vmsnap3.exe_电脑加载lol很慢_用tgp启动lol要很久

原帖由 ZHIHUA 于 2008-2-2 10:51 发表

找病毒源头用sreng的智能扫描功能，不会看日志就发上来。

360如果开不了，把360safe.exe改名为类似12.com之类的再运行试试

用这方法打开了360.查到3、4个木马和一些恶评插件。已经全部清除了。

关于这个扫描日志 ，是这个吗？

2008-02-02,11:24:24

System Repair Engineer 2.5.16.900

Smallfrogs ()

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：

所有的启动项目（包括注册表、启动文件夹、服务等）

浏览器加载项

正在运行的进程（包括进程模块信息）

文件关联

Winsock 提供者

Autorun.inf

HOSTS 文件

进程特权扫描

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>[(Verified)Microsoft Windows Publisher]

<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>[(Verified)Microsoft Windows Publisher]

<Camfrog><"D:\cfc_49590\Camfrog Video Chat\CamfrogNet.exe" 0 D:\cfc_49590\Camfrog Video Chat\Camfrog Video Chat.exe>[N/A]

<eMuleAutoStart><E:\电驴\eMule\eMule.exe -AutoStart>[(Verified)"Shanghai Source Networking Technology Co., Ltd"]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>[(Verified)Microsoft Windows Publisher]

<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>[(Verified)Microsoft Windows Publisher]

<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>[(Verified)Microsoft Windows Publisher]

<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>[ATI Technologies, Inc.]

<SoundMan><SOUNDMAN.EXE>[(Verified)Microsoft Windows Publisher]

<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMS0A\IMSCMIG.EXE /Preload>[(Verified)Microsoft Corporation]

<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot>[(Verified)"RealNetworks, Inc."]

<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>[Symantec Corporation]

<msmsgs><C:\Program Files\Internet Explorer\explorer.exe>[N/A]

<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>[奇虎网]

<VMSnap3><C:\WINDOWS\VMSnap3.EXE>[ZSMCSNAP]

<Domino><C:\WINDOWS\Domino.EXE>[Vimicro]

<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>[N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

<shell><Explorer.exe>[(Verified)Microsoft Windows Publisher]

<Userinit><C:\WINDOWS\system32\userinit.exe,>[]

<UIHost><logonui.exe>[(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>[(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>[N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>[N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>[N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>[N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>[(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-b4-00c04fd912be}]

<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>[(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>[(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>[N/A]

==================================

启动文件夹

[QQ游戏启动加速程序]

<C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQ\QQGAME\Accel.exe [深圳市腾讯计算机系统]><N>

==================================

服务

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]

<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>

[ATI Smart / ATI Smart][Stopped/Auto Start]

<C:\WINDOWS\system32\ati2sgag.exe><>

[DefWatch / DefWatch][Running/Auto Start]

<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>

[Human Intece Device Access / HidServ][Stopped/Disabled]

<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[KailleraServer / KailleraServer][Stopped/Manual Start]

<C:\WINDOWS\system32\kaillera\srvany.exe><N/A>

[kailleraServerJK / kailleraServerJK][Stopped/Manual Start]

<C:\WINDOWS\system32\kaillera\srvany.exe><N/A>

[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]

<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>

[Windows pmvs RunThem / pmvs][Stopped/Auto Start]

<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\khqn\urax.dll><N/A>

==================================

驱动程序

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>

[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]

<\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>

[ati2mtag / ati2mtag][Running/Manual Start]

<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>

[deellglx / deellglx][Running/Boot Start]

<\SystemRoot\System32\DRIVERS\deellglx.sys><Yahoo! China Corporation>

[DeepFree Update / DeepFree Update][Stopped/Manual Start]

<\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>

[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]

<system32\DRIVERS\e100b325.sys><Intel Corporation>

[NAP / NAP][Running/Manual Start]

<\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAP.sys><Symantec Corporation>

[NAPEL / NAPEL][Running/Auto Start]

<\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAPEL.SYS><Symantec Corporation>

[NENG / NENG][Running/Manual Start]

<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NENG.sys><Symantec Corporation>

[NEX15 / NEX15][Running/Manual Start]

<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NEX15.sys><Symantec Corporation>

[npkcrypt / npkcrypt][Stopped/Auto Start]

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[QKeyServiceDisplay / QKeyService][Running/Boot Start]

<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>

[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]

<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

[Secdrv / Secdrv][Running/Auto Start]

<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[SymEvent / SymEvent][Running/Manual Start]

<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>

[TesSafe / TesSafe][Stopped/Manual Start]

<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

[vmfilter303 / vmfilter303][Running/Manual Start]

<system32\drivers\vmfilter303.sys><Vimicro Corporation>

[wjrxiip / wjrxiipn][Stopped/Boot Start]

<\SystemRoot\System32\DRIVERS\wjrxiipn.sys><N/A>

[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]

<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]

<System32\Drivers\usbVM31b.sys><N/A>

[LEZER 303 PC Camera (Vimicro301 Neptune) / ZSMC303][Running/Manual Start]

<System32\Drivers\usbVM303.sys><Vimicro Corporation>

[24296 / 24296][Running/]

<2 - 系统找不到指定的文件。

><N/A>

[msskye / msskye][Stopped/Auto Start]

<system32\DRIVERS\msaclue.sys><N/A>

==================================

浏览器加载项

[FG2CatchUrl]

{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[NavigatMon Class]

{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>

[信息检索(&R)]

{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>

[Messenger]

{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>

[Windows Genuine Advantage Validation Tool]

{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>

[WebActivater Control]

{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>

[Shockwave Flash Object]

{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

[PasswordEditCtrl Class]

{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）>

[ActiveMovieControl Object]

{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>

[FG2CatchUrl]

{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[Windows Media Player]

{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>

[HTML Document]

{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>

[DHTML Edit Control Safe for Scripting for IE5]

{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>

[IETag Factory]

{38481807-CA0E-42D2-BF39-B33AF135CD} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>

[XML Document]

{48123B-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>

[Shell Name Space]

{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>

[WUWebControl Class]

{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>

[Windows Media Player]

{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[360SafeLive]

{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>

[Microsoft Web 浏览器]

{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>

[RMGetLicense Class]

{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>

[WebVGPlayer Class]

{AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\PROGRA~1\kt88\MyPlayer.dll, >

[Qzone Media Tools]

{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <E:\QQ\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>

[Microsoft Scriptlet Component]

{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>

[SearchAssistantOC]

{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[NavigatMon Class]

{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>

[RDS.DataSpace]

{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>

[WebActivater Control]

{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>

[AUDIO__MID Moniker Class]

{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[AUDIO__X_MS_WMA Moniker Class]

{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[VIDEO__X_MS_ASF Moniker Class]

{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>

[RealPlayer G2 Control]

{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>

[Shockwave Flash Object]

{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

[TencentVmpCtl Class]

{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>

[PasswordEditCtrl Class]

{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）>

[IEDown Class]

{F917534D-535B-416B-8E8F-0C04756C31A8} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>

[FG2CatchUrl]

{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <E:\QQ\FlashGet\ComDlls\bhoCATCH.dll, FlashGet>

[&使用快车(FlashGet)下载]

<E:\QQ\FlashGet\ComDlls\Bholink.htm, N/A>

[&使用快车(FlashGet)下载全部链接]

<E:\QQ\FlashGet\ComDlls\Bhoall.htm, N/A>

[导出到 Microsoft Office Excel(&X)]

<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

[添加到QQ表情]

<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

正在运行的进程

[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 492 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\Ati2evxx.dll][ATI Technologies Inc., 6.14.10.4107]

[C:\WINDOWS\system32\NavLogon.dll][N/A, ]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 560 / SYSTEM][C:\WINDOWS\system32\services.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\AppPatch\AcAdProc.dll][Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]

[PID: 572 / SYSTEM][C:\WINDOWS\system32\lsass.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 720 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe][ATI Technologies Inc., 6.14.10.4107]

[C:\WINDOWS\system32\Ati2edxx.dll][ATI Technologies, Inc., 6, 14, 10, 2495]

[PID: 732 / SYSTEM][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\wups2.dll][Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 904 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1032 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1240 / user][C:\WINDOWS\system32\Ati2evxx.exe][ATI Technologies Inc., 6.14.10.4107]

[C:\WINDOWS\system32\Ati2edxx.dll][ATI Technologies, Inc., 6, 14, 10, 2495]

[PID: 1276 / user][C:\WINDOWS\system32\userinit.exe][N/A, ]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 1300 / user][C:\windows\explorer.exe][Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

[C:\WINDOWS\system32\WPDShServiceObj.dll][Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

[C:\WINDOWS\system32\PortableDeviceTypes.dll][Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

[C:\WINDOWS\system32\PortableDeviceApi.dll][Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll][Microsoft Corporation, 11.0.5510]

[C:\Program Files\WinRAR\rarext.dll][N/A, ]

[D:\Unlocker1.8.5\UnlockerCOM.dll][N/A, ]

[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll][Symantec Corporation, 8.1.0.821]

[PID: 1376 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe][Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

[C:\WINDOWS\system32\mdimon.dll][Microsoft Corporation, 11.3.1897.0]

[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll][Microsoft Corporation, 11.3.1897.0]

[PID: 1588 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe][Symantec Corporation, 8.1.0.821]

[PID: 1672 / SYSTEM][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe][Symantec Corporation, 8.1.0.821]

[C:\WINDOWS\system32\CBA.DLL][Intel? Corporation, 6.12.0.105 E]

[C:\WINDOWS\system32\MsgSys.dll][Intel? Corporation, 6.12.0.105 E]

[C:\WINDOWS\system32\NTS.dll][Intel? Corporation, 6.12.0.105 E]

[C:\WINDOWS\system32\PDS.DLL][Intel? Corporation, 6.12.0.105 E]

[C:\PROGRA~1\SYMANT~1\SYMANT~1\NLU.dll][Symantec Corporation, 8.1.0.821]

[C:\PROGRA~1\SYMANT~1\SYMANT~1\NNTUTL.DLL][Symantec/Peter Norton Group, 1, 0, 0, 1]

[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll][Symantec Corporation, 8.1.0.821]

[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAPI32.DLL][Symantec Corp., 4.2.0.7]

[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NEX32a.DLL][Symantec Corporation, 20071.4.1.10]

[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080201.007\NENG32.DLL][Symantec Corporation, 20071.4.1.10]

[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAP32.DLL][Symantec Corporation, 9.1.0.26]

[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll][Symantec Corporation, 8.1.0.821]

[PID: 1760 / SYSTEM][C:\WINDOWS\system32\svchost.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 356 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 976 / user][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe][ATI Technologies, Inc., 6.14.10.5125]

[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll][ATI Technologies, Inc., 6.14.10.5125]

[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS][ATI Technologies, Inc., 6.14.10.5125]

[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll][ATI Technologies, Inc., 6.14.10.5125]

[PID: 1056 / user][C:\WINDOWS\SOUNDMAN.EXE][Realtek Semiconductor Corp., 5.1.02]

[PID: 612 / user][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe][Symantec Corporation, 8.1.0.821]

[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll][Symantec Corporation, 8.1.0.821]

[C:\PROGRA~1\SYMANT~1\SYMANT~1\NNTUTL.DLL][Symantec/Peter Norton Group, 1, 0, 0, 1]

[PID: 1480 / user][C:\WINDOWS\VMSnap3.EXE][ZSMCSNAP, 3, 6, 818, 7]

[C:\WINDOWS\system32\msdmo.dll][, ]

[C:\WINDOWS\system32\VM30rp.Ax][Vimicro, 3, 6, 411, 13]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 1488 / user][C:\WINDOWS\Domino.EXE][Vimicro, 4, 2, 1124, 6]

[C:\WINDOWS\system32\msdmo.dll][, ]

[PID: 1496 / user][C:\WINDOWS\system32\ctfmon.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 680 / user][C:\Program Files\Messenger\msmsgs.exe][Microsoft Corporation, 4.7.3001]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 1424 / user][E:\电驴\eMule\eMule.exe][, 0.48.0.80126 Unicode]

[E:\电驴\eMule\config\antiLeech.dll][, 31]

[E:\电驴\eMule\lang\zh_CN.dll][, 0.48.0.80126]

[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx][Adobe Systems, Inc., 9,0,115,0]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 1772 / user][D:\cfc_49590\Camfrog Video Chat\Camfrog Video Chat.exe][Camshare LLC, 4, 0, 0, 47]

[D:\cfc_49590\Camfrog Video Chat\usability.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\MSVCP71.dll][Microsoft Corporation, 7.10.3077.0]

[D:\cfc_49590\Camfrog Video Chat\MSVCR71.dll][Microsoft Corporation, 7.10.3052.4]

[D:\cfc_49590\Camfrog Video Chat\cfresource.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\controls.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\AnimationEmote.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\ctrlelem_pack.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\mdlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\addnotifylg.dll][, 1, 0, 0, 1]

[D:\cfc_49590\Camfrog Video Chat\modules\cfhistlg.dll][Camshare LLC, 3.82.0.33]

[D:\cfc_49590\Camfrog Video Chat\modules\chrl_ul_dlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\imdlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\medlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\FileExch.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\media.dll][Camshare LC, 3, 90, 0, 33]

[D:\cfc_49590\Camfrog Video Chat\audiocodec.dll][Camshare LC, 3, 90, 0, 33]

[D:\cfc_49590\Camfrog Video Chat\audiosource.dll][Camshare LC, 3, 90, 0, 33]

[D:\cfc_49590\Camfrog Video Chat\videocodec.dll][Camshare LC, 3, 90, 0, 33]

[D:\cfc_49590\Camfrog Video Chat\avcodec.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\videosource.dll][Camshare LC, 3, 90, 0, 33]

[D:\cfc_49590\Camfrog Video Chat\nwlayer.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\room_dlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\setlg.dll][, 1, 0, 0, 1]

[D:\cfc_49590\Camfrog Video Chat\modules\smplelg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\vwdlg.dll][N/A, ]

[D:\cfc_49590\Camfrog Video Chat\modules\wizdlg.dll][, 1, 0, 0, 1]

[D:\cfc_49590\Camfrog Video Chat\net\cmfrgnet.dll][N/A, ]

[C:\WINDOWS\system32\msdmo.dll][, ]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 2468 / user][C:\WINDOWS\system32\conime.exe][Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[PID: 2596 / user][C:\WINDOWS\system32\wuauclt.exe][Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[C:\WINDOWS\system32\wups2.dll][Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

[PID: 2808 / user][C:\PROGRA~1\360SAFE\safemon\360Tray.exe][奇虎网, 3, 6, 1, 1001]

[C:\PROGRA~1\360SAFE\safemon\SafeKrnl.dll][奇虎网, 3, 6, 0, 1001]

[C:\PROGRA~1\360SAFE\AntiAdwa.dll][360Safe.com, 3, 6, 1, 1001]

[C:\PROGRA~1\360SAFE\live.dll][360safe.com, 1, 0, 1, 1020]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[C:\WINDOWS\cccfaxxx.dll][N/A, ]

[C:\WINDOWS\ymgqvvir.dll][N/A, ]

[PID: 3244 / user][E:\QQ\FlashGet\FlashGet.exe][FLASHGET, 2, 4, 1, 1142]

[E:\QQ\FlashGet\storage.dll][FLASHGET, 2, 0, 0, 1003]

[E:\QQ\FlashGet\dbghelp.dll][Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

[E:\QQ\FlashGet\CrashRpt.dll][FlashGet, 1.0.0.1002]

[E:\QQ\FlashGet\LiveUpdateUI.dll][FLASHGET, 1, 1, 0, 1002]

[E:\QQ\FlashGet\modules\ComHelper\ComHelper.dll][FLASHGET, 1, 0, 0, 1002]

[E:\QQ\FlashGet\modules\Downstat\Downstat.dll][FLASHGET, 1, 0, 0, 1008]

[E:\QQ\FlashGet\modules\P4pclient\P4pclient.dll][ , 1, 0, 0, 1005]

[E:\QQ\FlashGet\modules\SearchTop\SearchTop.dll][FLASHGET, 1, 0, 0, 1002]

[E:\QQ\FlashGet\modules\Security\Security.dll][ FlashGet, 1, 0, 0, 1005]

[E:\QQ\FlashGet\modules\SnapShot\SnapShot.dll][ FlashGet, 1, 0, 0, 1023]

[E:\QQ\FlashGet\modules\SoBar\SoBar.dll][FLASHGET, 1, 0, 0, 1003]

[E:\QQ\FlashGet\modules\TaskNotifier\tasknotifier.dll][FLASHGET, 1, 0, 0, 1002]

[E:\QQ\FlashGet\modules\garage\garage.dll][FLASHGET, 1, 0, 0, 1002]

[E:\QQ\FlashGet\btcore.dll][FLASHGET, 2.0.0.40]

[E:\QQ\FlashGet\p2spmgr.dll][FLASHGET, 1, 7, 11, 23]

[E:\QQ\FlashGet\p2snetio.dll][FLASHGET, 1, 0, 0, 7925]

[E:\QQ\FlashGet\p2sprot.dll][FLASHGET, 1, 7, 11, 16]

[E:\QQ\FlashGet\p2pprot.dll][FLASHGET, 1, 7, 11, 16]

[E:\QQ\FlashGet\p2pcore.dll][FlashGet, 1.0.6.1071]

[E:\QQ\FlashGet\btwrap.dll][FLASHGET, 1, 0, 1, 1007]

[E:\QQ\FlashGet\p2spwrap.dll][FLASHGET, 1, 0, 1, 1008]

[E:\QQ\FlashGet\hashgen.dll][FLASHGET, 1, 0, 0, 1]

[E:\QQ\FlashGet\testwrap.dll][N/A, ]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx][Adobe Systems, Inc., 9,0,115,0]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[C:\WINDOWS\cccfaxxx.dll][N/A, ]

[C:\WINDOWS\ymgqvvir.dll][N/A, ]

[PID: 4064 / user][D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\Maxthon.exe][Maxthon International Ltd., 1, 6, 2, 60]

[D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\maxzlib.dll][ , 1, 0, 0, 2]

[C:\WINDOWS\system32\odbcbcp.dll][Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]

[C:\PROGRA~1\PASOFTS\ESales\bin\dbctrs8.dll][iAnywhere Solutions, Inc., 8.0.2.4272]

[C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL][Microsoft Corporation, 11.0.5601]

[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll][Microsoft Corporation, 11.0.5606]

[D:\mx_1.6.2.60cn\Maxthon_1.6.2.60cn\Maxthon\Services\RealTime\real_time.dll][, 1, 0, 0, 1]

[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx][Adobe Systems, Inc., 9,0,115,0]

[C:\WINDOWS\system32\msacm32.drv][Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[C:\WINDOWS\cccfaxxx.dll][N/A, ]

[C:\WINDOWS\ymgqvvir.dll][N/A, ]

[PID: 1740 / user][D:\sreng2\SREngPS.EXE][Smallfrogs Studio, 2.5.16.900]

[PID: 344 / user][D:\sreng2\SREngPS.EXE][Smallfrogs Studio, 2.5.16.900]

[D:\sreng2\Upload\3rdUpd.DLL][Smallfrogs Studio, 2, 1, 0, 15]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[C:\WINDOWS\cccfaxxx.dll][N/A, ]

[C:\WINDOWS\ymgqvvir.dll][N/A, ]

[C:\WINDOWS\system32\rxdipuywow.dll][Microsoft Corporation, 5.1.2600.3099]

[PID: 1296 / user][C:\Program Files\Internet Explorer\iexplore.exe][Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[E:\QQ\FlashGet\ComDlls\bhoCATCH.dll][FlashGet, 2, 0, 2, 1011]

[C:\WINDOWS\system32\msxmlfilta.dll][Microsoft Corporation, 1.0.0.1]

[C:\WINDOWS\system32\HDDGuard.dll][N/A, ]

[C:\WINDOWS\cccfaxxx.dll][N/A, ]

[C:\WINDOWS\ymgqvvir.dll][N/A, ]

[C:\WINDOWS\system32\rxdipuywow.dll][Microsoft Corporation, 5.1.2600.3099]

==================================

文件关联

.TXTError. [C:\WINDOWS\notepad.exe %1]

.EXEOK. ["%1" %*]

.COMOK. ["%1" %*]

.PIFOK. ["%1" %*]

.REGOK. [regedit.exe "%1"]

.BATOK. ["%1" %*]

.SCROK. ["%1" /S]

.CHMError. ["hh.exe" %1]

.HLPOK. [%SystemRoot%\System32\winhlp32.exe %1]

.INIError. [C:\WINDOWS\System32\NOTEPAD.EXE %1]

.INFOK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBSOK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNKOK. [{00021401-0000-0000-C000-000000000046}]

==================================

Winsock 提供者

N/A

==================================

Autorun.inf

N/A

==================================

HOSTS 文件

127.0.0.1 localhost

127.0.0.1yu.8s7.net

127.0.0.11.jopanqc.com

127.0.0.12.joppnqq.com

127.0.0.1wg.47255.com

127.0.0.11.joppnqq.com

127.0.0.1xxx.m111.biz

127.0.0.11.jopenqc.com

127.0.0.11.jopenkk.com

127.0.0.1xxx.vh7.biz

127.0.0.1xxx.j41m.com

127.0.0.13.joppnqq.com

127.0.0.1d.93se.com

127.0.0.1

127.0.0.1xxx.mmma.biz

127.0.0.1ilove.com

127.0.0.1tp.shpzhan.cn

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1xx.exiao01.com

127.0.0.1

127.0.0.1

127.0.0.1new.749571.com

127.0.0.1xtx.kv8.info

127.0.0.1cao.kv8.info

127.0.0.11.jopmmqq.com

127.0.0.1171817.171817.com

127.0.0.1d2.llsging.com

127.0.0.1down.malasc.cn

127.0.0.1llboss.com

127.0.0.1nx.51ylb.cn

127.0.0.1my.531jx.cn

127.0.0.1qqq.dzydhx.com

127.0.0.1qqq.hao1658.com

127.0.0.1

127.0.0.1down.18dd.net

127.0.0.1up.22x44.com

==================================

进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 976, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 612, C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1480, C:\WINDOWS\VMSNAP3.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1488, C:\WINDOWS\DOMINO.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 1772, D:\CFC_49590\CAMFROG VIDEO CHAT\CAMFROG VIDEO CHAT.EXE]

特殊特权被允许： SeDebugPrivilege [PID = 2808, C:\PROGRA~1\360SAFE\SAFEMON\360TRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 2808, C:\PROGRA~1\360SAFE\SAFEMON\360TRAY.EXE]

特殊特权被允许： SeLoadDriverPrivilege [PID = 4064, D:\MX_1.6.2.60CN\MAXTHON_1.6.2.60CN\MAXTHON\MAXTHON.EXE]

==================================

API HOOK

N/A

==================================

隐藏进程

N/A

==================================

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-22473-1.html