收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 请帮我看看这是什么病毒
12345下一页
返回列表 发新帖
查看: 11341|回复: 42
收起左侧

请帮我看看这是什么病毒

[复制链接]
shiyucn
发表于 2007-12-9 12:09:52 | 显示全部楼层 |阅读模式
请大家帮我看看这是什么病毒?如何解决?谢谢!
以下是SREngLOG

[CODE]

2007-12-09,11:22:31

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <SRS Audio Sandbox><"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme>  [SRS Labs, Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <TrackPointSrv><tp4serv.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor>  [Lenovo Group Limited]
    <BLOG><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog>  []
    <TPHOTKEY><C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe>  [(Verified)Lenovo (Japan) Ltd.]
    <TP4EX><tp4ex.exe>  [Lenovo Group Limited]
    <LPManager><C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe>  [(Verified)Lenovo (Japan) Ltd.]
    <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <AwaySch><C:\Program Files\Lenovo\AwayTask\AwaySch.EXE>  [Lenovo Group Limited]
    <PDService.exe><"C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe">  [Utimaco Safeware AG]
    <cssauth><"C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent>  [N/A]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <TVT Scheduler Proxy><C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe>  [Lenovo Group Limited]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows XP Publisher]
    <360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <TPFNF7><C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r>  [(Verified)Lenovo (Japan) Ltd.]
    <!AVG Anti-Spyware><"D:\AVG Anti-Spyware\CRavgas.exe" /minimized>  [GRISOFT s.r.o.]
    <AVG><D:\AVG Anti-Spyware\CRavgas.exe>  [GRISOFT s.r.o.]
    <360Antiarp><D:\Program Files\360safe\antiarp\antiarp.exe /start>  [奇虎网]
    <Windows木马防火墙><C:\ftc\Trojanwall.exe>  [风云谷]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:10:24 | 显示全部楼层
==================================
启动文件夹
N/A

==================================
服务
[Ac Profile Manager Service / AcPrfMgrSvc][Running/Auto Start]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe><Lenovo>
[Access Connections Main Service / AcSvc][Running/Auto Start]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe><Lenovo>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\AVG Anti-Spyware\guard.exe><GRISOFT s.r.o.>
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><Lenovo>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IPS 核心服务 / IPSSVC][Running/Auto Start]
  <C:\WINDOWS\system32\IPSSVC.EXE><Lenovo Group Limited>
[System Update / SUService][Running/Auto Start]
  <c:\program files\lenovo\system update\suservice.exe><Lenovo Group Limited>
[ThinkVantage Registry Monitor Service / ThinkVantage Registry Monitor Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe"><>
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[TVT Scheduler / TVT Scheduler][Running/Auto Start]
  <"C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe"><Lenovo Group Limited>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><奇虎网>
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[AEAudio Service / AEAudioService][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[ANC / ANC][Running/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[%ATHER.Service.DispName% / AR5513][Stopped/Manual Start]
  <system32\DRIVERS\ar5513.sys><Atheros Communications, Inc.>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\AVG Anti-Spyware\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
  <System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[IBM eGatherer / EGATHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Stopped/Manual Start]
  <system32\DRIVERS\hsxhwazl.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys><N/A>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pmem / pmem][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\pmemnt.sys><Microsoft Corporation>
[PrivateDisk / PrivateDisk][Running/Auto Start]
  <\??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys><Utimaco Safeware AG>
[IPS 帮助器驱动程序 / PROCDD][Running/Auto Start]
  <system32\DRIVERS\PROCDD.SYS><Lenovo Group Limited>
[Lenovo Parties Service Access Device Driver / psadd][Running/Manual Start]
  <system32\DRIVERS\psadd.sys><Lenovo (United States) Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smi2 / smi2][Running/Auto Start]
  <\??\C:\Program Files\SMI2\smi2.sys><IBM Corp.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Running/Manual Start]
  <system32\drivers\srs_sscfilter_i386.sys><>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
  <system32\DRIVERS\tp4track.sys><Lenovo Group Limited>
[TPHKDRV / TPHKDRV][Running/System Start]
  <system32\DRIVERS\TPHKDRV.sys><IBM Corporation>
[TPPWRIF / TPPWRIF][Running/System Start]
  <System32\drivers\Tppwrif.sys><N/A>
[TSMAPIP / TSMAPIP][Running/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[tzegixoz / tzegixoz][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tzegixoz.sys><Yahoo! China Corporation>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:11:39 | 显示全部楼层
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360safe\live.dll, 360safe.com>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[CPwmIEBrowserHelper Object]
  {F040E541-A427-4CF7-85D8-75E3E0F476C5} <C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll, Lenovo Group Limited>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:12:52 | 显示全部楼层
==================================
正在运行的进程
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2645 (xpsp.050331-1524)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACGina.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll]  [Lenovo, 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll]  [Lenovo , 4.42]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe]  [Lenovo, 1.43]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1044 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1160 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1348 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  [, ]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1448 / SYSTEM][C:\WINDOWS\system32\IPSSVC.EXE]  [Lenovo Group Limited, 2, 0, 5, 2]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\AwayTask\AwayDB.DLL]  [Lenovo Group Limited, 2, 0, 0, 0]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1464 / SYSTEM][C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll]  [Lenovo, 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll]  [Lenovo , 4.42]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1516 / SYSTEM][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 9.0.541.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll]  [Diskeeper Corporation, 9.0.541.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [Executive Software International, Inc., 1.0.34.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll]  [Diskeeper Corporation, 9.0.541.0]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\2052\DkRes.dll]  [Diskeeper Corporation, 9.0.541.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  [Diskeeper Corporation, 9.0.541.0]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1568 / SYSTEM][c:\program files\lenovo\system update\suservice.exe]  [Lenovo Group Limited, 3.0.23.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_362a8810\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_99291c4e\system.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\program files\lenovo\system update\tvsuservicecommon.dll]  [ , 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_zh-chs_b03f5f7f11d50a3a\system.serviceprocess.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1624 / SYSTEM][C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe]  [, 1, 0, 0, 1]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\TpKmpSVC.exe]  [N/A, ]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1716 / SYSTEM][C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe]  [Lenovo Group Limited, 4,0,500,0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1740 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1808 / SYSTEM][C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll]  [Lenovo, 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll]  [Lenovo , 4.42]
    [C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll]  [IBM Corp., 8.3]
    [C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll]  [IBM Corp., 8.3]
    [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll]  [Lenovo , 4.42]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 180 / 石宇][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:13:43 | 显示全部楼层
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Common Files\Lenovo\tvt_banner.dll]  [Lenovo Group Limited, 1.10.0051.00]
    [C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdshell.dll]  [Utimaco Safeware AG, 1.19.0.1]
    [C:\Program Files\Lenovo\SafeGuard PrivateDisk\PDLib.dll]  [Utimaco Safeware AG, 1.19.0.1]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lenovo\SafeGuard PrivateDisk\PDLib0804.dll]  [Utimaco Safeware AG, 1.19.0.1]
    [C:\Program Files\Lenovo\SafeGuard PrivateDisk\PDShell0804.dll]  [Utimaco Safeware AG, 1.19.0.1]
    [C:\ftc\Commenu.dll]  [Fygsoft and Microsoft, 3.0.0.63]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\zh-CHS\ShFusRes.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1100 / 石宇][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL]  [Lenovo Group Limited, 1, 0, 0, 0]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL]  [N/A, ]
    [C:\WINDOWS\system32\OEMDSPIF.DLL]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 6.14.10.4860]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1192 / 石宇][C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe]  [Lenovo Group Limited, 1.00]
    [C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1216 / 石宇][C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe]  [Lenovo Group Limited, 1, 0, 0, 2]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:16:04 | 显示全部楼层
[C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [D:\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [D:\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [D:\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [D:\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.64]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [D:\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.11: 2007112718]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Common Files\Lenovo\tvt_banner.dll]  [Lenovo Group Limited, 1.10.0051.00]
    [C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll]  [N/A, ]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3456 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:16:20 | 显示全部楼层
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:16:38 | 显示全部楼层
==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1448, C:\WINDOWS\SYSTEM32\IPSSVC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1448, C:\WINDOWS\SYSTEM32\IPSSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1464, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACPRFMGRSVC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1464, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACPRFMGRSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1516, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1516, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1568, C:\PROGRAM FILES\LENOVO\SYSTEM UPDATE\SUSERVICE.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1568, C:\PROGRAM FILES\LENOVO\SYSTEM UPDATE\SUSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1660, C:\WINDOWS\SYSTEM32\TPKMPSVC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1660, C:\WINDOWS\SYSTEM32\TPKMPSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1716, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1808, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1808, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1232, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1232, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1232, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1240, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1240, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1240, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1396, C:\PROGRAM FILES\LENOVO\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1396, C:\PROGRAM FILES\LENOVO\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1396, C:\PROGRAM FILES\LENOVO\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 764, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 764, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 764, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2080, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2080, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2080, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2140, D:\AVG ANTI-SPYWARE\CRAVGAS.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2140, D:\AVG ANTI-SPYWARE\CRAVGAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2140, D:\AVG ANTI-SPYWARE\CRAVGAS.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2188, D:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2188, D:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2188, D:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2200, C:\FTC\TROJANWALL.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2200, C:\FTC\TROJANWALL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2200, C:\FTC\TROJANWALL.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2260, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2260, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2260, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2304, C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2304, C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2304, C:\PROGRAM FILES\SRS LABS\AUDIO SANDBOX\SRSSSC.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2444, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKICON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2444, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKICON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2444, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKICON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2744, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2744, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE]

==================================
API HOOK
入口点错误:FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
N/A

==================================


[/CODE]
回复

举报

shiyucn
 楼主| 发表于 2007-12-9 12:24:00 | 显示全部楼层
浏览网页时总是自动加载
http://acc.micrfet.com
http://ccc.micrfet.com
之类的url,重装系统也没有用
回复

举报

huxiqiuzhen
发表于 2007-12-9 12:24:41 | 显示全部楼层
你的SRENGLOG太长了,需要改进啊
这么多,别人帮助分析的时候需要很大的工作量的。
在扫描前一定要关闭不必要的运行程序,如QQ等~
这样做的好处是你方便,别人帮助你的时候也方便。
回复

举报

下一页 »
12345下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-19 16:35 , Processed in 0.147664 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表