[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Bin\Timwp.dll, (Signed) Tencent>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[PPLive Lite Class]
{EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll, (Signed) >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(210).dll, Xunlei Networking Technologies,LTD>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <, >
[&使用BitComet下载]
<res://C:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://C:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm, N/A>
==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1360 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520 / SYSTEM][C:\Program Files\Keniu\ConewRsc\conewrsc.exe] [, 2010,09,27,1438]
[C:\Program Files\Keniu\ConewRsc\kdump.dll] [Kingsoft Corporation, 2010,10,11,1453]
[C:\Program Files\Keniu\ConewRsc\kxestat.dll] [Kingsoft Corporation, 2009,11,20,309]
[C:\Program Files\Keniu\ConewRsc\kxebase.dll] [Kingsoft Corporation, 2009,11,20,309]
[C:\Program Files\Keniu\ConewRsc\scom.dll] [Kingsoft Corporation, 2009,11,20,309]
[C:\Program Files\Keniu\ConewRsc\kxecore\kxelog.dll] [Kingsoft Corporation, 2009,11,20,309]
[C:\Program Files\Keniu\ConewRsc\kxecore\kxecore.dll] [Kingsoft Corporation, 2010,5,12,402]
[C:\Program Files\Keniu\ConewRsc\kxecore\kxestat.dll] [Kingsoft Corporation, 2009,11,20,309]
[C:\Program Files\Keniu\ConewRsc\ksmcorex.dll] [Kingsoft Corporation, 2010,12,14,63]
[C:\Program Files\Keniu\ConewRsc\ksecorex.dll] [Kingsoft Corporation, 2010,09,16,1206]
[C:\Program Files\Keniu\ConewRsc\kae\kaecore.dat] [Kingsoft Corporation, 2010,06,30,436]
[C:\Program Files\Keniu\ConewRsc\ksbwdet2.dll] [Kingsoft Corporation, 2010,08,26,1359]
[C:\Program Files\Keniu\ConewRsc\sqlite.dll] [N/A, ]
[C:\Program Files\Keniu\ConewRsc\kae\karchive.dat] [Kingsoft Corporation, 2010,06,30,436]
[C:\Program Files\Keniu\ConewRsc\kae\kaearcha.dat] [Kingsoft Corporation, 2010,06,30,436]
[C:\Program Files\Keniu\ConewRsc\kae\kaeolea.dat] [Kingsoft Corporation, 2010,03,18,77]
[C:\Program Files\Keniu\ConewRsc\kae\kaearchb.dat] [Kingsoft Corporation, 2010,06,30,436]
[C:\Program Files\Keniu\ConewRsc\ksmbrfix.dll] [Kingsoft Corporation, 2010,09,13,1403]
[C:\Program Files\Keniu\ConewRsc\ksbwsspx.dll] [Kingsoft Corporation, 2010,05,27,1072]
[C:\Program Files\Keniu\ConewRsc\kcldrep.dll] [Kingsoft Corporation, 2010,11,24,1524]
[C:\Program Files\Keniu\ConewRsc\kavifr.dll] [Kingsoft Corporation, 2010,05,25,74]
[PID: 1592 / SYSTEM][C:\Program Files\KSafe\KSafeSvc.exe] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\ksafeeng.dll] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\katrun.dll] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\ksafebak.dll] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\ksafedb.dll] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\kcache.dll] [Kingsoft Corporation, 2.2.0.1124]
[C:\Program Files\KSafe\knescan.dll] [Kingsoft Corporation., 1.0.0.1111]
[C:\Program Files\KSafe\KEng\ksafeave.dll] [Kingsoft Corporation, 1.1.0.1138]
[C:\Program Files\KSafe\kdump.dll] [Kingsoft Corporation, 2010,12,02,1546]
[C:\Program Files\KSafe\kxebase.dll] [Kingsoft Corporation, 2010,5,12,402]
[C:\Program Files\KSafe\scom.dll] [Kingsoft Corporation, 2010,5,12,402]
[C:\Program Files\KSafe\KEng\kae\kaecore.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\kxecore\kxecore.dll] [Kingsoft Corporation, 2010,5,12,402]
[C:\Program Files\KSafe\kexectrl.dll] [Kingsoft Corporation, 2010,09,18,1422]
[C:\Program Files\KSafe\kwssp.dll] [Kingsoft Corporation, 2011.01.01.1141]
[C:\Program Files\KSafe\json.dll] [N/A, ]
[C:\Program Files\KSafe\fwproxy.dll] [Kingsoft Corporation, 2.2.0.1139]
[C:\Program Files\KSafe\kse\ksecansp.dll] [Kingsoft Corporation, 2010,12,17,1585]
[C:\Program Files\KSafe\kse\ksecorex.dll] [Kingsoft Corporation, 2010,12,28,1480]
[C:\Program Files\KSafe\kse\wfs.dll] [Kingsoft Corporation, 2010,08,23,1070]
[C:\Program Files\KSafe\kse\sqlite.dll] [Kingsoft Corporation, 2010,03,30,781]
[C:\Program Files\KSafe\kse\ksbwdet2.dll] [Kingsoft Corporation, 2010,12,31,22]
[C:\Program Files\KSafe\KEng\kae\karchive.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaearcha.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaeolea.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaearchb.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaeunpak.dat] [Kingsoft Corporation, 2010,06,30,436]
[C:\Program Files\KSafe\KEng\kae\kaeunpack.dat] [Kingsoft Corporation, 2010,07,18,365]
[C:\Program Files\KSafe\KEng\kae\kaecoref.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaecorea.dat] [Kingsoft Corporation, 2010,12,16,1454]
[C:\Program Files\KSafe\KEng\kae\kaevname.dat] [Kingsoft Corporation, 2010,12,16,1454]
[PID: 508 / zgh][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Program Files\Kingsoft\Kingsoft Antivirus\ktaskbar.dll] [Kingsoft Corporation, 2010,05,26,732]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\Kingsoft\Kingsoft Antivirus\kis.dll] [Kingsoft Corporation, 2010,11,11,77]
[C:\Program Files\Kingsoft\Kingsoft Antivirus\kavmenu.dll] [Kingsoft Corporation, 2010,05,29,742]
[PID: 544 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.3740 (xpsp_sp2_qfe.100817-1639)]
[PID: 376 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1344 / SYSTEM][C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe] [InterVideo Inc., 1.0.0.1]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1460 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1692 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 2272 / SYSTEM][C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$HOME\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$HOME\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.2039.00]
[PID: 2352 / zgh][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[PID: 2364 / zgh][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 3, 6, 119, 11]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[PID: 2428 / zgh][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.30]
[PID: 2436 / SYSTEM][C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe] [SafeNet, Inc, 7, 0, 0]
[PID: 2444 / zgh][C:\Program Files\KSafe\KSafeTray.exe] [Kingsoft Corporation, 2.2.0.1134]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\KSafe\kdump.dll] [Kingsoft Corporation, 2010,12,02,1546]
[C:\Program Files\KSafe\krunopt.dll] [Kingsoft Corporation, 2.2.0.1129]
[C:\Program Files\KSafe\kwsctrl.dll] [Kingsoft Corporation, 2.2.0.1139]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\ksafevul.dll] [Kingsoft Corporation, 2.2.0.1129]
[C:\Program Files\KSafe\ksafeup.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\KSafe\zlib1.dll] [, 1.2.3]
[C:\Program Files\KSafe\KEng\ksignup.dll] [Kingsoft Corporation, 1.1.0.1138]
[C:\Program Files\KSafe\KEng\KSGMerge.DLL] [Kingsoft Corporation, 2010,08,29,1105]
[C:\Program Files\KSafe\kplugeng.dll] [Kingsoft Corporation, 2.2.0.1124]
[PID: 2480 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2596 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.9]
[C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.8320.9]
[C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.8320.9]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.8320.9]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.8320.9]
[PID: 2640 / zgh][C:\WINDOWS\system32\hhukcert02.exe] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\hhukey3k02.dll] [, 1, 0, 0, 16]
[PID: 2652 / zgh][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2980 / zgh][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[PID: 3580 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2508 / zgh][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[PID: 2964 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\kwsui.dll] [Kingsoft Corporation, 2010.12.30.1139]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\KSafe\kdump.dll] [Kingsoft Corporation, 2010,12,02,1546]
[C:\Program Files\KSafe\kswebshield.dll] [Kingsoft Corporation, 2011.01.07.1144]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\gears.dll] [Google Inc., 0.5.33.0]
[C:\WINDOWS\system32\SOGOUWB.IME] [Sogou.com Inc., 1.6.0.0973]
[C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\StatisticsModule.dll] [Sogou.com Inc., 1.6.0.0973]
[C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\ManualNewWord.dll] [Sogou.com Inc., 1.6.0.0973]
[C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\AutoNewWord.dll] [Sogou.com Inc., 1.6.0.0973]
[C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\StrDictModule.dll] [Sogou.com Inc., 1.6.0.0973]
[C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\PunctureModule.dll] [Sogou.com Inc., 1.6.0.0973]
[PID: 2584 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 2560 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\kwsui.dll] [Kingsoft Corporation, 2010.12.30.1139]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\KSafe\kdump.dll] [Kingsoft Corporation, 2010,12,02,1546]
[C:\Program Files\KSafe\kswebshield.dll] [Kingsoft Corporation, 2011.01.07.1144]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\gcswf32.dll] [, ]
[PID: 2864 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 3268 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 3612 / zgh][C:\WINDOWS\system32\mspaint.exe] [(Verified) Microsoft Corporation, 5.1.2600.3660 (xpsp_sp2_gdr.091216-1517)]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[PID: 3520 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 3472 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 840 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 3356 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 596 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 1516 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 2224 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll] [Google Inc., 7.0.517.44]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll] [, 1, 0, 0, 1]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll] [N/A, ]
[PID: 2196 / zgh][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
[C:\Program Files\KSafe\kwsui.dll] [Kingsoft Corporation, 2010.12.30.1139]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\KSafe\kswebshield.dll] [Kingsoft Corporation, 2011.01.07.1144]
[PID: 3000 / zgh][D:\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[PID: 4040 / zgh][D:\sreng2\SREfe2c1819.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Program Files\KSafe\ksfmon.dll] [Kingsoft Corporation, 2.2.0.1134]
[C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll] [Kingsoft Corporation, 2010,08,30,159]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2352, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2364, C:\WINDOWS\VM303_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2980, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2196, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
计划任务
[已禁用] User_Feed_Synchronization-{88456C65-703B-48F9-BDFE-C6505A871069}.job
C:\WINDOWS\system32\msfeedssync.exe
[已启用] GoogleUpdateTaskUserS-1-5-21-1454471165-920026266-682003330-1007Core1cb7107e7e8b14c.job
C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[已启用] AdobeAAMUpdater-1.0-ZHANGGH-zgh.job
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[已启用] AdobeAAMUpdater-1.0 Fallback-ZHANGGH-zgh.job
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB914440, 网络诊断工具 (KB914440)
KB925720, 2007 年 2 月发布的用于 Windows XP 的 CardSpace 更新程序 (KB925720)
KB942831, Windows XP 安全更新程序 (KB942831) MS08-005
KB942830, Windows XP 安全更新程序 (KB942830) MS08-006
KB907417, Office 2003 更新 (KB907417)
KB943973, Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB951376, Microsoft XP 安全更新程序 (KB951376) MS08-030
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB955439, Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB959209, Microsoft .NET Framework 3.5 Family Update (KB959209) x86
KB960082, SQL Server 2000 Service Pack 4 安全性更新 (KB960082) MS09-004
KB961118, Windows XP 更新程序 (KB961118)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB956572, Windows XP 安全更新程序 (KB956572) MS09-012
KB961503, Windows XP 更新程序 (KB961503)
KB936929, Windows XP Service Pack 3 (KB936929)
KB970483, Windows XP 安全更新程序 (KB970483) MS09-020
KB963707, 用于 .NET Framework Assistant 1.0 x86 的 .NET Framework 3.5 Service Pack 1 更新程序 (KB963707)
KB973923, Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package 的安全更新 (KB973923) MS09-035
KB973924, Microsoft Visual C++ 2008 Redistributable Package 的安全更新 (KB973924) MS09-035
KB973540, Windows XP Service Pack 2 安全更新程序 (KB973540) MS09-037
KB971657, Windows XP 安全更新程序 (KB971657) MS09-041
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB958869, Windows XP 安全更新程序 (KB958869) MS09-062
KB975254, Windows XP 安全更新程序 (KB975254) MS09-053
KB974554, Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB954430, Microsoft XML Core Services 4.0 Service Pack 2 安全更新程序 (KB954430) MS08-069
KB973686, Microsoft XML Core Services 6.0 Service Pack 2 更新程序 (KB973686)
KB970430, Windows XP 更新程序 (KB970430)
KB971737, Windows XP 更新程序 (KB971737)
KB955759, Windows XP 更新程序 (KB955759)
KB973904, Windows XP 安全更新程序 (KB973904) MS09-073
KB978551, Microsoft Office 2003 更新 (KB978551)
KB973688, Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688)
KB976569, 用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 2.0 Service Pack 2 更新程序 (KB976569)
KB976570, 用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.0 Service Pack 2 更新程序 (KB976570)
KB974417, 用于 Windows 2000、Windows Server 2003 和 Windows XP 的 Microsoft .NET Framework 2.0 Service Pack 2 安全更新程序 (KB974417) MS09-061
KB981793, Windows XP 更新程序 (KB981793)
KB982168, 用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.5 SP1 更新程序 (KB982168)
KB982524, 用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.5 SP1 和 .NET Framework 2.0 SP2 更新程序 (KB982524)
KB2477244, Microsoft Silverlight 更新 (KB2477244)
KB890830, Windows 恶意软件删除工具 - 2010 年 12 月 (KB890830)
KB2466074, Outlook 2003 垃圾邮件筛选器更新 (KB2466074)
==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x014802F1)
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x011F02F1)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x014502F1)
==================================
隐藏进程
N/A
==================================
[/CODE] |