5.5]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll] [Avira GmbH, 8.1.9.15]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll] [Avira Operations GmbH & Co. KG, 8.2.16.12]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll] [Avira Operations GmbH & Co. KG, 8.1.2.28]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll] [Avira Operations GmbH & Co. KG, 8.1.4.23]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll] [Avira Operations GmbH & Co. KG, 8.1.20.0]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll] [Avira Operations GmbH & Co. KG, 8.1.5.28]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeexp.dll] [Avira Operations GmbH & Co. KG, 8.1.0.35]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll] [Avira GmbH, 8.1.3.0]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aebb.dll] [Avira GmbH, 8.1.1.0]
[c:\program files (x86)\avira\antivir desktop\avesvc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\avesvcr.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\webcat.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\webcatrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\avreg.dll] [Avira Operations GmbH, 12.3.0.15]
[PID: 1380 / SYSTEM][c:\program files (x86)\ksafe\KSafeSvc.exe] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\json.dll] [N/A, ]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[c:\program files (x86)\ksafe\kdump.dll] [Kingsoft Corporation, 2011,05,31,2002]
[c:\program files (x86)\ksafe\kxebase.dll] [Kingsoft Corporation, 2010,5,12,402]
[c:\program files (x86)\ksafe\scom.dll] [Kingsoft Corporation, 2010,5,12,402]
[c:\program files (x86)\ksafe\kxecore\kxecore.dll] [Kingsoft Corporation, 2010,5,12,402]
[c:\program files (x86)\ksafe\kexectrl.dll] [Kingsoft Corporation, 2010,09,18,1422]
[c:\program files (x86)\ksafe\kwssp.dll] [Kingsoft Corporation, 2012.04.13.2500]
[c:\program files (x86)\ksafe\netstat.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\fwproxy.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\kse\ksecansp.dll] [Kingsoft Corporation, 2011,04,21,1878]
[c:\program files (x86)\ksafe\kse\ksecorex.dll] [Kingsoft Corporation, 2011,10,20,1846]
[c:\program files (x86)\ksafe\KEng\kae\kaecore.dat] [Kingsoft Corporation, 2011,11,17,1887]
[c:\program files (x86)\ksafe\kse\wfs.dll] [Kingsoft Corporation, 2010,08,23,1070]
[c:\program files (x86)\ksafe\kse\sqlite.dll] [Kingsoft Corporation, 2010,03,30,781]
[c:\program files (x86)\ksafe\kse\ksbwdet2.dll] [Kingsoft Corporation, 2012,04,09,2807]
[c:\program files (x86)\ksafe\KEng\kae\karchive.dat] [Kingsoft Corporation, 2011,07,29,1746]
[c:\program files (x86)\ksafe\KEng\kae\kaearcha.dat] [Kingsoft Corporation, 2010,11,19,1407]
[c:\program files (x86)\ksafe\KEng\kae\kaeolea.dat] [Kingsoft Corporation, 2011,10,20,1847]
[c:\program files (x86)\ksafe\KEng\kae\kaearchb.dat] [Kingsoft Corporation, 2011,09,23,1813]
[c:\program files (x86)\ksafe\kse\ksbcommsp.dll] [Kingsoft Corporation, 2011,07,26,2126]
[c:\program files (x86)\ksafe\kse\BKReScan.dll] [Kingsoft Corporation, 2011,04,27,1917]
[PID: 1816 / SYSTEM][C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\cfglib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpipc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\gpgen.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\gpschd.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll] [, 3.07.00.00]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll] [Avira Operations GmbH & Co. KG, 12.1.6.4]
[PID: 1916 / SYSTEM][C:\Windows\SysWOW64\HZ_CommSrv.exe] [华大智宝电子系统有限公司, 1, 2, 0, 3]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[PID: 1972 / SYSTEM][C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll] [Watchdata, 2, 1, 1, 40]
[PID: 3036 / Administrator][C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.19]
[c:\program files (x86)\avira\antivir desktop\cfglib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[c:\program files (x86)\avira\antivir desktop\ccguard.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccgrdw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\gpipc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll] [Avira Operations GmbH & Co. KG, 12.1.6.4]
[c:\program files (x86)\avira\antivir desktop\ccwgrd.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccgen.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\ccgenrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\avira\antivir desktop\ccupdate.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\ccupdrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\cclic.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\cclicrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccmsg.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccmainrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll] [Avira Operations GmbH & Co. KG, 12.1.0.13]
[PID: 3060 / Administrator][C:\Program Files (x86)\ksafe\ksafetray.exe] [Kingsoft Corporation, 3.6.2.2519]
[C:\Program Files (x86)\ksafe\json.dll] [N/A, ]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\kdump.dll] [Kingsoft Corporation, 2011,05,31,2002]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[c:\program files (x86)\ksafe\ksafedb.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\khistory.dll] [Kingsoft Corporation, 2011,08,26,2224]
[c:\program files (x86)\ksafe\kwsctrl.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Program Files (x86)\ksafe\ksafeup.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\zlib1.dll] [, 1.2.3]
[C:\Program Files (x86)\ksafe\krunopt.dll] [Kingsoft Corporation, 3.6.2.2500]
[c:\program files (x86)\ksafe\kse\bkrescan.dll] [Kingsoft Corporation, 2011,04,27,1917]
[c:\program files (x86)\ksafe\kse\sqlite.dll] [Kingsoft Corporation, 2010,03,30,781]
[c:\program files (x86)\ksafe\KEng\ksignup.dll] [Kingsoft Corporation, 1.1.0.2500]
[c:\program files (x86)\ksafe\KEng\KSGMerge.DLL] [Kingsoft Corporation, 2011,05,12,1656]
[PID: 968 / Administrator][C:\Program Files (x86)\CCBComponents\DMWZ\CCBCertificate.exe] [, 2, 1, 7, 8]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[C:\Windows\system32\CCBKCSP.dll] [, 1, 0, 0, 1]
[C:\Windows\system32\CCBKCAPI.dll] [北京大明五洲科技有限公司, 2, 1, 7, 31]
[PID: 3112 / Administrator][C:\Program Files (x86)\CCBComponents\HDZB\USBKeyTools.exe] [北京华大智宝电子系统有限公司, 1, 6, 0, 35]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Windows\system32\ccb_hdcsp.dll] [CIDC, 1, 4, 3, 49]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[PID: 3144 / Administrator][D:\安装软件\联网客户端\ChinaNetSn\bin\NetKeeper.exe] [XI AN XINLI SOFTWARE TECHNOLOGY CO.,LTD, 1, 0, 5, 5]
[D:\安装软件\联网客户端\ChinaNetSn\bin\8021x.dll] [HarbourNetworks, 1, 0, 4, 5]
[D:\安装软件\联网客户端\ChinaNetSn\bin\W32N50_Proxy.dll] [xinli, 1, 0, 4, 6]
[C:\Windows\system32\wpcap.dll] [CACE Technologies, Inc., 4.1.0.1753]
[C:\Windows\system32\packet.dll] [CACE Technologies, Inc., 4.1.0.1753]
[D:\安装软件\联网客户端\ChinaNetSn\bin\StringList.dll] [N/A, ]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx] [Adobe Systems, Inc., 11,2,202,235]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 8.17.12.9610]
[PID: 2136 / SYSTEM][C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe] [(Verified) Microsoft Corporation, 2.0.50727.4927 (NetFXspW7.050727-4900)]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[PID: 3568 / Administrator][C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.19]
[c:\program files (x86)\avira\antivir desktop\ccmainrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\cfglib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[c:\program files (x86)\avira\antivir desktop\ccgen.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\ccgenrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccprofil.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccscanrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccguard.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccgrdw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\gpipc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll] [Avira Operations GmbH & Co. KG, 12.1.6.4]
[c:\program files (x86)\avira\antivir desktop\ccwgrd.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccquamgr.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccquarc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccsched.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccscherc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccreport.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccreporc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccev.dll] [Avira Operations GmbH & Co. KG, 12.1.0.19]
[c:\program files (x86)\avira\antivir desktop\ccevrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccupdate.dll] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[c:\program files (x86)\avira\antivir desktop\ccupdrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccschedw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\cclic.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\cclicrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\cclicw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccmsg.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccevw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll] [, 3.07.00.00]
[C:\Program Files (x86)\SogouExtension\sogouflash\1.0.0.117\SogouFlashDll.dll] [Sogou.com Inc., 1.0.0.117]
[c:\program files (x86)\avira\antivir desktop\guardmsg.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\avesvcr.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\schedr.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\updaterc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\avscan.dll] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[c:\program files (x86)\avira\antivir desktop\ccrepow.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccquaw.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avpref.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[PID: 2112 / Administrator][C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe] [Avira Operations GmbH & Co. KG, 12.1.0.20]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVSCAN.DLL] [Avira Operations GmbH & Co. KG, 12.1.0.18]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVWINLL.DLL] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\LUKE.DLL] [Avira Operations GmbH & Co. KG, 12.1.0.19]
[C:\Program Files (x86)\Avira\AntiVir Desktop\ExtDlG{过}F{滤}W.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.19]
[c:\program files (x86)\avira\antivir desktop\cfglib.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccavscanex.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\avira\antivir desktop\ccavscanexrc.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVREP.DLL] [Avira Operations GmbH & Co. KG, 12.3.0.15]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll] [Avira Operations GmbH & Co. KG, 8.1.25.6]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll] [Avira Operations GmbH & Co. KG, 8.1.2.2]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll] [Avira Operations GmbH & Co. KG, 8.1.4.18]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll] [Avira Operations GmbH & Co. KG, 8.1.8.2]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll] [Avira Operations GmbH & Co. KG, 8.2.5.5]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll] [Avira GmbH, 8.1.9.15]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll] [Avira Operations GmbH & Co. KG, 8.2.16.12]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll] [Avira Operations GmbH & Co. KG, 8.1.2.28]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll] [Avira Operations GmbH & Co. KG, 8.1.4.23]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll] [Avira Operations GmbH & Co. KG, 8.1.20.0]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll] [Avira Operations GmbH & Co. KG, 8.1.5.28]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeexp.dll] [Avira Operations GmbH & Co. KG, 8.1.0.35]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll] [Avira GmbH, 8.1.3.0]
[C:\Program Files (x86)\Avira\AntiVir Desktop\aebb.dll] [Avira GmbH, 8.1.1.0]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVPREF.DLL] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll] [Avira Operations GmbH & Co. KG, 12.1.0.17]
[C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll] [, 3.07.00.00]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVSCPLR.DLL] [Avira GmbH, 12.3.0.14]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVREG.DLL] [Avira Operations GmbH, 12.3.0.15]
[C:\Program Files (x86)\Avira\AntiVir Desktop\AVARKT.DLL] [Avira Operations GmbH & Co. KG, 12.1.0.23]
[C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll] [Avira Operations GmbH & Co. KG, 12.1.6.4]
[PID: 4036 / Administrator][F:\资料百科\电脑\软件\安全\【SREng日志扫描】System Repair Engineer\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[PID: 4044 / Administrator][F:\资料百科\电脑\软件\安全\【SREng日志扫描】System Repair Engineer\SREeeb58be3.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Windows\SysWOW64\guard32.dll] [COMODO, 5, 10, 228257, 2253]
[c:\program files (x86)\ksafe\ksfmon.dll] [Kingsoft Corporation, 3.6.2.2500]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouInput\6.1.0.6953\Resource.dll] [Sogou.com Inc., 6.1.0.6953]
[C:\Program Files (x86)\SogouExtension\sogouflash\1.0.0.117\SogouFlashDll.dll] [Sogou.com Inc., 1.0.0.117]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS Error. [C:\Windows\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
VMCI sockets DGRAM
C:\Windows\system32\vsocklib.dll(VMware, Inc., VSockets Library)
VMCI sockets STREAM
C:\Windows\system32\vsocklib.dll(VMware, Inc., VSockets Library)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
计划任务
[已禁用] \\adobe flash player updater
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[已禁用] \\GoogleUpdateTaskUserS-1-5-21-3261666655-1295086780-3108116568-500Core
C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /c
[已禁用] \\GoogleUpdateTaskUserS-1-5-21-3261666655-1295086780-3108116568-500UA
C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[已启用] \\KsafeDelay
C:\Program Files (x86)\ksafe\KSafeTray.exe -delayruncheck /ua /installsource scheduler
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
%windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
%windir%\system32\appidcertstorecheck.exe
[已禁用] \Microsoft\Windows\Application Experience\AitAgent
aitagent
[已禁用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已禁用] \Microsoft\Windows\Autochk\Proxy
%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已禁用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
N/A
[已禁用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c
[已禁用] \Microsoft\Windows\Location\Notifications
%windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
N/A
[已禁用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已禁用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已禁用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ehDRMInit
%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已禁用] \Microsoft\Windows\Media Center\InstallPlayReady
%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\mcupdate
%SystemRoot%\ehome\mcupdate $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\OCURActivate
%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已禁用] \Microsoft\Windows\Media Center\OCURDiscovery
%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\PBDADiscovery
%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
%windir%\ehome\MCUpdate.exe -pscn 0
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
%SystemRoot%\ehome\ehrec /RestartRecording
[已禁用] \Microsoft\Windows\Media Center\RegisterSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ReindexSearchRoot
%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\UpdateRecordPath
%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
%windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
%SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
N/A
[已禁用] \Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
%windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
N/A
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
[已禁用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
"%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已禁用] \Microsoft\Windows\WindowsBackup\ConfigNotification
%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已启用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
N/A
==================================
Windows 安全更新检查
KB2483139, 拉脱维亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 捷克语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 俄语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 英语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 丹麦语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 意大利语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 匈牙利语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 朝鲜语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 瑞典语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 波兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 克罗地亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 乌克兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 挪威语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 希腊语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 保加利亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 葡萄牙语（葡萄牙）语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 荷兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 葡萄牙语（巴西）语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 西班牙语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 斯洛文尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 繁体中文语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 日语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 泰国语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 德语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 爱沙尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 立陶宛语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 斯洛伐克语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 芬兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 阿拉伯语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 希伯来语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 塞尔维亚语（拉丁语）语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 罗马尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 法语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2483139, 土耳其语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
KB2484033, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2484033)
KB2505438, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2505438)
KB2511250, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2511250)
KB2515325, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2515325)
KB2506928, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2506928)
KB2492386, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2492386)
KB2522422, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2522422)
KB2533552, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2533552)
KB2541014, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2541014)
KB2488113, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2488113)
KB2545698, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2545698)
KB2547666, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2547666)
KB2552343, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2552343)
KB2532531, 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2532531) MS11-053
KB2563227, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2563227)
KB982670, 用于基于 x64 的系统的 Windows 7 的 Microsoft .NET Framework 4 Client Profile (KB982670)
KB2598845, 用于基于 x64 的系统的 Windows 7 的 Internet Explorer 8 兼容性视图列表的更新程序 (KB2598845)
KB2603229, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2603229)
KB2607576, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2607576)
KB2633952, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2633952)
KB982861, 用于基于 x64 的系统的 Windows 7 的 Windows Internet Explorer 9
KB2660075, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2660075)
KB2640148, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2640148)
KB2679255, 用于基于 x64 的系统的 Windows 7 更新程序 (KB2679255)
KB2659262, 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2659262) MS12-034
KB2658846, 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2658846) MS12-034
KB2676562, 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2676562) MS12-034
KB2660649, 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2660649) MS12-034
KB890830, Windows 恶意软件删除工具 x64 - 2012 年 5 月 (KB890830)
KB2656411, 用于 x64 系统的 Windows 7 和 Windows Server 2008 R2 SP1 上的 Microsoft .NET Framework 3.5.1 的安全更新程序 (KB2656411) MS12-034
==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：NtCreateThread (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：NtLoadDriver (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：NtSetSystemInformation (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：NtTerminateProcess (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：NtTerminateThread (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwCreateFile (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwCreateThread (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwOpenFile (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwSetSystemInformation (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwShutdownSystem (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwTerminateProcess (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：ZwTerminateThread (危险等级: 一般, 被下面模块所HOOK: C:\Windows\SysWOW64\guard32.dll)
入口点错误：FindFirstFileA (危险等级: 高, 被下面模块所HOOK: 0xBA32DDB6)
入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\Drivers\usbvideo.sys)
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x029102F1)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x029802F1)
入口点错误：GetModuleFileNameW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\Drivers\usbvideo.sys)
==================================
隐藏进程
N/A
==================================

复制代码

显示全部楼层 · 发表于 2012-5-9 13:16:28

不好意思，本人一直用Windows update更新微软漏洞补丁的，小红伞无此情况
建议：首先上报金山客服：联系QQ1517410148，如果可以的话上报小红伞。
------------------------------------------------------------------------------------------
补充：你是否开了金山卫士的P2P，就是在金山卫士的设置里面，如果是这样，不排除是真的病毒。

显示全部楼层 · 发表于 2012-5-9 13:26:43

从未发生此类事故。。

显示全部楼层 · 发表于 2012-5-9 13:30:51

cs52089757 发表于 2012-5-9 13:16
不好意思，本人一直用Windows update更新微软漏洞补丁的，小红伞无此情况
建议：首先上报金山客服：联系QQ ...

是打开了p2p的

悲催了？？我现在都装好了。。。。。

红伞不能上报吧这么大文件

我全盘扫描一下

显示全部楼层 · 发表于 2012-5-9 13:31:49

自然卷丨依佐发表于 2012-5-9 13:30
是打开了p2p的

悲催了？？我现在都装好了。。。。。

不是给你了金山客服的QQ？找他去啊开了P2P有时候会有问题

显示全部楼层 · 发表于 2012-5-9 13:32:50

cs52089757 发表于 2012-5-9 13:31
不是给你了金山客服的QQ？找他去啊开了P2P有时候会有问题

恩、加了的正在问、它可能在睡觉还没有加上

显示全部楼层 · 发表于 2012-5-9 13:33:58

奇怪了，我怎么没遇到？

显示全部楼层 · 发表于 2012-5-9 13:35:42

一直用的是windows update打补丁的，没有出现这种情况。

显示全部楼层 · 发表于 2012-5-9 13:37:51

本帖最后由 aaa839 于 2012-5-9 13:43 编辑

用Windows Update更新補丁,勿用金山
AVIRA對於原版UPDATE是不會作出任何警報
假若該補丁是人為修改後放出,可能會引發警報
解決方法
1.先記下KB號碼,再從微軟官方下載頁面搜尋並下載有關補丁
http://www.microsoft.com/downloads/zh-cn/

tdl亦告訴你
是因為p2p影響
不過我仍建議打補丁請使用windows update
官方網站原網址下載沒有任何問題

显示全部楼层 · 发表于 2012-5-9 14:22:33

是呢，剛更新，沒這問題，一般打補丁還是用系統自帶的比較好，第三方軟件更新補丁若非不得已建議建議別用。。。。

[求助] 已解决、感谢大家★★这是什么情况，红伞报微软补丁★★

本帖子中包含更多资源

评分

浏览过的版块