求助 IE9 主页被篡改为 http://www.2637.cn/?j

xuele · 2011-6-30 15:32:26

提示: 该帖被管理员或版主屏蔽

xuele · 2011-6-30 22:56:03

高手都哪儿去啦？

at_wfg · 2011-7-1 13:42:55

上SREng分析报告

xuele · 2011-7-1 16:30:42

回复 at_wfg 的帖子

版主终于来了啊

2011-07-01,17:26:12

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows 7 Ultimate Edition Service Pack 1 (Build 7601) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
<PPS Accelerator><; D:\Program Files\PPS\ppsap.exe>  [File is missing]
<Google Update><; "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
<DAEMON Tools Lite><; "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun>  [(Verified)DT Soft Ltd]
<EPSON Stylus DX7400 Series><; C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_S67D4.tmp" /EF "HKCU">  [File is missing]
<YY><; D:\Program Files\duowan\yy-3.0\Start.exe>  [(Verified)Duowan Entertainment Information Technology (Beijing) Co., Ltd.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Google Pinyin 2 Autoupdater><"C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
<ITSecMng><%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START>  [(Verified)TOSHIBA CORPORATION]
<MSC><"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey>  [(Verified)Microsoft Corporation]
<Adobe ARM><; "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe">  [(Verified)Adobe Systems, Incorporated]
<Adobe Reader Speed Launcher><; "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)Adobe Systems, Incorporated]
<ATICustomerCare><; "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe">  [Advanced Micro Devices, Inc.]
<GrooveMonitor><; "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
<iTunesHelper><; "D:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
<Microsoft Pinyin IME Migration><; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
<NokiaMServer><; C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup>  [File is missing]
<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
<StartCCC><; "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun>  [File is missing]
<SunJavaUpdateSched><; "C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)Sun Microsystems, Inc.]
<TkBellExe><; "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe>  [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\Windows\System32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Web Platform Customizations><C:\Windows\System32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Bluetooth Manager]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk --> C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [TOSHIBA CORPORATION.]><N>
[Bluetooth Manager]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk --> C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [TOSHIBA CORPORATION.]><N>

==================================
服务
[AMD External Events Utility / AMD External Events Utility][Running/Auto Start]
  <C:\Windows\system32\atiesrxx.exe><AMD>
[Apple Mobile Device / Apple Mobile Device][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour 服务 / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[EPSON V3 Service4(01) / EPSON_PM_RPCV4_01][Stopped/Manual Start]
  <C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE><SEIKO EPSON CORPORATION>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod 服务 / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"><>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia>
[SonicStage Back-End Service / SonicStage Back-End Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe"><Sony Corporation>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[TOSHIBA Bluetooth Service / TOSHIBA Bluetooth Service][Running/Manual Start]
  <C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe><TOSHIBA CORPORATION>

==================================
驱动程序
[adp94xx / adp94xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adpahci.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdkmdag / amdkmdag][Running/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[amdkmdap / amdkmdap][Running/Manual Start]
  <system32\DRIVERS\atikmpag.sys><Advanced Micro Devices, Inc.>
[amdsata / amdsata][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\amdsata.sys><Advanced Micro Devices>
[amdsbs / amdsbs][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\amdsbs.sys><AMD Technologies Inc.>
[amdxata / amdxata][Running/Boot Start]
  <\SystemRoot\system32\drivers\amdxata.sys><Advanced Micro Devices>
[arc / arc][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\arcsas.sys><Adaptec, Inc.>
[ATI Function Driver for HD Audio Service / AtiHDAudioService][Running/Manual Start]
  <system32\drivers\AtihdW73.sys><Advanced Micro Devices>
[atikmdag / atikmdag][Stopped/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\bxvbdx.sys><Broadcom Corporation>
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start]
  <system32\DRIVERS\b57nd60x.sys><Broadcom Corporation>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\BrFiltLo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\BrFiltUp.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[Bluetooth AVRCP 配置文件 / BthAvrcp][Stopped/Manual Start]
  <system32\DRIVERS\BthAvrcp.sys><CSR, plc>
[cmdide / cmdide][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\evbdx.sys><Broadcom Corporation>
[elxstor / elxstor][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\elxstor.sys><Emulex>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <system32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
[HpSAMD / HpSAMD][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\HpSAMD.sys><Hewlett-Packard Company>
[Intel RAID Controller Windows 7 / iaStorV][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\iaStorV.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\iirsp.sys><Intel Corp./ICP vortex GmbH>
[LSI_FC / LSI_FC][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_fc.sys><LSI Corporation>
[LSI_SAS / LSI_SAS][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_sas.sys><LSI Corporation>
[LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_sas2.sys><LSI Corporation>
[LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\lsi_scsi.sys><LSI Corporation>
[megasas / megasas][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\MegaSR.sys><LSI Corporation, Inc.>
[MpKsl1fe22748 / MpKsl1fe22748][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFD826C1-9796-4FE8-AD28-DF1A4E5561B0}\MpKsl1fe22748.sys><N/A>
[MpKsl2e9ff847 / MpKsl2e9ff847][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F53EC9CD-A1FD-426C-88E6-C0E73747AA28}\MpKsl2e9ff847.sys><N/A>
[MpKsl2ffaa54d / MpKsl2ffaa54d][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F30F863-AF15-46A0-BA25-C4AC8B7BFEFE}\MpKsl2ffaa54d.sys><N/A>
[MpKsl503aaa1f / MpKsl503aaa1f][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{424E03FE-1D05-400D-A8FE-C23C1D7FA00D}\MpKsl503aaa1f.sys><N/A>
[MpKsl632efd58 / MpKsl632efd58][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3A43179-0802-4781-A2DC-02148375A4A5}\MpKsl632efd58.sys><N/A>
[MpKsl730012f7 / MpKsl730012f7][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3A43179-0802-4781-A2DC-02148375A4A5}\MpKsl730012f7.sys><N/A>
[MpKsl8aa76070 / MpKsl8aa76070][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{883BDCC7-C3E9-4732-AEFA-2A0743EC34BF}\MpKsl8aa76070.sys><N/A>
[MpKsl8d2d66ed / MpKsl8d2d66ed][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FA37DC0-95F2-4A19-AEAC-E207111079B9}\MpKsl8d2d66ed.sys><N/A>
[MpKsl940a5993 / MpKsl940a5993][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{548C3BAE-700D-4D1D-9A1E-8F3A9395FF25}\MpKsl940a5993.sys><N/A>
[MpKslbf48dec0 / MpKslbf48dec0][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{616FE0D1-5E91-4180-8811-E3637135A5B2}\MpKslbf48dec0.sys><N/A>
[MpKslc075c67b / MpKslc075c67b][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F02C5699-72E4-48AD-95D3-1C65EE28164B}\MpKslc075c67b.sys><N/A>
[MpKslc7eb321c / MpKslc7eb321c][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{879638DB-4E2B-4F2B-90FB-67BF8FDD86F5}\MpKslc7eb321c.sys><N/A>
[MpKslcdf57082 / MpKslcdf57082][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{594963CE-C74E-4524-A676-3CD3B4369762}\MpKslcdf57082.sys><N/A>
[MpKsld3408acc / MpKsld3408acc][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{915B93D6-2F95-445E-9D90-63F6DBAD955F}\MpKsld3408acc.sys><N/A>
[MpKsld7423ba5 / MpKsld7423ba5][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{338E91EB-7DCD-4650-A65C-14AC7A00EABF}\MpKsld7423ba5.sys><N/A>
[MpKslde052b43 / MpKslde052b43][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{971FA4CB-29C6-483F-80E6-950E82E54276}\MpKslde052b43.sys><N/A>
[MpKslf553b931 / MpKslf553b931][Stopped/System Start]
  <\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{563B6AA2-91C0-43D7-82B1-0030BB8907D4}\MpKslf553b931.sys><N/A>
[nfrd960 / nfrd960][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\nfrd960.sys><IBM Corporation>
[Nokia USB Phone Parent Driver / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Communication Driver / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Nokia USB Flashing Phone Parent / nmwcdnsu][Stopped/Manual Start]
  <system32\drivers\nmwcdnsu.sys><Nokia>
[Nokia USB Flashing Generic / nmwcdnsuc][Stopped/Manual Start]
  <system32\drivers\nmwcdnsuc.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[nvraid / nvraid][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[p2pfilter / p2pfilter][Stopped/Manual Start]
  <\??\D:\Program Files\P2Pzjz\p2pfilter.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql2300 / ql2300][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\ql2300.sys><QLogic Corporation>
[ql40xx / ql40xx][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\ql40xx.sys><QLogic Corporation>
[Serial port driver / Serial][Running/System Start]
  <system32\DRIVERS\serial.sys><Brother Industries Ltd.>
[SiSRaid2 / SiSRaid2][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[stexstor / stexstor][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\stexstor.sys><Promise Technology>
[Synth3dVsc / Synth3dVsc][Stopped/Manual Start]
  <System32\drivers\synth3dvsc.sys><N/A>
[Bluetooth COM Port / tosporte][Running/Manual Start]
  <system32\DRIVERS\tosporte.sys><TOSHIBA Corporation>
[Bluetooth RFBUS / tosrfbd][Running/Manual Start]
  <system32\DRIVERS\tosrfbd.sys><TOSHIBA CORPORATION>
[Bluetooth RFBNEP / tosrfbnp][Stopped/Manual Start]
  <System32\Drivers\tosrfbnp.sys><TOSHIBA Corporation>
[Bluetooth RFCOMM / Tosrfcom][Running/System Start]
  <System32\Drivers\tosrfcom.sys><TOSHIBA Corporation>
[Bluetooth RFHID / Tosrfhid][Running/Manual Start]
  <system32\DRIVERS\Tosrfhid.sys><TOSHIBA Corporation.>
[Bluetooth Personal Area Network / tosrfnds][Stopped/Manual Start]
  <system32\DRIVERS\tosrfnds.sys><TOSHIBA Corporation.>
[Bluetooth Audio / TosRfSnd][Stopped/Manual Start]
  <system32\drivers\tosrfsnd.sys><TOSHIBA Corporation>
[Bluetooth USB Controller / Tosrfusb][Running/Manual Start]
  <system32\DRIVERS\tosrfusb.sys><TOSHIBA CORPORATION>
[tsusbhub / tsusbhub][Stopped/Manual Start]
  <system32\drivers\tsusbhub.sys><N/A>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[VGPU / VGPU][Stopped/Manual Start]
  <System32\drivers\rdvgkmd.sys><N/A>
[viaide / viaide][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[Virtual Serial Bus Enumerator / vsbus][Running/Manual Start]
  <system32\DRIVERS\vsb.sys><N/A>
[ELTIMA Virtual Serial Ports Driver / vserial][Stopped/Manual Start]
  <System32\DRIVERS\vserial.sys><N/A>
[vsmraid / vsmraid][Stopped/Manual Start]
  <\SystemRoot\system32\DRIVERS\vsmraid.sys><VIA Technologies Inc.,Ltd>
[WINIO / WINIO][Stopped/Manual Start]

xuele · 2011-7-1 16:32:09

浏览器加载项
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL, (Signed) Microsoft Corporation>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\GreenSoft\Thunder\BHO\XunleiBHO7.1.4.2112.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[百度一下，你就知道!]
  {0036A2BA-F043-481D-81B1-BF9761EDB7DE} <http://www.sw777.cn, N/A>
[好站金牌网址!]
  {078EE8AC-3825-41EB-BADB-A8A4F21A6A56} <http://www.72227.cn, N/A>
[] 貌似就是这2个流氓但不知道该怎么删除
  {6AD31948-2ED9-4A2B-85EA-105DD4F656B4} <, >
[Java Plug-in 1.6.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_10]
  {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_10]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_10.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10m.ocx, (Signed) Adobe Systems, Inc.>
[PhotoDrawEx Class]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <C:\Program Files\Common Files\Tencent\QQPhotoDrawEx\QQPhotoDrawEx.2.27.171.429.dll, (Signed) Tencent>
[KuGoo3Down Control]
  {162AF25B-5A2A-448E-A842-194653EF3E05} <C:\Windows\System32\KuGoo3DownXControl.ocx, N/A>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <D:\Program Files\qq2010\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\System32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\GreenSoft\Thunder\BHO\ThunderAgent7.1.4.2112.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {4990272A-0655-4D80-90A7-C18D0FF7A4A9} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL, (Signed) Microsoft Corporation>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[XunleiBHO Class]
  {802F530B-A8F6-4631-AE49-6BACAAC6373E} <D:\GreenSoft\Thunder\BHO\XunleiBHO7.1.4.2112.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\GreenSoft\Thunder\BHO\XunleiBHO7.1.4.2112.dll, (Signed) 深圳市迅雷网络技术有限公司>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7104.319.(451).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.32.(451).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7104.319.(451).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[Google Update Plugin]
  {C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} <C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll, (Signed) Google Inc.>
[Google Update Plugin]
  {C442AC41-9200-4770-8CC0-7CDB4F245C55} <C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll, (Signed) Google Inc.>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10m.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <D:\Program Files\qq2010\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, N/A>
[RevealTrans]
  {E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\Windows\System32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[SSOForPTLogin2 Class]
  {EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.12\Bin\SSOAxCtrlForPTLogin.dll, (Signed) >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[信息检索(&R)]
  {FF059E31-CC5A-4E2E-BF3B-96E929D65503} <D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[使用迅雷下载]
  <D:\GreenSoft\Thunder\BHO\Geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\GreenSoft\Thunder\BHO\Getallurl.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A>

xuele · 2011-7-1 16:33:18

正在运行的进程
[PID: 276 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 384 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 572 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 584 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 620 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 636 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 644 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 732 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 796 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 872 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\user32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 936 / SYSTEM][C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe]  [Microsoft Corporation, 3.0.8107.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1000 / SYSTEM][C:\Windows\system32\atiesrxx.exe]  [AMD, 6.14.11.1085]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1092 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 1144 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1204 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 1348 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 1408 / SYSTEM][C:\Windows\system32\atieclxx.exe]  [AMD, 6.14.11.1085]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\atiadlxx.dll]  [Advanced Micro Devices, Inc., 6.14.10.1054]
[PID: 1508 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 1652 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[C:\Windows\System32\E_FLBCDE.DLL]  [SEIKO EPSON CORPORATION, 2, 4, 0, 0]
[C:\Windows\System32\tbtmon.dll]  [TOSHIBA CORPORATION., 6, 2, 0, 0]
[C:\Windows\System32\tbtmon98Language.dll]  [TOSHIBA CORPORATION., 5, 0, 1204, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtHcrpAPI.dll]  [TOSHIBA CORPORATION., 5, 0, 1201, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FUICCDE.DLL]  [SEIKO EPSON CORP., 0. 3. 50, 49]
[C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FMAICDE.DLL]  [SEIKO EPSON Corporation, 0. 3. 1.10]
[PID: 1720 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1756 / Administrator][C:\Windows\system32\taskhost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 1836 / Administrator][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\atiuxpag.dll]  [Advanced Micro Devices, Inc. , 8.14.01.6187]
[C:\Windows\system32\aticfx32.dll]  [ATI Technologies Inc. , 8.17.10.1065]
[C:\Windows\system32\atidxx32.dll]  [ATI Technologies Inc. , 8.17.10.0337]
[PID: 1868 / Administrator][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.6195]
[C:\Windows\system32\FXSAPI.dll]  [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamchs.dll]  [Advanced Micro Devices, Inc., 6.14.10.2001]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll]  [TOSHIBA, 7.0.9724.2]
[D:\Program Files\WinRAR\rarext.dll]  [, ]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 288 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 2.0.3.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 388 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1432 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 2544 / LOCAL SERVICE][C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe]  [Microsoft Corporation, 3.0.8107.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 2744 / LOCAL SERVICE][C:\Windows\system32\WUDFHost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 2816 / Administrator][C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe]  [Google Inc., 2.3.13.82]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 2968 / Administrator][C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe]  [N/A, ]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 2976 / Administrator][C:\Program Files\Microsoft Security Client\msseces.exe]  [Microsoft Corporation, 2.0.0657.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 2988 / Administrator][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.5446 (Win7SP1GDR.050727-5400)]
[C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\NetworkUtilizationv1.1.3.0.Gadget\netlib.dll]  [Jonathan Abbott, 1.0.2588.9125]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\acbc57d41499fbc2b99194148786c677\System.ni.dll]  [Microsoft Corporation, 2.0.50727.5442 (Win7SP1GDR.050727-5400)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\338f3c91a0bea33a07a4611d324bf73a\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c68401de935c813374253d4fc2a18f6a\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\09915f4b2c72f7177d037c90be074ea4\Microsoft.VisualBasic.ni.dll]  [Microsoft Corporation, 8.0.50727.5420 (Win7SP1.050727-5400)]
[PID: 3140 / Administrator][D:\Program Files\PPS影音\ppsap.exe]  [PPStream Inc, 1, 0, 11, 296]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[D:\Program Files\PPS影音\Vodnet.dll]  [PPStream Inc., 1, 0, 11, 380]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[D:\Program Files\PPS影音\Vodres.dll]  [PPStream Inc., 1, 0, 11, 380]
[D:\Program Files\PPS影音\fds.dll]  [PPStream Inc., 1, 0, 0, 105]
[PID: 3188 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe]  [TOSHIBA CORPORATION., 7.0.9826.34]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosHdpAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 10, 821]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll]  [TOSHIBA CORPORATION., 6,20,8530,0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll]  [TOSHIBA CORPORATION., 7.0.9623.3]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosAvAPI.dll]  [TOSHIBA CORPORATION., 5.00.6804.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtSDDB.dll]  [TOSHIBA CORPORATION., 6, 3, 0, 1]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll]  [TOSHIBA CORPORATION., 6.3.8z16.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosCommAPI.dll]  [TOSHIBA CORPORATION., 6, 2, 731, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosLaneAPI.dll]  [TOSHIBA CORPORATION., 1, 0, 3, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LCWizard.dll]  [TOSHIBA CORPORATION, 6.3.9514.1]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtUsrMod.dll]  [TOSHIBA CORPORATION, 1, 01, 11, US]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosHidAPI.dll]  [TOSHIBA CORPORATION., 6, 2, 731, 0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosGnsAPI.dll]  [TOSHIBA CORPORATION., 5, 0, 0, 1]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\OemBtAcpiAPI.dll]  [TOSHIBA CORPORATION., 6, 2, 0, 1]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll]  [TOSHIBA CORPORATION, 6, 0, 0, 1]
[PID: 3372 / SYSTEM][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe]  [TOSHIBA CORPORATION, 7, 0, 730, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 3544 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 3728 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe]  [Microsoft Corporation, 12.0.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 4076 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe]  [TOSHIBA CORPORATION., 7.0.9608.3]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtECCAPI.dll]  [TOSHIBA CORPORATION., 3.00.8204.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosAvdtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9821.1]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosSndAPI.dll]  [TOSHIBA CORPORATION., 5.00.7117.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosSndPlug.dll]  [TOSHIBA CORPORATION., 7.0.9811.8]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 2072 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe]  [TOSHIBA CORPORATION., 6, 2, 0, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 2200 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe]  [TOSHIBA CORPORATION., 7.00.00.90603]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtECCAPI.dll]  [TOSHIBA CORPORATION., 3.00.8204.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LCWizard.dll]  [TOSHIBA CORPORATION, 6.3.9514.1]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosSndAPI.dll]  [TOSHIBA CORPORATION., 5.00.7117.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosSndPlug.dll]  [TOSHIBA CORPORATION., 7.0.9811.8]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 1668 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe]  [TOSHIBA CORPORATION., 6.40.9403.2]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosAvctAPI.dll]  [TOSHIBA CORPORATION., 6.3.8x27.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 3220 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe]  [TOSHIBA CORPORATION., 7.0.9707.3]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosNtfs.dll]  [TOSHIBA Corporation, 1, 4, 0, 188]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LCWizard.dll]  [TOSHIBA CORPORATION, 6.3.9514.1]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 1680 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe]  [TOSHIBA CORPORATION., 7.0.9721.3]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.dll]  [TOSHIBA CORPORATION., 7.0.9617.1]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll]  [TOSHIBA CORPORATION., 7.0.9630.8]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll]  [TOSHIBA CORPORATION., 7, 0, 521, 0]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 3768 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\user32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1536 / SYSTEM][C:\Windows\servicing\TrustedInstaller.exe]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 5368 / Administrator][C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll]  [Google Inc., 12.0.742.112]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll]  [The ICU Project, 4, 6, 0, 0]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 5272 / Administrator][C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll]  [Google Inc., 12.0.742.112]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll]  [The ICU Project, 4, 6, 0, 0]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll]  [, 1, 0, 0, 1]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avcodec-52.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avutil-50.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avformat-52.dll]  [N/A, ]
[PID: 4920 / Administrator][C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll]  [Google Inc., 12.0.742.112]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll]  [The ICU Project, 4, 6, 0, 0]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll]  [, 1, 0, 0, 1]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avcodec-52.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avutil-50.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avformat-52.dll]  [N/A, ]
[PID: 4764 / Administrator][C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll]  [Google Inc., 12.0.742.112]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll]  [The ICU Project, 4, 6, 0, 0]
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.2_0\xl_chrome.dll]  [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 0, 1]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[PID: 5864 / Administrator][C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe]  [Google Inc., 0.0.0.0]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll]  [Google Inc., 12.0.742.112]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll]  [The ICU Project, 4, 6, 0, 0]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll]  [, 1, 0, 0, 1]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avcodec-52.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avutil-50.dll]  [N/A, ]
[C:\Users\Administrator\AppData\Local\Google\Chrome\Application\12.0.742.112\avformat-52.dll]  [N/A, ]
[PID: 776 / LOCAL SERVICE][C:\Windows\system32\AUDIODG.EXE]  [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 1796 / Administrator][C:\Users\Administrator\Downloads\sreng2分析报告\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
[C:\Windows\system32\user32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 5112 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe]  [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 4880 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe]  [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 3676 / Administrator][C:\Users\Administrator\Downloads\sreng2分析报告\SRE63422397.EXE]  [Smallfrogs Studio, 2.8.4.1331]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 4832 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[PID: 4772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)]
[C:\Windows\system32\USER32.dll]  [Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[C:\Windows\system32\aticfx32.dll]  [ATI Technologies Inc. , 8.17.10.1065]
[C:\Windows\system32\atiuxpag.dll]  [Advanced Micro Devices, Inc. , 8.14.01.6187]
[C:\Windows\system32\atidxx32.dll]  [ATI Technologies Inc. , 8.17.10.0337]
[C:\Windows\system32\GOOGLEPINYIN2.IME]  [Google Inc., 2.3.13.82]
[D:\GreenSoft\Thunder\BHO\XunleiBHO7.1.4.2112.dll]  [深圳市迅雷网络技术有限公司, 7,1,4,2112]
[C:\Windows\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 2.0.3.0]
[C:\Windows\system32\Macromed\Flash\Flash10m.ocx]  [Adobe Systems, Inc., 10,2,152,26]
[D:\GreenSoft\Thunder\BHO\xldb.7.1.4.2112.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 1, 6]
[D:\GreenSoft\Thunder\BHO\xldp.7.1.4.2112.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 23]

==================================
文件关联
.TXT  Error. [C:\Windows\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS Error. [C:\Windows\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

xuele · 2011-7-1 16:33:55

计划任务
[已启用] \\GoogleUpdateTaskUserS-1-5-21-1659575620-1723081784-2199623845-500Core
      C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /c
[已启用] \\GoogleUpdateTaskUserS-1-5-21-1659575620-1723081784-2199623845-500UA
      C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[已启用] \\RealUpgradeLogonTaskS-1-5-21-1659575620-1723081784-2199623845-500
      C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck
[已启用] \\RealUpgradeScheduledTaskS-1-5-21-1659575620-1723081784-2199623845-500
      C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
[已启用] \\SidebarExecute
      C:\Program Files\Windows Sidebar\sidebar.exe /scheduledcheck
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
      %windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      %windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
      aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
      %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
      %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
      BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
      N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
      N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      %SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
      %windir%\system32\defrag.exe -c
[已启用] \Microsoft\Windows\Location\Notifications
      %windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
      N/A
[已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
      %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
      %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
      %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ehDRMInit
      %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已启用] \Microsoft\Windows\Media Center\InstallPlayReady
      %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已启用] \Microsoft\Windows\Media Center\mcupdate
      %SystemRoot%\ehome\mcupdate $(Arg0)
[已启用] \Microsoft\Windows\Media Center\mcupdate_scheduled
      %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\OCURActivate
      %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已启用] \Microsoft\Windows\Media Center\OCURDiscovery
      %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已启用] \Microsoft\Windows\Media Center\PBDADiscovery
      %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
      %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
      %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
      %windir%\ehome\MCUpdate.exe -pscn 0
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
      %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
      %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
      %SystemRoot%\ehome\ehrec /RestartRecording
[已启用] \Microsoft\Windows\Media Center\RegisterSearch
      %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
      %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
      %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\StartRecording
      %SystemRoot%\ehome\ehrec /StartRecording
[已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
      %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
      N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
      %windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
      N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
      %windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
      N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
      N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      %SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
      N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
      N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
      N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
      N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
      N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
      %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
      %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
      %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
      %windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
      sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
      N/A
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
      %windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
      %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
      N/A

at_wfg · 2011-7-2 13:48:04

本帖最后由 at_wfg 于 2011-7-2 13:51 编辑

回复 xuele 的帖子

呵呵，你自己都找到了，就容易解决了嘛，接着用SReng啊，在系统修复——浏览器加载项里就可以删了。
ps：下次发个文件吧，或者把你觉得有问题的地方单独再标出来。鼠标滚轮不是这样用法嘛

xuele · 2011-7-2 17:21:09

本帖最后由 xuele 于 2011-7-2 17:22 编辑

回复 at_wfg 的帖子

在浏览器加载项里删除可疑的那几行后问题依旧
其实在发帖求助前在网上找了好多所谓的方法试过了都无效
无奈刚才下载了360安全卫士安装好后就直接提示浏览器有恶意插件然后删除整个世界清静了哈哈
只有流氓才能对付流氓，古人诚不欺我！

补充:完了就卸载360 了对这家伙实在没啥好印象

at_wfg · 2011-7-3 02:04:15

回复 xuele 的帖子

少说了一句，可能有点误导你了。用SReng的时候，先看详情，找到加载的文件位置，删除该文件，再删除加载项，同时还要查一下shell，隐藏有数字签名的可以帮助你快速查看。这软件功能强大，就是要自己手动删。如果你知道如何配合System Explorer等这样的系统监测工具使用的话，效果会更好。当然，没有360那么傻瓜，360的某些功能还是不错的，我一般会备一个绿色版。至于其它的流氓程序清除工具还是有很多的，比如你搜一下Malwarebytes‘Anti-Malware

工具找自己用的顺手的最好。

帐号		自动登录	找回密码
密码			注册

xuele 当前离线战斗水晶精华帖子 0 积分 10958 头像被屏蔽 xuele	显示全部楼层阅读模式提示: 该帖被管理员或版主屏蔽 2011-6-30 15:32:26
xuele 当前离线战斗水晶精华帖子 0 积分 10958 头像被屏蔽 xuele
	回复使用道具举报提升卡沉默卡喧嚣卡千斤顶

求助 IE9 主页被篡改为 http://www.2637.cn/?j

点评