|
2009-07-05, 11:29 PM
|
#1 |
|
註冊會員
|
求助 - 整個系統的語言顯示好像都有被病毒或木馬入侵的跡象
-------------------- 閱讀本主題的最佳解答 -------------------- 各位大大好,我的電腦最近兩天出現了讓我很頭痛的兩大問題: (一)數小時前在網路上隨意瀏覽一些個人的部落格,但在瀏覽到一個屬於百度網域的部落格後,電腦就出了很大的問題了。 首先是被強硬植入會不定時自動開啟新廣告網頁的軟體,都是連到簡體字的網站去。然後首頁也被改,才知道原來是無形中被迫灌了某個廣告軟體,還好在新增移除程式那找到這個軟體,並且把它移除成功。可是後來仍是不對勁,仍然會每隔幾分鐘就開新網頁出來,於是我用了Rogue Cleaner惡意軟件清理程式來做一個大清理,找到十幾個可疑物件,就全部把它們刪除,可是有一個檔案怎麼刪也刪不掉,系統雖說重開了會試著刪除但其實刪不掉。還有另外一個,每次都刪得掉,但又會自動浮現出來,也就是說只是表面刪掉,其實並沒刪乾淨,那個檔案名叫做「Yahoo助手」。 後來也就沒有新網頁跳出來了。可是我發現我電腦裡原本運行正常的「繁體中文」部份軟體,開啟時竟然完全變成亂碼,雖然功能正常可是就是整個語系都變了。 然後也很扯的是我瀏覽大部份的繁體中文網頁時(像google),字體全部都不是新細明體了,就是變成大陸網站會出現的那種比較醜一點的字體,更甚者甚至整個變成亂碼,而且我調編碼,不管是調成繁中、簡中、unicode,全部都還是亂碼,完全不能瀏覽。很顯然這是癱瘓了我大部份的正常語言文字顯示功能。 Rogue Cleaner說刪不掉的那個檔案名稱,是832772C0.DLL,在c槽 WINDOWS檔案夾裡的Fonts檔案夾中。我找到那個檔案,我覺得那應該是病毒附體的元兇,想要用unlocker把它解鎖然後刪掉,結果unlocker全部變成亂碼了,而且也無法解鎖。 我又想試試系統還原,結果竟然無法啟動。就是點了以後,滑鼠鼠標變成沙漏約0.5秒後又恢復原狀,整個就沒反應,不管試幾次都是這樣很迅速的就啟動失敗了。 (二)這個發生的情形更早一天,也就是昨天就忽然有這個情形了。 從昨天早上大約六七點左右,我發現不管瀏覽什麼網站,都不會再被記錄到ie的記錄功能中,可是尋找過往瀏覽記錄的功能仍是完整的存在著,也就是說要尋找星期六早上以前到數星期前的瀏覽記錄都可以自由的查尋,但其之後不管瀏覽任何網站記錄都是空白一片。重開機後情形依舊沒變。IE好像中止了記錄瀏覽網站的功能一樣,可是又可以如常的尋找星期六以前所有看過的網頁。我的硬碟空間也還足夠,所以應該不是空間不夠的問題,可是又無法解決。 這兩個棘手的問題,極待有經驗的前輩為我指點解惑,謝謝! |
|
送花文章: 63,
|
|
有 2 位會員向 wulom 送花:
|
|
2009-07-05, 11:37 PM
|
#2 (permalink) |
|
論壇主管
 
|
|
|
__________________ 不飛的不飛 ... 因為曾經端座在雲霄之上 ... 所以不飛 , 因為期待您能與不飛抬頭共列翱翔天昊 ... 所以更是不飛 ! 不飛不想飛 ... 畢竟殘破雙翼在苔階沾濕 ... 所以低頭 , 只好安靜地蹲在這練習 ... 學習要如何才能飛的更高更遠 ! 不飛不曾飛 ... 終於知道青澀期代表蒼狗 ... 所以情殤 , 一甲子的意境等於六十年的期盼的凝固 ... 所以就此棲巢 ! |
|
|
|
送花文章: 959,
|
|
有 4 位會員向 不飛 送花:
|
|
2009-07-05, 11:57 PM
|
#3 (permalink) |
|
註冊會員
|
不飛前輩您好
剛才到您提供的該連結裡下載了HiJackThis.exe檔案,不過掃描到一半,就會出現下列訊息:  就算我按第二個選項,只掃描不存檔,然後想手動下拉結果複制時,也會出現相同的訊息。 又重開機,再使用該軟體掃描一次,仍是一樣的結果。  這到底是我的電腦不相容,還是那個可能存在著病毒造成的呢? === 另外剛才又發現三點文字顯示障礙的徵兆: 一:在奇摩搜尋框裡打的字,包括現在在史萊姆方框裡打的字,字體全部都變成不是新細明體了。就是變成像是大陸網站才會顯示的那種字體… 是細明體嗎?我也不是很能說個明白。可以確定的是,我並沒有去調過。 二:瀏覽日文的網站,全部也是變成亂碼,調各語系編碼之類的,也沒效。 三:字體大小顯示一直是在「適中」,可是某些字當滑鼠移過去時會突然變成「最大」的。可是再去看字體的大小依然是顯示「適中」。 |
|
|
送花文章: 63,
|
|
有 3 位會員向 wulom 送花:
|
|
2009-07-06, 12:28 AM
|
#4 (permalink) |
|
註冊會員
|
剛才IE的瀏覽記錄裡再出現一個異狀:
現在時間到了星期一,瀏覽記錄都是以一星期、一天為分類的。在昨日(7/5 pm 23.59)之前,我電腦裡的瀏覽記錄顯示方式還可以整齊的按照不同星期、以及本周是星期幾瀏覽哪些網站整齊的顯示出來。結果現在一到了星期一,需要重開一個新的本周資料夾的時候,它的時間分類功能竟然就這麼消失了! 也就是說,現在按「記錄」出來的是一大排,所有我最近45天瀏覽過的網站列表(我的設定是45天)。而沒有時間分類的功能了。這一大排的顯示列表裡,從上星期六早上開始有異狀後的瀏覽記錄都未能收錄進去。 另外,除了現在90%以上的網站,其文字顯示全部變成大陸網站的顯示字體、以及我在網頁所有能輸入地方的空格輸入的中文全都變成了大陸網站的顯示字體以外(我用記事本輸入,就是正常的新細明體了),我發現有至少60%的台灣網站,全都不能看了。所以現在還能在史萊姆正常發問看到正常顯示的字體,還真的是萬幸啊!! 貼出一個目前顯示紊亂的實例(中央氣象局網站):  |
|
|
送花文章: 63,
|
|
有 3 位會員向 wulom 送花:
|
|
2009-07-06, 12:31 AM
|
#5 (permalink) |
|
長老會員
 
|
應該是中了 "av 終結者" 病毒
1 把 HiJackThis.exe 改成 HJ.com 或 HJ.bat, 再執行試試, 若無問題, 把 log 貼上來 2, 若還是有問題, 先修復 IFEO 映像劫持: http://mafia.myweb.hinet.net/file/FixIFEO.zip 點兩下 FixIFEO.reg 匯入登錄檔, 再執行 HiJackThis.exe 3 若還是不行, 找找 "av 終結者" 專殺工具吧, |
|
__________________ 刑天舞干戚
|
|
|
|
送花文章: 6,
+10 金幣
|
|
有 5 位會員向 plunderer 送花:
|
a471 (2009-07-07),KL-iris (2009-07-06),Living (2009-07-06),sob790717b (2009-07-09),wulom (2009-07-06)
感謝您發表一篇好文章 |
|
2009-07-06, 07:06 AM
|
#6 (permalink) | |
|
註冊會員
|
引用:
我用了您說的前兩個步驟,改檔名或加入登錄檔的方式,一樣是無法產生log.就是會產生錯誤而必須關閉的訊息。 不過我用av終結者為關鍵字去搜尋,找了好一陣子,終於讓我發現一個綠色版的專殺av終結者的軟體。現在基本上大部份主要的問題都解決了,記錄的功能恢復正常,系統和網頁字體字形異常的部份也全部復元了。只是系統還原的部份依舊完全無法啟動,以及用Rogue Cleaner掃的那兩個毒,刪不掉的以及刪掉又回來的檔案依舊存在。 但至少現在顯示完全正常了,在此衷心感謝您的傾囊教授! 我也把找到的那個殺av終結者軟體的網址給post出來,給有需要的人參考。 http://download.csdn.net/source/525153 (需加入會員) |
|
|
|
送花文章: 63,
|
|
有 3 位會員向 wulom 送花:
|
|
2009-07-06, 05:43 PM
|
#7 (permalink) |
|
長老會員
|
"av 終結者" 專殺工具只是比較方便 使用, 但只能治標, 不能治本, 暫時讓系統正常而已, 所以才會有刪不掉的以及刪掉又回來的檔案依舊存在的情形
你的系統內應該還存在 autorun 病毒, 光靠防毒軟體及專殺工具是無法根治的 但我很好奇為何 HiJackThis 不能產生log 建議下載執行 System Repair Engineer http://www.kztechs.com/sreng/download.html "系統修復" => "高級修復" => "自動修復" 重新開機後, 再執行一次, 啟用智能掃描 http://www.kztechs.com/sreng/help2/ 然後把 log 貼上來 |
|
|
送花文章: 6,
|
|
有 4 位會員向 plunderer 送花:
|
|
2009-07-06, 09:56 PM
|
#8 (permalink) |
|
註冊會員
|
下載 what's running
下載 what's running, 將不正常執行程式殺掉及關閉不正常開機設定,或許可以解決。
http://www.whatsrunning.net/whatsrunning/download.aspx |
|
|
送花文章: 4,
|
|
有 3 位會員向 pedrowong 送花:
|
|
2009-07-07, 06:32 AM
|
#9 (permalink) | ||
|
註冊會員
|
引用:
感謝您提供這套很實用方便的程式,我下載後執行觀看是否有不明的程式正在執行,但列表裡所有正在running的程序密密麻麻,一下子我也找不出到底是哪些程序有問題。或許是還有哪些地方有異常的我還沒發現吧。總之,這個程式讓我受益良多,我會再研究看看的! 引用:
我下載了 System Repair Engineer ,並且執行完"自動修復",重開機後,執行了智能掃描。使用這軟體時也出現了我電腦內異常的訊息,在"啟動專案"的"註冊表"裡,有兩排名字為"AppInit_DLLs",在C:\WINDOWS\system32\RhdwE8NYdbqQ.dll裡,說被修改為非正常值,預設值為空,結果我修改成空白,雖修改成功,隨即又被自動改回原來錯誤的數值。以下為掃描的完整log,請您再撥冗幫我看看有哪裡需要做變更處理的,謝謝。 (註:因為全部有7萬多個字元,所以只好依序裁切成五篇送出。) [code] 2009-07-07,06:10:36 System Repair Engineer 2.7.1.1261 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理許可權用戶 - 完整功能 以下內容被選中: 所有的啟動項目(包括註冊表、開機檔案夾、服務等) 流覽器載入項 正在運行的進程(包括進程模組資訊) 文件關聯 Winsock 提供者 Autorun.inf HOSTS 文件 進程特權掃描 計畫任務 API HOOK 隱藏進程 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher] <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe> [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><; > [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <NetRover><; C:\WINDOWS\NetRover.exe> [File is missing] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><C:\WINDOWS\system32\RhdwE8NYdbqQ.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher] <{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}><C:\Program Files\Trend Micro\Tmas\sshook.dll> [File is missing] <{750DBD56-AF03-47CB-BB28-BBF312B059F9}><C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon> [] <{AC933D46-96A7-4670-9292-E7C4126C071E}><C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon> [] <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon> [] <{11B10F7F-FB23-466D-BDC3-9591CF02EC17}><C:\WINDOWS\fonts\uXUsF2RrQy.fon> [] <{CD95107F-52A5-42A4-9914-18949993E798}><C:\WINDOWS\fonts\tY5UFS434YYd.fon> [] <{51F88A10-09E6-4763-948F-1C8861003255}><C:\WINDOWS\fonts\MqppW9KYn.fon> [] <{F1C149F4-380C-4F8A-B87E-7393732B27C1}><C:\WINDOWS\system32\GsfMwDWD3.dll> [] <{FCA4D3BE-C6C7-4F4D-9CBD-CB2666647ACA}><C:\WINDOWS\system32\EN7hzSreCat8.dll> [] <{E45C0FF6-B170-43B2-B897-6D02C43A2E18}><C:\WINDOWS\system32\ybM7kf9heVHDx.dll> [] <{71C4F360-FF1E-413E-B17A-0CA267A78E97}><C:\WINDOWS\system32\qB5BKZy7vR5m.dll> [] <{A0C86020-5935-4B87-B20E-0B656D450264}><C:\WINDOWS\system32\A0C86020.dll> [] <{39C1640B-E010-48CF-88A1-0D17A33AF9EA}><C:\WINDOWS\system32\dktXFYbT3G.dll> [] <{AB900155-F1F0-4165-9E73-67BC13BBCE89}><C:\WINDOWS\system32\xg4hAPNygs29.dll> [] <{76B9BA7A-81D0-4979-8598-8471F2AB5186}><C:\WINDOWS\system32\76B9BA7A.dll> [] <{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll> [] <{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll> [] <{56441985-D4E7-4D1F-BA3A-000C647FAA00}><C:\WINDOWS\system32\RhdwE8NYdbqQ.dll> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] |
||
|
|
送花文章: 63,
|
|
有 2 位會員向 wulom 送花:
|
|
2009-07-07, 06:33 AM
|
#10 (permalink) |
|
註冊會員
|
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system\SHELLEX.DLL> [] <WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] <UPnPMonitor><C:\WINDOWS\system32\upnpui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <自訂瀏覽器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\WINDOWS\system32\ssflwbox.scr> [(Verified)Microsoft Windows Component Publisher] ================================== 開機檔案夾 [hpoddt01.exe] <C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\hpoddt01.exe.lnk --> C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [Hewlett-Packard]><N> [AntiCrash 5.0] <C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\AntiCrash 5.0.lnk --> C:\PROGRA~1\JIBREE~1\ANTICR~1.0\ANTICR~1.EXE [Jibreel Incorporated.]><N> [Hare] <C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\Hare.lnk --> C:\PROGRA~1\DACHSH~1\Hare\Hare.exe [N/A]><N> ================================== 服務 [MS Driver Management Service / 360svc][Running/Auto Start] <C:\WINDOWS\sYSTEM32\SVCHOST.EXE -K NETSVCS-->C:\WINDOWS\system32\360svcSystem.dll><360安全中心> [Kaspersky Internet Security 7.0 / AVP][Stopped/Manual Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab> [C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start] <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [iPodService / iPodService][Stopped/Manual Start] <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.> [Java Quick Starter / JavaQuickStarterService][Running/Auto Start] <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.> [Kingsoft Basic Service / kaccore][Running/Auto Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] <C:\WINDOWS\system32\HPZipm12.exe><HP> ================================== 驅動程式 [a347bus / a347bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\a347bus.sys><> [a347scsi / a347scsi][Running/Boot Start] <\SystemRoot\System32\Drivers\a347scsi.sys><> [標準 IDE/ESDI 硬碟控制器 / atapi][Running/Boot Start] <\SystemRoot\System32\DRIVERS\atapi.sys><N/A> [CdaC15BA / CdaC15BA][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd> [d347bus / d347bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\d347bus.sys><> [d347prt / d347prt][Running/Boot Start] <\SystemRoot\System32\Drivers\d347prt.sys><> [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start] <System32\DRIVERS\e100b325.sys><Intel Corporation> [ENTECH / ENTECH][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan> [EZUSB PC/SC Smart Card Reader / EZUSB][Stopped/Manual Start] <system32\DRIVERS\ezusb.sys><Castles Technology Co.,Ltd> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] <system32\DRIVERS\HPZid412.sys><HP> [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] <system32\DRIVERS\HPZipr12.sys><HP> [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] <system32\DRIVERS\HPZius12.sys><HP> [ialm / ialm][Running/Manual Start] <System32\DRIVERS\ialmnt5.sys><Intel Corporation> [Imx5123 / Imx5123][Stopped/Manual Start] <system32\drivers\Imx5123.sys><Inmax Technology Corp.> [KAVBootC / KAVBootC][Running/Boot Start] <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [Kaspersky Lab Boot Guard Driver / KLBG][Running/Boot Start] <\SystemRoot\system32\DRIVERS\klbg.sys><Kaspersky Lab> [Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start] <system32\DRIVERS\klfltdev.sys><Kaspersky Lab> [KLIF / KLIF][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] <system32\DRIVERS\klim5.sys><Kaspersky Lab> [MintRoot / MintRoot][Stopped/Manual Start] <\??\C:\Program Files\Common Files\System\MintRoot.sys><N/A> [pavboot / pavboot][Running/Boot Start] <\SystemRoot\system32\drivers\pavboot.sys><Panda Security, S.L.> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Qualcomm Diagnostic Port 3197 / qcusbser][Stopped/Manual Start] <system32\DRIVERS\qcusbser.sys><QUALCOMM Incorporated> [Secdrv / Secdrv][Stopped/Manual Start] <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [smwdm / smwdm][Running/Manual Start] <system32\drivers\smwdm.sys><Analog Devices, Inc.> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [TCP/IP Protocol Driver / Tcpip][Running/System Start] <System32\DRIVERS\tcpip.sys><Microsoft Corporation> [tmcomm / tmcomm][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.> [WheelMouse USB Lower Filter Driver / whfltr2k][Stopped/Manual Start] <system32\DRIVERS\whfltr2k.sys><> [X4HSX32 / X4HSX32][Running/Auto Start] <\??\C:\Program Files\OTTOPLAYER\X4HSX32.Sys><Exent Technologies Ltd.> [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start] <system32\drivers\ialmsbw.sys><Intel Corporation> [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start] <system32\drivers\ialmkchw.sys><Intel Corporation> ================================== 流覽器載入項 [Octh Class] {000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, (Signed) Orbitdownloader.com> [&Yahoo! Toolbar Helper] {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll, (Signed) BitComet> [IETimber] {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\Internet Explorer\IETimber\IETimber.dll, (Signed) 北京世?乾坤?件> [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [] {A5366673-E8CA-11D3-9CD9-0090271D075B} <, > [FlashGetBHO] {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} <C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) FlashGet> [Java(tm) Plug-In 2 SSV Helper] {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.> [JQSIEStartDetectorImpl Class] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.> [] {F01CB278-9AE5-427F-90CC-FBD913B44E8E} <, > [?????@???p] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, (Signed) Kaspersky Lab> [] {4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\PROGRA~1\Yahoo!\common\yhexbmestw.dll, (Signed) > [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, (Signed) Microsoft Corporation> [BitComet] {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, > [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [D.S.Lite] {F8475519-8412-4D40-A46E-692D9D04DF7F} <D:\DSLite 2.07.45\DSLite.exe, watermonster.org> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation> [&IE Doctor Bar] {123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IEDOCT~1\IEDrBar.dll, N/A> [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [Dr.eye 線上辭典] {08B2E5B7-9E4D-4FB9-831D-F4E407A1CE7E} <C:\Program Files\Inventec\Dreye iDictionary\DrODWBar.dll, > [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.> [Grab Pro] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} <C:\Program Files\Orbitdownloader\GrabPro.dll, (Signed) > [] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, > [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [] {072039AB-2117-4ED5-A85F-9B9EB903E021} <, > [BMSpeedCheck Control] {0AE0F5F9-8233-49A4-A3C8-004CE190787B} <C:\WINDOWS\DOWNLO~1\BMSPEE~1.OCX, ???> [CathayMyATM.ATMFunc] {12755229-656A-4508-BC94-2DA4D314B4C8} <C:\WINDOWS\system32\CathayMyATM.dll, Cathay United Bank> [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.> |
|
|
送花文章: 63,
|
|
有 2 位會員向 wulom 送花:
|
|
2009-07-07, 06:34 AM
|
#11 (permalink) |
|
註冊會員
|
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation> [System Requirements Lab Class] {1E54D648-B804-468d-BC78-4AFFED8E262F} <C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll, (Signed) Husdawg, LLC> [MegaICBC XCsp] {272B8D21-5304-4529-BD3D-1CF392342F7D} <C:\WINDOWS\DOWNLO~1\XCsp.ocx, 兆豐國際商銀> [ActiveScan 2.0 Installer Class] {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} <C:\WINDOWS\Downloaded Program Files\as2stubie.dll, (Signed) Panda Security> [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\common\yinsthelper.dll, (Signed) Yahoo! Inc.> [] {33564D57-9980-0010-8000-00AA00389B71} <, > [FileFunc Class] {3935CC57-A129-41FA-8B93-EA1075E6D1F0} <C:\WINDOWS\system32\WebSupport.dll, (Signed) > [KooPlayer Control] {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, viviMedia> [Office Update Installation Engine] {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation> [CTVUAxCtrl Object] {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} <C:\Program Files\TVUPlayer\npTVUAx.dll, (Signed) TVU networks> [XPayMPIOCX Control] {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} <C:\PROGRA~1\SOFTFO~1\XPayMPI\XPAYMP~1.OCX, SoftForum> [System Requirements Lab Class] {5727FF4C-EF4E-4d96-A96C-03AD91910448} <C:\WINDOWS\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC> [CathayMyATM2.EsConn] {5C253D25-00FD-4703-9924-E53792DF98C9} <C:\WINDOWS\Downloaded Program Files\CathayMyATM2.dll, uwccb> [BullCSP Class] {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} <C:\WINDOWS\DOWNLO~1\Bull.dll, > [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <c:\PROGRA~1\PPStream\110~2.268\POWERP~1.DLL, (Signed) PPStream Inc.> [Autodesk MapGuide ActiveX Control] {62789780-B744-11D0-986B-00609731A21D} <C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll, (Signed) Autodesk Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation> [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.> [TRUSTATMTCB Control] {69529CBD-38A8-4E44-829F-CEDD8F5DD5A6} <C:\WINDOWS\ATM_814\TRUSTA~1.OCX, HiTRUST> [ExentInf Class] {6A060448-60F9-11D5-A6CD-0002B31F7455} <C:\WINDOWS\Downloaded Program Files\exentCtl.ocx, (Signed) Exent Technologies Ltd.> [趨勢科技線上掃毒程式] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.> [AuthUser Class] {806396AE-77A8-48E3-98F1-C7E923A5DEA9} <C:\WINDOWS\Downloaded Program Files\AAAuthClient.dll, > [Java Plug-in 1.6.0_13] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [ActiveScan Installer Class] {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software> [NowStarter Control] {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\PROGRA~1\NextLink\GOGOBOX\GNOWST~1.OCX, (C) NOWCOM> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, (Signed) Emsi Software GmbH> [TRUSTATMPOST Control] {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} <C:\WINDOWS\ATM_700\TRUSTA~1.OCX, Chunghwa Post> [RootKeyDistributor Class] {C7BD467B-0B38-442F-840F-3F048E7F6005} <C:\WINDOWS\Downloaded Program Files\CHTPKI_PSE.dll, (Signed) Chunghwa Telecom> [Java Plug-in 1.4.2_12] {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.6.0_05] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.6.0_13] {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [Java Plug-in 1.6.0_13] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.> [Measurement Services Client v.3.11] {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} <C:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx, Futuremark Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.> [KvpIspCtlD Control] {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} <C:\WINDOWS\DOWNLO~1\KVPISP~1.OCX, KVP> [TCSCFSCAPI Class] {EC6B687E-D982-CCFB-D126-64202E0EA2FB} <C:\SounderTCS\TCSCFSCAPIATL.dll, (Signed) Formosoft> [XCSP Class] {F0754118-706B-4E14-8ED9-96E7A18DB894} <C:\WINDOWS\Downloaded Program Files\ESunCSP.dll, (Signed) 玉山銀行> [CotaWATM Class] {F9673EF3-7574-48D8-96F5-EEC46174DB8B} <C:\WINDOWS\Downloaded Program Files\CotaWATM.dll, 三信商業銀行> [] {00000130-9980-0010-8000-00AA00389B71} <, > [Octh Class] {000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, (Signed) Orbitdownloader.com> [VivoActive Control] {02466323-75ED-11CF-A267-0020AF2546EA} <C:\PROGRA~1\vivo\VivTV\Vvweb.ocx, Vivo Software, Inc.> [&Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.> [] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, > [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated> [] {072039AB-2117-4ED5-A85F-9B9EB903E021} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [Dr.eye 線上辭典] {08B2E5B7-9E4D-4FB9-831D-F4E407A1CE7E} <C:\Program Files\Inventec\Dreye iDictionary\DrODWBar.dll, > [BDA 調整型號 MPEG2 調整要求] {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} <C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation> [] {0A34F491-7249-4BAC-8E46-04DB2CA764CB} <, > [] {0C0D5169-28A0-2C60-A820-8D52EF5AC881} <, > [] {0EDD7C76-5DF8-4940-895E-62D8388A4A29} <, > [PeerDraw Class] {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, (Signed) Microsoft Corporation> [] {1159CFA4-6BEA-4ED4-8166-5556B1BFB232} <, > [IFlashGetNetscapeEx Class] {116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) FlashGet> [&IE Doctor Bar] {123249EB-F891-44C4-946F-450064F9080E} <C:\PROGRA~1\IEDOCT~1\IEDrBar.dll, N/A> [CathayMyATM.ATMFunc] {12755229-656A-4508-BC94-2DA4D314B4C8} <C:\WINDOWS\system32\CathayMyATM.dll, Cathay United Bank> [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation> [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation> [] {193C772A-87BE-4B19-A7BB-445B226FE9A1} <, > [] {19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, > [System Requirements Lab Class] {1E54D648-B804-468D-BC78-4AFFED8E262F} <C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll, (Signed) Husdawg, LLC> [] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation> [] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, > [Shockwave ActiveX Control] {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Adobe\Director\swdir.dll, (Signed) Adobe Systems, Inc.> [CathayMyATM2.ATMDes] {245E051B-5C83-4E6E-90BA-E08804252AA5} <C:\WINDOWS\Downloaded Program Files\CathayMyATM2.dll, uwccb> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A> [MegaICBC XCsp] {272B8D21-5304-4529-BD3D-1CF392342F7D} <C:\WINDOWS\DOWNLO~1\XCsp.ocx, 兆豐國際商銀> [JetCarNetscape Class] {2974c985-8151-4de5-b23c-b875f0a8522f} <C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) FlashGet> [] {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation> [ActiveScan 2.0 Installer Class] {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} <C:\WINDOWS\Downloaded Program Files\as2stubie.dll, (Signed) Panda Security> [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\System32\rmoc3260.dll, N/A> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation> [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\System32\tdc.ocx, (Signed) Microsoft Corporation> [SVG Document] {377B5106-3B4E-4A2D-8520-8767590CAC86} <C:\PROGRA~1\COMMON~1\Adobe\SVGVIE~1.0\NPSVG3.dll, (Signed) Adobe Systems Incorporated> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll, (Signed) BitComet> [] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, > [CTVUAxCtrl Object] {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} <C:\Program Files\TVUPlayer\npTVUAx.dll, (Signed) TVU networks> [ActiveScan 2.0 AV Class] {41524153-46FB-488C-8E53-7624AB83C46F} <C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll, (Signed) Panda Security> [] {441F59A6-8813-457B-9A48-C5AA21A55DF4} <, > [&Yahoo! Messenger] {4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\PROGRA~1\Yahoo!\common\yhexbmestw.dll, (Signed) > [] {461E65AA-E525-436A-8A7D-4FE010378CF7} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation> [IETimber] {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\Internet Explorer\IETimber\IETimber.dll, (Signed) 北京世?乾坤?件> [] {49CDCB54-E752-421E-91D6-ADDDDD6C00CA} <, > [TVAnts ActiveX Control] {4C833081-D026-4FF8-968F-7EAB660D2FBA} <C:\PROGRA~1\tvants\TvantsX.ocx, Zhejiang University> [] {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <, > [Microsoft RDP Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <C:\WINDOWS\system32\mstscax.dll, (Signed) Microsoft Corporation> [Microsoft RDP Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <C:\WINDOWS\system32\mstscax.dll, (Signed) Microsoft Corporation> [] {50C5D090-EF76-40AF-95B5-2F986A33E1C9} <, > [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A> [System Requirements Lab Class] {5727FF4C-EF4E-4D96-A96C-03AD91910448} <C:\WINDOWS\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC> [CathayMyATM2.EsConn] {5C253D25-00FD-4703-9924-E53792DF98C9} <C:\WINDOWS\Downloaded Program Files\CathayMyATM2.dll, uwccb> [BullCSP Class] {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} <C:\WINDOWS\DOWNLO~1\Bull.dll, > [] {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} <, > [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <c:\PROGRA~1\PPStream\110~2.268\POWERP~1.DLL, (Signed) PPStream Inc.> [] {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} <, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation> [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.> [TRUSTATMTCB Control] {69529CBD-38A8-4E44-829F-CEDD8F5DD5A6} <C:\WINDOWS\ATM_814\TRUSTA~1.OCX, HiTRUST> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [] {6C7672A8-681B-4945-89FA-BC8875362195} <, > [Microsoft RDP Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <C:\WINDOWS\system32\mstscax.dll, (Signed) Microsoft Corporation> [Microsoft RDP Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} <C:\WINDOWS\system32\mstscax.dll, (Signed) Microsoft Corporation> [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, > [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [] {82423C6C-ACB5-4B05-8CC4-30241324CB58} <, > [] {85191AC2-A2DD-4F59-AACB-19334E8030BD} <, > [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, (Signed) Microsoft Corporation> [Java Plug-in 1.6.0_13] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, > [SopCore Control] {8FEFF364-6A5F-4966-A917-A3AC28411659} <C:\PROGRA~1\SopCast\sopocx.ocx, SopCast.com> [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [Microsoft RDP Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <C:\WINDOWS\system32\mstscax.dll, (Signed) Microsoft Corporation> [] {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} <, > [Dr.eye WebPage Translation] {92B255FE-94E2-4BCA-958D-3926CE38913F} <C:\PROGRA~1\Inventec\Dreye\DreyeMT\DREYEI~1.DLL, > [] {92F68E37-8FC5-492A-ABE4-22FF276FE878} <, > [] {998A88A0-A355-809B-831C-B83A80000991} <, > [] {998A88A0-A355-809B-831C-B83A80000992} <, > [] {A0E7D0C1-9854-497E-8645-38C19AA00724} <, > [NowStarter Control] {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\PROGRA~1\NextLink\GOGOBOX\GNOWST~1.OCX, (C) NOWCOM> [] {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} <, > [] {A5366673-E8CA-11D3-9CD9-0090271D075B} <, > [CathayMyATM.Utility] {A809B1D1-C7C0-4798-B2AC-4581D0271826} <C:\WINDOWS\system32\CathayMyATM.dll, Cathay United Bank> [] {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} <, > [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation> [] {AA58ED58-01DD-4D91-8333-CF10577473F7} <, > [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation> [FlashGetBHO] {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll, (Signed) FlashGet> [] {B341DCF3-E4EA-4D71-87EC-9E0E3FDDFE45} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A> [a-squared Scanner] {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, (Signed) Emsi Software GmbH> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation> [TRUSTATMPOST Control] {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} <C:\WINDOWS\ATM_700\TRUSTA~1.OCX, Chunghwa Post> [] {C2664CD4-DA1C-11D3-9BE2-00A0C9E084E6} <, > [Grab Pro] {C55BBCD6-41AD-48AD-9953-3609C48EACC7} <C:\Program Files\Orbitdownloader\GrabPro.dll, (Signed) > [] {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} <, > [Adobe PDF Reader] {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.> [] {CB5C683C-416A-4701-B018-0F1B21D64D6B} <, > [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__MPEG Moniker Class] {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, > [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, N/A> [] {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.> [OfficeObj Class] {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, > [] {D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} <, > [Microsoft Agent Control 2.0] {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, (Signed) Microsoft Corporation> [GetInfo Class] {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\PROGRA~1\Yahoo!\common\yverinfo.dll, (Signed) Yahoo! Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, (Signed) Yahoo! Inc.> [Java(tm) Plug-In 2 SSV Helper] {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.> [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [JQSIEStartDetectorImpl Class] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.> [] {EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC} <, > [TCSCFSCAPI Class] {EC6B687E-D982-CCFB-D126-64202E0EA2FB} <C:\SounderTCS\TCSCFSCAPIATL.dll, (Signed) Formosoft> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.> [] {F01CB278-9AE5-427F-90CC-FBD913B44E8E} <, > [XCSP Class] {F0754118-706B-4E14-8ED9-96E7A18DB894} <C:\WINDOWS\Downloaded Program Files\ESunCSP.dll, (Signed) 玉山銀行> [CathayMyATM2.SVCFunc] {F2C3FF04-91C9-41F2-9A22-5B2423AA2502} <C:\WINDOWS\Downloaded Program Files\CathayMyATM2.dll, uwccb> [] {F3ED645F-2426-4001-8756-596B4F1EBF1A} <, > [] {F5CEC604-49EC-4F59-B04F-4048FED9EE13} <, > [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation> [] {F8475519-8412-4D40-A46E-692D9D04DF7F} <, > [CotaWATM Class] {F9673EF3-7574-48D8-96F5-EEC46174DB8B} <C:\WINDOWS\Downloaded Program Files\CotaWATM.dll, 三信商業銀行> [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [&Download by Orbit] <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201, N/A> [&Grab video by Orbit] <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204, N/A> [&U使用?米机器人下?并收藏] <, > |
|
|
送花文章: 63,
|
|
向 wulom 送花的會員:
|
|
2009-07-07, 06:35 AM
|
#12 (permalink) |
|
註冊會員
|
[Do&wnload selected by Orbit]
<res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203, N/A> [Down&load all by Orbit] <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202, N/A> [使用 FlashGet 下載] <E:\暫存資料夾\FlashGet\FlashGet2005v1.81\FlashGet2005v1.81多國語言免安裝版\jc_link.htm, N/A> [使用快?3下?] <, > [使用快?3下?全部?接] <, > [全部使用 FlashGet 下載] <E:\暫存資料夾\FlashGet\FlashGet2005v1.81\FlashGet2005v1.81多國語言免安裝版\jc_all.htm, N/A> [匯出至 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> ================================== 正在運行的進程 [PID: 1176 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1248 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1272 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 8.0.0.152] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [PID: 1320 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1332 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [PID: 1508 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [PID: 1628 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [PID: 1764 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, ] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [c:\windows\system32\wins\itqlwurey.dll] [Microsoft Corporation., 4.2.2.73] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1884 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, ] [PID: 304 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [PID: 532 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\hpzsnt07.dll] [HP, 2,140,0,0] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [PID: 632 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\MqppW9KYn.fon] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\A0C86020.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax] [, 1.0.5.2945] [PID: 712 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [PID: 812 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [PID: 1120 / Administrator][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [PID: 1132 / Administrator][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [PID: 1172 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [PID: 1204 / Administrator][C:\Program Files\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 171] [C:\Program Files\PPStream\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [c:\Program Files\PPStream\1.1.0.2680\vodnet.dll] [PPStream Inc., 1, 0, 11, 226] [c:\Program Files\PPStream\1.1.0.2680\vodres.dll] [PPStream Inc., 1, 0, 11, 226] [c:\Program Files\PPStream\1.1.0.2680\ppssg.dll] [PPStream Inc., 1, 0, 11, 192] [c:\Program Files\PPStream\1.1.0.2680\fds.dll] [PPStream Inc., 1, 0, 0, 101] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1472 / SYSTEM][C:\WINDOWS\sYSTEM32\SVCHOST.EXE] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [c:\windows\system32\360svcsystem.dll] [360安全中心, 0, 0, 0, 0] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\sYSTEM32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 1524 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.0] [PID: 1796 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.130.3] [C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [PID: 1860 / Administrator][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] [Hewlett-Packard, 1, 0, 0, 1] [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] [Hewlett-Packard, 1, 0, 0, 1] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 4.2.0.127] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [PID: 1924 / Administrator][C:\Program Files\Jibreel Inc\AntiCrash 5.0\AntiCrash.exe] [Jibreel Incorporated., 5.00] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [c:\program files\jibreel inc\anticrash 5.0\data\vbsystray.ocx] [Core Systems, 1.00.0012] [c:\program files\jibreel inc\anticrash 5.0\data\anticrashocx.ocx] [Jibreel Inc., 1.00] |
|
|
送花文章: 63,
|
|
有 2 位會員向 wulom 送花:
|
|
2009-07-07, 06:36 AM
|
#13 (permalink) |
|
註冊會員
|
[PID: 1940 / Administrator][C:\Program Files\Common Files\System\QQWbYS.exe] [N/A, ]
[C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\Common Files\System\debug.obj] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 2028 / SYSTEM][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe] [Kingsoft Corporation, 2009,06,05,614] [C:\Program Files\Kingsoft\KAC\Service\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kingsoft\KAC\Service\errorreport.dll] [Kingsoft Corporation, 2008,07,23,168] [C:\Program Files\Kingsoft\KAC\Service\dbghelp.dll] [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)] [C:\Program Files\Kingsoft\KAC\Service\corehelper.dll] [Kingsoft Corporation, 2009,05,12,579] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [PID: 328 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [PID: 764 / Administrator][C:\WINDOWS\Integrator.exe] [Dachshund Software, 1.05.0001] [C:\WINDOWS\system32\MAGE.DLL] [Dachshund Software, 1.0] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [PID: 2600 / Administrator][C:\WINDOWS\system32\notepad.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\WINDOWS\system32\LIUNT.IME] [Microsoft Corporation, 4.00.950] [C:\WINDOWS\system32\JAPENESE.IME] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2812 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, ] [PID: 3272 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\Program Files\Orbitdownloader\orbitcth.dll] [Orbitdownloader.com, 2, 4, 0, 2] [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll] [Yahoo! Inc., 2007, 5, 30, 1] [C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll] [BitComet, 20071130] [C:\Program Files\Internet Explorer\IETimber\IETimber.dll] [北京世?乾坤?件, V02] [C:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO31.dll] [FlashGet, 2, 5, 0, 1037] [C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.130.3] [C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.130.3] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [PID: 3684 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [PID: 2328 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\WINDOWS\system32\RhdwE8NYdbqQ.dll] [N/A, ] [C:\Program Files\WinRAR\WS2HELP.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\WINDOWS\fonts\MqppW9KYn.fon] [N/A, ] [C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\A0C86020.dll] [N/A, ] [C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [PID: 2576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [PID: 2612 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\SRE7c1bddb.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.325] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system\SHELLEX.DLL] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ] [C:\WINDOWS\system32\xg4hAPNygs29.dll] [N/A, ] [C:\WINDOWS\system32\dktXFYbT3G.dll] [N/A, ] [C:\WINDOWS\system32\GsfMwDWD3.dll] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon] [N/A, ] [C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon] [N/A, ] [C:\WINDOWS\system32\ybM7kf9heVHDx.dll] [N/A, ] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.734\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.1.325] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, ] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.325] ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 NL MSAFD Tcpip [TCP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [UDP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [RAW/IP] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL RSVP UDP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL RSVP TCP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [TCP/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [UDP/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL MSAFD Tcpip [RAW/IPv6] C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) NL LSP C:\Program Files\NetLimiter\nl_lsp.dll(, N/A) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 進程特權掃描 特殊特權被允許: SeDebugPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\JIBREEL INC\ANTICRASH 5.0\ANTICRASH.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\COMMON FILES\SYSTEM\QQWBYS.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\INTEGRATOR.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 2328, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] 特殊特權被允許: SeDebugPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE] 特殊特權被允許: SeLoadDriverPrivilege [PID = 2576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.734\SRENGLDR.EXE] ================================== 計畫任務 [已啟用] WGASetup.job C:\WINDOWS\system32\KB905474\wgasetup.exe [已啟用] FRU Task #Hewlett-Packard#hp psc 1200 series#1122421761.job C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe ================================== API HOOK RVA 錯誤: LoadLibraryA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExA (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryExW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: LoadLibraryW (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) RVA 錯誤: GetProcAddress (危險等級: 高, 被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) ================================== 隱藏進程 N/A ================================== [/code] |
|
|
送花文章: 63,
|
|
向 wulom 送花的會員:
|
|
2009-07-07, 07:38 AM
|
#14 (permalink) |
|
長老會員
|
你的 log 真是令人傻眼
 族繁不及備載, 沒辦法一一列出要刪除或修復的項目 1 執行 System Repair Engineer 在 "啟動專案" => "註冊表" 中刪除下列項目: <{750DBD56-AF03-47CB-BB28-BBF312B059F9}><C:\WINDOWS\fonts\xbpCfXnG6wUVF.fon> [] <{AC933D46-96A7-4670-9292-E7C4126C071E}><C:\WINDOWS\fonts\wQ7KbaNZKMe5G4qZ.fon> [] <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon> [] <{11B10F7F-FB23-466D-BDC3-9591CF02EC17}><C:\WINDOWS\fonts\uXUsF2RrQy.fon> [] <{CD95107F-52A5-42A4-9914-18949993E798}><C:\WINDOWS\fonts\tY5UFS434YYd.fon> [] <{51F88A10-09E6-4763-948F-1C8861003255}><C:\WINDOWS\fonts\MqppW9KYn.fon> [] <{F1C149F4-380C-4F8A-B87E-7393732B27C1}><C:\WINDOWS\system32\GsfMwDWD3.dll> [] <{FCA4D3BE-C6C7-4F4D-9CBD-CB2666647ACA}><C:\WINDOWS\system32\EN7hzSreCat8.dll> [] <{E45C0FF6-B170-43B2-B897-6D02C43A2E18}><C:\WINDOWS\system32\ybM7kf9heVHDx.dll> [] <{71C4F360-FF1E-413E-B17A-0CA267A78E97}><C:\WINDOWS\system32\qB5BKZy7vR5m.dll> [] <{A0C86020-5935-4B87-B20E-0B656D450264}><C:\WINDOWS\system32\A0C86020.dll> [] <{39C1640B-E010-48CF-88A1-0D17A33AF9EA}><C:\WINDOWS\system32\dktXFYbT3G.dll> [] <{AB900155-F1F0-4165-9E73-67BC13BBCE89}><C:\WINDOWS\system32\xg4hAPNygs29.dll> [] <{76B9BA7A-81D0-4979-8598-8471F2AB5186}><C:\WINDOWS\system32\76B9BA7A.dll> [] <{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll> [] <{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll> [] <{56441985-D4E7-4D1F-BA3A-000C647FAA00}><C:\WINDOWS\system32\RhdwE8NYdbqQ.dll> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll> [] 2 重新開機, 以安全模式登入windows, 然後用你的卡巴掃描整個硬碟, 刪除所有感染的檔案 3 再重新開機, 此時可能會出現錯誤訊息(也可能沒有), 但不至於影響使用 hijackthis 應該能用了, 掃描一次, 把 log 發上來 (System Repair Engineer 的 log 實在太囉唆了....) |
|
|
送花文章: 6,
+10 金幣
|
|
有 3 位會員向 plunderer 送花:
|
|
2009-07-08, 06:01 AM
|
#15 (permalink) | |
|
註冊會員
|
引用:
首先是我執行 System Repair Engineer勾選那些您說要刪除的檔案時,完全一個也刪不掉,刪了以後,病毒好像就會發作自動把該軟體關掉。我後來上網找了專掃特洛伊木馬的網頁、還有用卡巴斯基、以及一些去木馬軟體,通通都有捕捉到這些病毒群,依其軟體深入掃描性不同都至少有數十到上百個的錯誤檔案被捉出,可是我一旦要按刪除,如果是網頁,按的瞬間所有網頁就會全自動立即被關掉。如果是軟體,就會立即連explorer一起被清掉。 後來我重開機,病毒就發作了。一進入開機畫面,整個螢幕就變成像是霓虹燈一樣,迅速亮光七彩的閃動,然後用滑鼠一點,就會出現如下訊息:  我按確定後,就會自動出現一個「偽」的簡體字的線上購買卡巴斯基序號的網頁。這整個錯誤訊息以至於網頁我想大概都是病毒發作現象的一部份吧… 從此之後,固定每兩分鐘,整個全螢幕就會不斷七彩迅速換色閃爍,我得一直重覆的按確定,然後過兩分鐘又一樣的情形發生… 我c碟的資料是已經都備份完畢了,請問前輩目前除了重灌的方法,還有其它任何可能的挽救解毒辦法嗎? 這是此病毒連結出來的"偽"卡巴斯基購買畫面擷取照:  附帶一提,這病毒好像會限制開啟及安裝新的防毒軟體 我想開卡巴來掃毒,結果卻出現無法開啟的訊息… 這好像是一種新的變種病毒,是最近一兩個月才出來的,我剛才搜尋網路在"百度知道"裡"正在發問"中,看到有人和我一模一樣的典型情形: 待解决 救命!!电脑中毒了 悬赏分:30 - 离问题结束还有 14 天 15 小时 电脑先是彩屏 就是不断的红黄蓝等颜色一直跳 然后弹出个提示框说电脑严重中毒 必须立即使用最新杀毒清除病毒 点了确定后就弹出一个网站~http://...... 上面写的是下载卡巴斯基 用杀毒软件试了 删不掉!! 求高手帮忙!! 此帖於 2009-07-08 08:36 AM 被 wulom 編輯. |
|
|
|
送花文章: 63,
|
|
有 2 位會員向 wulom 送花:
|
平板模式
