浏览器加载项
[LpkHlpr Class]
{00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\windows\system32\apphlp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\系统保护工具\kis\scieplugin.dll, Kaspersky Lab>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Java Plug-in 1.6.0_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.4.1_01]
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_08]
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\常用工具\迅雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[LpkHlpr Class]
{00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\windows\system32\apphlp.dll, Microsoft Corporation>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\windows\system32\msjava.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[上传到QQ网络硬盘]
<D:\常用工具\传美QQ\qq\AddToNetDisk.htm, N/A>
[使用iTudou下载节目]
<D:\常用工具\iTudou\iTudou_Link.HTM, N/A>
[使用Web迅雷下载]
<D:\常用工具\迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\常用工具\迅雷\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<D:\常用工具\传美QQ\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\常用工具\传美QQ\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\常用工具\传美QQ\qq\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 712][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\系统保护工具\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1096][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316][C:\windows\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1612][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\windows\system32\lapiw.dll] [N/A, ]
[C:\windows\system32\kdrdbi33.dll] [N/A, ]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\windows\system32\TudouUpload.dll] [www.Tudou.com, 1.1.0.0]
[D:\系统保护工具\kis\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1640][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINDOWS\SYSTEM32\WBEM\NOJKJ.DLL] [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 1700][C:\windows\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll] [Microsoft Corporation, 2.0.50727.101 (QFE.050727-1000)]
[PID: 1744][C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\Program Files\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[PID: 1908][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 2020][e:\sqleval\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[e:\sqleval\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 336][C:\WINDOWS\system32\shadow\ShadowService.exe] [N/A, ]
[PID: 376][C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll] [Microsoft Corporation, 2005.090.1399.00]
[PID: 2160][C:\windows\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2240][C:\windows\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 2488][D:\Program Files\zte\ZTE Supplicant\ZTESupplicant.exe] [N/A, ]
[D:\Program Files\zte\ZTE Supplicant\packet.dll] [CACE Technologies, 3, 1, 0, 27]
[D:\Program Files\zte\ZTE Supplicant\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\zte\ZTE Supplicant\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\zte\ZTE Supplicant\Hlp8021x.dll] [, 1, 0, 1, ]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[D:\系统保护工具\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 2136][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\components\jsd3250.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\components\xpinstal.dll] [Mozilla Foundation, 1.8.1.4: 2007051502]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62]
[PID: 2600][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\windows\system32\apphlp.dll] [Microsoft Corporation, 1, 0, 2, 1]
[C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.10.6]
[C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\系统保护工具\kis\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\系统保护工具\kis\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[d:\系统保护工具\kis\params.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[d:\系统保护工具\kis\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\windows\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.0r210]
[PID: 1812][D:\常用工具\迅雷\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 8, 4, 130]
[D:\常用工具\迅雷\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
[D:\常用工具\迅雷\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[D:\常用工具\迅雷\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 24]
[D:\常用工具\迅雷\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
[D:\常用工具\迅雷\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[D:\常用工具\迅雷\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
[D:\常用工具\迅雷\Inmedia\iEmbedShell.dll] [ , 1, 0, 0, 19]
[D:\常用工具\迅雷\InMedia\iEmbed10.dll] [ , 3, 3, 1, 83]
[D:\常用工具\迅雷\CacheServer.dll] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll] [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll] [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[D:\系统保护工具\kis\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\系统保护工具\kis\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[d:\系统保护工具\kis\params.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[D:\系统保护工具\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[d:\系统保护工具\kis\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\系统保护工具\kis\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 468][C:\WINDOWS\system32\mdm.exe] [Microsoft Corporation, 6.00.8149]
[C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll] [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[PID: 3868][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 3980][C:\DOCUME~1\xing\LOCALS~1\Temp\Rar$EX00.125\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\windows\system32\JPWB.IME] [常诚研制, 4.00.950]
[D:\系统保护工具\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[E:\]
[AutoRun]
open=autorun.exe
icon=autorun.exe
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2724B25)
RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2724D67)
RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2724F0B)
RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB2724C49)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xB2724E8F)
==================================
隐藏进程
N/A
================================== |