查看: 5594|回复: 7
收起左侧

[求助] sreng检测到入口点错误,需要修复吗?

[复制链接]
ggyy66
发表于 2011-1-9 19:47:18 | 显示全部楼层 |阅读模式
sreng检测到入口点错误,需要修复吗?我不敢直接修复,因为我怕机器出问题。(因为最近机器不能坏,事情很多需要做)
再则,我用金山卫士,金山毒霸扫描什么也扫不出来。

rukou.JPG


ggyy66
 楼主| 发表于 2011-1-9 19:49:23 | 显示全部楼层
[CODE]

2011-01-09,19:45:31

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [File is missing]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [File is missing]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KSafeTray><"C:\Program Files\KSafe\KSafeTray.exe" -autorun>  [(Verified)Kingsoft Security Co.,Ltd]
    <kxesc><"C:\Program Files\Common Files\Kingsoft\kiscommon\kxetray.exe" -autorun>  [(Verified)Zhuhai  Kingsoft Software Co.,Ltd]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <hhukcert02><C:\WINDOWS\system32\hhukcert02.exe>  [(Verified)Beijing Huahong Integrated Circuit Design Co.,Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Capture Device Service / Capture Device Service][Running/Auto Start]
  <"C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"><InterVideo Inc.>
[Conew Rescue Service / Conew Rescue Service][Running/Auto Start]
  <C:\Program Files\Keniu\ConewRsc\conewrsc.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ICBC Daemon Service / ICBC Daemon Service][Stopped/Disabled]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe><(File is missing)>
[KSafe service / KSafeSvc][Running/Auto Start]
  <"C:\Program Files\KSafe\KSafeSvc.exe" -svc><Kingsoft Corporation>
[Kingsoft Core Defend Service / kxedefend][Running/Auto Start]
  <"C:\Program Files\Common Files\Kingsoft\kiscommon\kxedefend.exe" /service kxedefend><Kingsoft Corporation>
[Kingsoft Security App Service / kxesapp][Running/Auto Start]
  <"C:\Program Files\Common Files\Kingsoft\kiscommon\kxesapp.exe" /service kxesapp><Kingsoft Corporation>
[Kingsoft Core Service / kxescore][Running/Auto Start]
  <"C:\Program Files\Common Files\Kingsoft\kiscommon\kxescore.exe" /service kxescore><Kingsoft Corporation>
[Kingsoft Antivirus Update Service / KxEUpSrv][Running/Auto Start]
  <"C:\Program Files\Common Files\Kingsoft\kiscommon\upsvc.exe"><Kingsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQL$HOME / MSSQL$HOME][Running/Auto Start]
  <C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sHOME><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NetDogService / NetDogService][Stopped/Disabled]
  <C:\WINDOWS\system32\NetDogSrv.EXE><(File is missing)>
[SentinelProtectionServer / SentinelProtectionServer][Running/Auto Start]
  <"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"><SafeNet, Inc>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><(File is missing)>
[SQLAgent$HOME / SQLAgent$HOME][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL$HOME\binn\sqlagent.exe -i HOME><Microsoft Corporation>

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.5.3.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[bootsafe / bootsafe][Running/Boot Start]
  <\SystemRoot\system32\Drivers\bootsafe.sys><>
[FYTdifltDrv / FYTdifltDrv][Running/System Start]
  <\??\C:\Program Files\FengYun\FYTdiDrv.sys><www.218.cc>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[kmodurl / kmodurl][Running/System Start]
  <\??\C:\Program Files\KSafe\kmodurl.sys><Kingsoft Corporation>
[krpr / krpr][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\krpr.sys><Kingsoft Corporation>
[ksdef / ksdef][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ksdef.sys><Kingsoft Corporation>
[kwatch32 / kwatch32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\kwatch32.sys><Kingsoft Corporation>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co,.Ltd>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow  China Co.,Ltd>
[Ralink 802.11n USB Wireless LAN Card Driver / rt2870][Stopped/Manual Start]
  <system32\DRIVERS\rt2870.sys><Ralink Technology, Corp.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\PROGRA~1\SkyNet\Firewall\SkyProcs.sys><N/A>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
  <system32\DRIVERS\SNTNLUSB.SYS><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[ssmdrv / ssmdrv][Running/System Start]
  <system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[TDDI / TDDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\tddi.sys><SafeNet China Ltd.>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[Virtual CD-ROM Device Driver / vcdrom][Stopped/System Start]
  <\??\C:\Documents and Settings\zgh\My Documents\简易虚拟光驱\虚拟光驱\VCdRom.sys><N/A>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><N/A>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\BitComet\tools\bitcometbho.dll, (Signed) BitComet>
[VagaSearch]
  {468C8F9D-67F2-48A6-88C1-B9015937E74B} <C:\WINDOWS\system32\Vagaa.dll, VagaaSearch>
[ed2k Dectector]
  {56746166-BC44-45f4-ADCE-52EAC919BB79} <, >
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, (Signed) >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\Downloaded Program Files\certInStall.dll, (Signed) >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Microsoft Genuine Advantage Self Support Tool]
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, (Signed) Microsoft Corporation>
[]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <, >
[icbc_bhdc2vdvCom Class]
  {3D14998A-4CFB-4FC8-A98D-A24F05E4ED88} <C:\WINDOWS\system32\icbc_bhdc2vdv.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\DOWNLO~1\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.>
[SfEdit32 Control]
  {69A5F9C4-01CB-470B-8161-CE67313E3CF4} <C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\InputControl.dll, (Signed) >
[CertEnroll Class]
  {7978461C-CC22-48F2-BC69-02220D3E101D} <C:\WINDOWS\Downloaded Program Files\itrusenroll.dll, (Signed) iTruschina Co., Ltd.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\SubmitControl.dll, (Signed) >
[]
  {9E4CCA44-17FC-402B-822C-BFA6CBA77C0C} <, >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[ICBCQPKCom_HH Class]
  {B219E31C-E110-4638-AF01-7BDD5ACA552C} <C:\WINDOWS\system32\ICBCQPK_HH.dll, (Signed) >
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >
[]
  {E55624A3-B56C-41D7-9962-96E45467B276} <, >
[QQPasswordCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\Program Files\Common Files\tencent\paycenter\qqedit.dll, (Signed) Tencent>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, (Signed) >
[PhotoDrawEx Class]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <C:\Program Files\Common Files\Tencent\QQPhotoDrawEx\QQPhotoDrawEx.2.27.171.429.dll, (Signed) Tencent>
[]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <, >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\Downloaded Program Files\certInStall.dll, (Signed) >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {1D63232D-4F15-4A42-890D-EE617AA1537D} <, >
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll, (Signed) Tencent>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Microsoft Genuine Advantage Self Support Tool]
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, (Signed) Microsoft Corporation>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\BitComet\tools\bitcometbho.dll, (Signed) BitComet>
[]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <, >
[icbc_bhdc2vdvCom Class]
  {3D14998A-4CFB-4FC8-A98D-A24F05E4ED88} <C:\WINDOWS\system32\icbc_bhdc2vdv.dll, (Signed) >
[Google Update Plugin]
  {4536918A-95A8-498F-B542-CB906C561A43} <C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll, (Signed) Google Inc.>
[VagaSearch]
  {468C8F9D-67F2-48A6-88C1-B9015937E74B} <C:\WINDOWS\system32\Vagaa.dll, VagaaSearch>
[]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <, >
[Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[ed2k Dectector]
  {56746166-BC44-45F4-ADCE-52EAC919BB79} <, >
[]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\DOWNLO~1\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[]
  {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} <, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[SfEdit32 Control]
  {69A5F9C4-01CB-470B-8161-CE67313E3CF4} <C:\WINDOWS\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\InputControl.dll, (Signed) >
[]
  {7B434A2A-9E4C-48F2-8373-5801F316A4D5} <, >
[XunleiBHO Class]
  {802F530B-A8F6-4631-AE49-6BACAAC6373E} <C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[]
  {8AC3BC28-E145-4385-A694-8AAC128ACB16} <, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\SubmitControl.dll, (Signed) >
[SSOForPTLogin Class]
  {8FC1EE75-72B3-4A23-B987-2B1C4C8A611B} <C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOAxCtrlForPTLogin.dll, (Signed) >
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5927.310.(693).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.32.(693).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[]
  {A412E581-59B2-485E-834F-C5F0C0268C79} <, >
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5927.310.(693).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[]
  {AE7CD045-E861-484F-8273-0445EE161910} <, >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[ICBCQPKCom_HH Class]
  {B219E31C-E110-4638-AF01-7BDD5ACA552C} <C:\WINDOWS\system32\ICBCQPK_HH.dll, (Signed) >
[]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
[QQCertificateCtrl Class]
  {BAEA0695-03A4-43BB-8495-C7025E1A8F42} <C:\Program Files\Common Files\tencent\paycenter\qqcert.dll, (Signed) Tencent>
[]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <, >
[FTNUpload Class]
  {BDEACC50-F56D-4D60-860F-CF6ED1766D65} <C:\Program Files\Common Files\Tencent\TXFTN\TXFTNActiveX1.13.dll, (Signed) Tencent>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[]
  {C92AE615-4D46-4489-96FA-C5D6A38B3AB1} <, >
[QQPlayerCtrl Class]
  {CD108273-D434-43E6-AA90-1469F97EB398} <C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll,  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[]
  {E19ADC6E-3909-43E4-9A89-B7B676377EE3} <, >
[]
  {E2883E8F-472F-4fb0-9522-AC9BF37916A7} <, >
[]
  {E55624A3-B56C-41D7-9962-96E45467B276} <, >
[]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <, >
[QQPasswordCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\Program Files\Common Files\tencent\paycenter\qqedit.dll, (Signed) Tencent>
[SSOForPTLogin2 Class]
  {EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.14\Bin\SSOAxCtrlForPTLogin.dll, (Signed) >
ggyy66
 楼主| 发表于 2011-1-9 19:50:01 | 显示全部楼层
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Bin\Timwp.dll, (Signed) Tencent>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[PPLive Lite Class]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll, (Signed) >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(210).dll, Xunlei Networking Technologies,LTD>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <, >
[&使用BitComet下载]
  <res://C:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1360 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520 / SYSTEM][C:\Program Files\Keniu\ConewRsc\conewrsc.exe]  [, 2010,09,27,1438]
    [C:\Program Files\Keniu\ConewRsc\kdump.dll]  [Kingsoft Corporation, 2010,10,11,1453]
    [C:\Program Files\Keniu\ConewRsc\kxestat.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\Keniu\ConewRsc\kxebase.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\Keniu\ConewRsc\scom.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\Keniu\ConewRsc\kxecore\kxelog.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\Keniu\ConewRsc\kxecore\kxecore.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [C:\Program Files\Keniu\ConewRsc\kxecore\kxestat.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [C:\Program Files\Keniu\ConewRsc\ksmcorex.dll]  [Kingsoft Corporation, 2010,12,14,63]
    [C:\Program Files\Keniu\ConewRsc\ksecorex.dll]  [Kingsoft Corporation, 2010,09,16,1206]
    [C:\Program Files\Keniu\ConewRsc\kae\kaecore.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [C:\Program Files\Keniu\ConewRsc\ksbwdet2.dll]  [Kingsoft Corporation, 2010,08,26,1359]
    [C:\Program Files\Keniu\ConewRsc\sqlite.dll]  [N/A, ]
    [C:\Program Files\Keniu\ConewRsc\kae\karchive.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [C:\Program Files\Keniu\ConewRsc\kae\kaearcha.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [C:\Program Files\Keniu\ConewRsc\kae\kaeolea.dat]  [Kingsoft Corporation, 2010,03,18,77]
    [C:\Program Files\Keniu\ConewRsc\kae\kaearchb.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [C:\Program Files\Keniu\ConewRsc\ksmbrfix.dll]  [Kingsoft Corporation, 2010,09,13,1403]
    [C:\Program Files\Keniu\ConewRsc\ksbwsspx.dll]  [Kingsoft Corporation, 2010,05,27,1072]
    [C:\Program Files\Keniu\ConewRsc\kcldrep.dll]  [Kingsoft Corporation, 2010,11,24,1524]
    [C:\Program Files\Keniu\ConewRsc\kavifr.dll]  [Kingsoft Corporation, 2010,05,25,74]
[PID: 1592 / SYSTEM][C:\Program Files\KSafe\KSafeSvc.exe]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\ksafeeng.dll]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\katrun.dll]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\ksafebak.dll]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\ksafedb.dll]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\kcache.dll]  [Kingsoft Corporation, 2.2.0.1124]
    [C:\Program Files\KSafe\knescan.dll]  [Kingsoft Corporation., 1.0.0.1111]
    [C:\Program Files\KSafe\KEng\ksafeave.dll]  [Kingsoft Corporation, 1.1.0.1138]
    [C:\Program Files\KSafe\kdump.dll]  [Kingsoft Corporation, 2010,12,02,1546]
    [C:\Program Files\KSafe\kxebase.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [C:\Program Files\KSafe\scom.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [C:\Program Files\KSafe\KEng\kae\kaecore.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\kxecore\kxecore.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [C:\Program Files\KSafe\kexectrl.dll]  [Kingsoft Corporation, 2010,09,18,1422]
    [C:\Program Files\KSafe\kwssp.dll]  [Kingsoft Corporation, 2011.01.01.1141]
    [C:\Program Files\KSafe\json.dll]  [N/A, ]
    [C:\Program Files\KSafe\fwproxy.dll]  [Kingsoft Corporation, 2.2.0.1139]
    [C:\Program Files\KSafe\kse\ksecansp.dll]  [Kingsoft Corporation, 2010,12,17,1585]
    [C:\Program Files\KSafe\kse\ksecorex.dll]  [Kingsoft Corporation, 2010,12,28,1480]
    [C:\Program Files\KSafe\kse\wfs.dll]  [Kingsoft Corporation, 2010,08,23,1070]
    [C:\Program Files\KSafe\kse\sqlite.dll]  [Kingsoft Corporation, 2010,03,30,781]
    [C:\Program Files\KSafe\kse\ksbwdet2.dll]  [Kingsoft Corporation, 2010,12,31,22]
    [C:\Program Files\KSafe\KEng\kae\karchive.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaearcha.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaeolea.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaearchb.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaeunpak.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [C:\Program Files\KSafe\KEng\kae\kaeunpack.dat]  [Kingsoft Corporation, 2010,07,18,365]
    [C:\Program Files\KSafe\KEng\kae\kaecoref.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaecorea.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [C:\Program Files\KSafe\KEng\kae\kaevname.dat]  [Kingsoft Corporation, 2010,12,16,1454]
[PID: 508 / zgh][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\Program Files\Kingsoft\Kingsoft Antivirus\ktaskbar.dll]  [Kingsoft Corporation, 2010,05,26,732]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\Kingsoft\Kingsoft Antivirus\kis.dll]  [Kingsoft Corporation, 2010,11,11,77]
    [C:\Program Files\Kingsoft\Kingsoft Antivirus\kavmenu.dll]  [Kingsoft Corporation, 2010,05,29,742]
[PID: 544 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3740 (xpsp_sp2_qfe.100817-1639)]
[PID: 376 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1344 / SYSTEM][C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe]  [InterVideo Inc., 1.0.0.1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 1460 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1692 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 2272 / SYSTEM][C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\opends60.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlsort.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\ums.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL$HOME\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL$HOME\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 2352 / zgh][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
[PID: 2364 / zgh][C:\WINDOWS\VM303_STI.EXE]  [Vimicro, 3, 6, 119, 11]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
[PID: 2428 / zgh][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.30]
[PID: 2436 / SYSTEM][C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe]  [SafeNet, Inc, 7, 0, 0]
[PID: 2444 / zgh][C:\Program Files\KSafe\KSafeTray.exe]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\KSafe\kdump.dll]  [Kingsoft Corporation, 2010,12,02,1546]
    [C:\Program Files\KSafe\krunopt.dll]  [Kingsoft Corporation, 2.2.0.1129]
    [C:\Program Files\KSafe\kwsctrl.dll]  [Kingsoft Corporation, 2.2.0.1139]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\ksafevul.dll]  [Kingsoft Corporation, 2.2.0.1129]
    [C:\Program Files\KSafe\ksafeup.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\KSafe\zlib1.dll]  [, 1.2.3]
    [C:\Program Files\KSafe\KEng\ksignup.dll]  [Kingsoft Corporation, 1.1.0.1138]
    [C:\Program Files\KSafe\KEng\KSGMerge.DLL]  [Kingsoft Corporation, 2010,08,29,1105]
    [C:\Program Files\KSafe\kplugeng.dll]  [Kingsoft Corporation, 2.2.0.1124]
[PID: 2480 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2596 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.9]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.9]
[PID: 2640 / zgh][C:\WINDOWS\system32\hhukcert02.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\hhukey3k02.dll]  [, 1, 0, 0, 16]
[PID: 2652 / zgh][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2980 / zgh][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
[PID: 3580 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2508 / zgh][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
[PID: 2964 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\kwsui.dll]  [Kingsoft Corporation, 2010.12.30.1139]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\KSafe\kdump.dll]  [Kingsoft Corporation, 2010,12,02,1546]
    [C:\Program Files\KSafe\kswebshield.dll]  [Kingsoft Corporation, 2011.01.07.1144]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\gears.dll]  [Google Inc., 0.5.33.0]
    [C:\WINDOWS\system32\SOGOUWB.IME]  [Sogou.com Inc., 1.6.0.0973]
    [C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\StatisticsModule.dll]  [Sogou.com Inc., 1.6.0.0973]
    [C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\ManualNewWord.dll]  [Sogou.com Inc., 1.6.0.0973]
    [C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\AutoNewWord.dll]  [Sogou.com Inc., 1.6.0.0973]
    [C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\StrDictModule.dll]  [Sogou.com Inc., 1.6.0.0973]
    [C:\Program Files\SogouWBInput\1.6.0.0973\Plugins\PunctureModule.dll]  [Sogou.com Inc., 1.6.0.0973]
[PID: 2584 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 2560 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\kwsui.dll]  [Kingsoft Corporation, 2010.12.30.1139]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\KSafe\kdump.dll]  [Kingsoft Corporation, 2010,12,02,1546]
    [C:\Program Files\KSafe\kswebshield.dll]  [Kingsoft Corporation, 2011.01.07.1144]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\gcswf32.dll]  [, ]
[PID: 2864 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 3268 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 3612 / zgh][C:\WINDOWS\system32\mspaint.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3660 (xpsp_sp2_gdr.091216-1517)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
[PID: 3520 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 3472 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 840 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 3356 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 596 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 1516 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 2224 / zgh][C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\chrome.dll]  [Google Inc., 7.0.517.44]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\icudt42.dll]  [IBM Corporation and others, 4, 2, 1, 0]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\locales\zh-CN.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\pdf.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avcodec-52.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avutil-50.dll]  [N/A, ]
    [C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Chrome\Application\7.0.517.44\avformat-52.dll]  [N/A, ]
[PID: 2196 / zgh][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]
    [C:\Program Files\KSafe\kwsui.dll]  [Kingsoft Corporation, 2010.12.30.1139]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\Program Files\KSafe\kswebshield.dll]  [Kingsoft Corporation, 2011.01.07.1144]
[PID: 3000 / zgh][D:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
[PID: 4040 / zgh][D:\sreng2\SREfe2c1819.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    [C:\Program Files\KSafe\ksfmon.dll]  [Kingsoft Corporation, 2.2.0.1134]
    [C:\Program Files\Common Files\Kingsoft\kiscommon\DetectDllHijack.dll]  [Kingsoft Corporation, 2010,08,30,159]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2352, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2364, C:\WINDOWS\VM303_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2980, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2196, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
计划任务
[已禁用] User_Feed_Synchronization-{88456C65-703B-48F9-BDFE-C6505A871069}.job
        C:\WINDOWS\system32\msfeedssync.exe
[已启用] GoogleUpdateTaskUserS-1-5-21-1454471165-920026266-682003330-1007Core1cb7107e7e8b14c.job
        C:\Documents and Settings\zgh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[已启用] AdobeAAMUpdater-1.0-ZHANGGH-zgh.job
        C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[已启用] AdobeAAMUpdater-1.0 Fallback-ZHANGGH-zgh.job
        C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB914440,  网络诊断工具 (KB914440)
KB925720,  2007 年 2 月发布的用于 Windows XP 的 CardSpace 更新程序 (KB925720)
KB942831,  Windows XP 安全更新程序 (KB942831) MS08-005
KB942830,  Windows XP 安全更新程序 (KB942830) MS08-006
KB907417,  Office 2003 更新 (KB907417)
KB943973,  Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB951376,  Microsoft XP 安全更新程序 (KB951376) MS08-030
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB955439,  Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB959209,  Microsoft .NET Framework 3.5 Family Update (KB959209) x86
KB960082,  SQL Server 2000 Service Pack 4 安全性更新 (KB960082) MS09-004
KB961118,  Windows XP 更新程序 (KB961118)
KB909520,  Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB956572,  Windows XP 安全更新程序 (KB956572) MS09-012
KB961503,  Windows XP 更新程序 (KB961503)
KB936929,  Windows XP Service Pack 3 (KB936929)
KB970483,  Windows XP 安全更新程序 (KB970483) MS09-020
KB963707,  用于 .NET Framework Assistant 1.0 x86 的 .NET Framework 3.5 Service Pack 1 更新程序 (KB963707)
KB973923,  Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package 的安全更新 (KB973923) MS09-035
KB973924,  Microsoft Visual C++ 2008 Redistributable Package 的安全更新 (KB973924) MS09-035
KB973540,  Windows XP Service Pack 2 安全更新程序 (KB973540) MS09-037
KB971657,  Windows XP 安全更新程序 (KB971657) MS09-041
KB944036,  用于 Windows XP 的 Internet Explorer 8
KB958869,  Windows XP 安全更新程序 (KB958869) MS09-062
KB975254,  Windows XP 安全更新程序 (KB975254) MS09-053
KB974554,  Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB954430,  Microsoft XML Core Services 4.0 Service Pack 2 安全更新程序 (KB954430) MS08-069
KB973686,  Microsoft XML Core Services 6.0 Service Pack 2 更新程序 (KB973686)
KB970430,  Windows XP 更新程序 (KB970430)
KB971737,  Windows XP 更新程序 (KB971737)
KB955759,  Windows XP 更新程序 (KB955759)
KB973904,  Windows XP 安全更新程序 (KB973904) MS09-073
KB978551,  Microsoft Office 2003 更新 (KB978551)
KB973688,  Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688)
KB976569,  用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 2.0 Service Pack 2 更新程序 (KB976569)
KB976570,  用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.0 Service Pack 2 更新程序 (KB976570)
KB974417,  用于 Windows 2000、Windows Server 2003 和 Windows XP 的 Microsoft .NET Framework 2.0 Service Pack 2 安全更新程序 (KB974417) MS09-061
KB981793,  Windows XP 更新程序 (KB981793)
KB982168,  用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.5 SP1 更新程序 (KB982168)
KB982524,  用于 Windows Server 2003 和 Windows XP x86 的 Microsoft .NET Framework 3.5 SP1 和 .NET Framework 2.0 SP2 更新程序 (KB982524)
KB2477244,  Microsoft Silverlight 更新 (KB2477244)
KB890830,  Windows 恶意软件删除工具 - 2010 年 12 月 (KB890830)
KB2466074,  Outlook 2003 垃圾邮件筛选器更新 (KB2466074)

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x014802F1)
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x011F02F1)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x014502F1)

==================================
隐藏进程
N/A

==================================


[/CODE]
zuo
发表于 2011-1-9 19:54:41 | 显示全部楼层
只要你安装了杀软,就会这样,没问题的
kafan988
发表于 2011-1-9 21:19:19 | 显示全部楼层
没问题的啊
357785777
发表于 2011-1-15 01:11:02 | 显示全部楼层
楼主辛苦了,谢谢
穿越星空
发表于 2011-1-15 18:57:38 | 显示全部楼层
  楼主可以查看下目的地址所在的进程
byxxdrls
头像被屏蔽
发表于 2011-1-15 19:04:38 | 显示全部楼层
可能是金山卫士挂的勾
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-25 00:09 , Processed in 0.154882 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表