-
sreng报告分析/acpidisk.sys
2008-03-30 00:22:24
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<zuoyue><C:\WINDOWS\system32\inf\svch0st.exe C:\WINDOWS\system32\lwizysys16_080324.dll start> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> []
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{c12b53ac-ba76-4993-9d41-7eae5fdf9208}><C:\WINDOWS\system32\ayKAEKAE1056.dll> []
<{7a170d6e-7afb-4596-8252-f6606c0c594e}><C:\WINDOWS\system32\ayCBDCBD1046.dll> []
<{6c15c2d7-e36e-4077-bbe3-2efd193e6aa1}><C:\WINDOWS\system32\ayEZZEZZ1042.dll> []
<{9bd1d99c-d041-45ff-b34d-04ced2e505f7}><C:\WINDOWS\system32\ayNNBNNB1044.dll> []
<{a1fce912-3517-41d0-b809-16a255470bb4}><C:\WINDOWS\system32\ayDABDAB1057.dll> []
<{b4d47a00-9d9c-4272-96e1-620385045b02}><C:\WINDOWS\system32\aySADSAD1032.dll> []
<{08443b98-2313-4616-9080-7c886e965ca6}><C:\WINDOWS\system32\ayHADHAD1058.dll> []
<{84ef1e59-5ecd-4418-b28f-53cd96611a6f}><C:\WINDOWS\system32\ayQACQAC1029.dll> []
<{D29DCEE0-457B-45A2-A92D-741B95B7723B}><C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[portablemsi / portablemsi][Stopped/Auto Start]
<C:\WINDOWS\system32\tcpip.exe><N/A>
==================================
驱动程序
[aeaudio / aeaudio][Stopped/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[pop / pop][Running/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Stopped/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Intel(R) Graphics Platform. (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
==================================
浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[]
{C5E87A05-F463-4841-B19E-DD3EC3862368} <C:\Program Files\Internet Explorer\IEXPLORE32.Sys, N/A>
[]
{D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://tomatolei.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[]
{C5E87A05-F463-4841-B19E-DD3EC3862368} <C:\Program Files\Internet Explorer\IEXPLORE32.Sys, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[]
{D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\winlib .dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 864 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Oracle\Bin\oci.dll] [Oracle Corporation, 8.1.7.0.0]
[PID: 920 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 988 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1164 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1324 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 1836 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 244 / Administrator][C:\WINDOWS\Explorer.EXE] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\WINDOWS\system32\portablemsi.dll] [N/A, ]
[C:\WINDOWS\system32\urls.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[C:\WINDOWS\system32\ayKAEKAE1056.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1046.dll] [N/A, ]
[C:\WINDOWS\system32\ayEZZEZZ1042.dll] [N/A, ]
[C:\WINDOWS\system32\ayNNBNNB1044.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1057.dll] [N/A, ]
[C:\WINDOWS\system32\aySADSAD1032.dll] [N/A, ]
[C:\WINDOWS\system32\ayHADHAD1058.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1029.dll] [N/A, ]
[PID: 420 / Administrator][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1532 / Administrator][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\PROGRA~1\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1448 / Administrator][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3,0,0,2082]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1636 / Administrator][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1624 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.28]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1712 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 276 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[PID: 1816 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 160 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 3608 / Administrator][C:\PROGRA~1\wnwb2005\wnwb.exe] [深圳世强软件开发部 www.wnwb.com , 2005, 11, 19, 1]
[C:\PROGRA~1\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 3044 / Administrator][C:\WINDOWS\system32\WISPTIS.EXE] [Microsoft Corporation, 1.0.2201.0 (xpsp1.020820-1800)]
[C:\Program Files\Common Files\Microsoft Shared\INK\TPCPS.DLL] [Microsoft Corporation, 1.0.2201.0 (xpsp1.020820-1800)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 2624 / Administrator][C:\HDWMS\Bin\HDMAIN.EXE] [上海海鼎信息工程股份有限公司, 1.0.0.210]
[C:\HDWMS\Bin\Vcl50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\Vclbde50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\Vcldb50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\HDPOS2.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\HDPOS.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\Vclx50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\Vclmid50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\VclSmp50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\dxEdtrD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\dxcomnD5.bpl] [Developer Express Inc., 1.2.1.0]
[C:\HDWMS\Bin\EQTLD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\ECQDBCD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\dxDBEdD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\EQGridD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\Indy50.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\dsnide50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\dcldb50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\dclstd50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\vcljpg50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\cxGridD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\cxLibraryVCLD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\dxThemeD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\cxDataD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\cxEditorsD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\cxPageControlD5.bpl] [Developer Express Inc., 2.3.13.0]
[C:\HDWMS\Bin\cxExtEditorsD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\cxExportD5.bpl] [Developer Express Inc., 6.1.0.0]
[C:\HDWMS\Bin\FABBO.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAXPBO.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAToken.bpl] [N/A, ]
[C:\HDWMS\Bin\FABUO.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\dxBarD5.bpl] [Developer Express Inc., 5.5.13.0]
[C:\HDWMS\Bin\FAXPUI.bpl] [N/A, ]
[C:\HDWMS\Bin\dxNavBarD5.bpl] [Developer Express Inc., 1.4.15.0]
[C:\HDWMS\Bin\dxGDIPlusD5.bpl] [Developer Express Inc., 1.4.15.0]
[C:\HDWMS\Bin\Gadget.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\TaskDialogPkgD5.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\vclie50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\FAMss.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\dxELibD5.bpl] [Developer Express Inc., 3.2.2.0]
[C:\HDWMS\Bin\dxsbd5.bpl] [Developer Express Inc., 5.5.13.0]
[C:\HDWMS\Bin\POSLIC4.dll] [N/A, ]
[C:\HDWMS\Bin\XCHGLIC4.dll] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\IDAPI32.DLL] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\IDR20009.DLL] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\BANTAM.DLL] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\SQLORA8.DLL] [N/A, ]
[C:\Program Files\Oracle\Bin\OCI.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\OraClient8.Dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oracore8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranls8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oravsn8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oracommon8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orageneric8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranl8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oran8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orancrypt8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranro8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orannzsbb8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranldap8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oraldapclnt8.dll] [Oracle Corporation, 8.1.5.0.0]
[C:\Program Files\Oracle\Bin\oranhost8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranoname8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orancds8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orantns8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orannds8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranms.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\oranmsp.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\ORATRACE8.dll] [N/A, ]
[C:\Program Files\Oracle\Bin\orapls8.dll] [Oracle Corporation, 8]
[C:\Program Files\Oracle\Bin\oraslax8.dll] [Oracle Corporation, 8]
[C:\Program Files\Oracle\Bin\orawtc8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\Bin\orasql8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\Program Files\Oracle\bin\orantcp8.dll] [Oracle Corporation, 8.1.7.0.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\HDWMS\Bin\FAXPRES.bpl] [, 1.0.0.0]
[C:\WINDOWS\system32\midas.dll] [Borland Software Corporation, 7.0.4.453]
[C:\HDWMS\Bin\WMBasicUI.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAEmp.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAUser.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\WMBasicBO.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\BUS.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAXPIMPL.BPL] [N/A, ]
[C:\HDWMS\Bin\dxDockingD5.bpl] [Developer Express Inc., 5.5.13.0]
[C:\HDWMS\Bin\dxBarExtItemsD5.bpl] [Developer Express Inc., 5.5.13.0]
[C:\HDWMS\Bin\WinSkinD5R.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\FAXPFLOW.BPL] [, 1.0.0.0]
[C:\HDWMS\Bin\p21TMS.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\p06ship.bpl] [, 1.0.0.0]
[C:\HDWMS\Bin\querytool.bpl] [, 1.0.0.30]
[C:\HDWMS\Bin\PrintInf.bpl] [上海海鼎信息工程股份有限公司, 1.0.0.1012]
[C:\HDWMS\Bin\FR5.bpl] [N/A, ]
[C:\HDWMS\Bin\Tee50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\FRBDE5.bpl] [N/A, ]
[C:\HDWMS\Bin\Qrpt50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\HDWMS\Bin\TeeDB50.bpl] [Inprise Corporation, 5.0.6.18]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\HDWMS\Bin\P07Return.bpl] [, 1.0.0.0]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\HDWMS\Bin\oci_c81_dll2.dll] [上海海鼎信息工程有限公司, 2.0.0.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Escp58.Dll] [Windows (R) 2000 DDK provider, 5.00.2183.1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\unires.dll] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[C:\PROGRA~1\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\Program Files\Borland\Borland Shared\BDE\IDPDX32.DLL] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\idsql32.DLL] [N/A, ]
[C:\Program Files\Borland\Borland Shared\BDE\idbat32.DLL] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 2504 / Administrator][C:\WINDOWS\system32\dllcache\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.258]
[C:\WINDOWS\system32\dllcache\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
[C:\WINDOWS\system32\dllcache\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ntshrui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ATL.DLL] [Microsoft Corporation, 3.05.2284]
[C:\WINDOWS\system32\dllcache\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\msi.dll] [Microsoft Corporation, 3.0.3790.2180]
[C:\WINDOWS\system32\dllcache\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\browselc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\WINDOWS\system32\dllcache\DUSER.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MLANG.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\dllcache\midimap.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\rapistub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\dllcache\fxsst.dll] [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\FXSAPI.dll] [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\MICROS~3\Wcesview.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\PROGRA~1\MICROS~3\pegconv.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\dllcache\SXS.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ayKAEKAE1056.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1046.dll] [N/A, ]
[C:\WINDOWS\system32\ayEZZEZZ1042.dll] [N/A, ]
[C:\WINDOWS\system32\ayNNBNNB1044.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1057.dll] [N/A, ]
[C:\WINDOWS\system32\aySADSAD1032.dll] [N/A, ]
[C:\WINDOWS\system32\ayHADHAD1058.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1029.dll] [N/A, ]
[C:\PROGRA~1\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\WINDOWS\system32\dllcache\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[C:\WINDOWS\system32\dllcache\mscms.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\system32\dllcache\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\rasman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\TAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\sensapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Eset\nodshex.dll] [N/A, ]
[PID: 2448 / Administrator][C:\PROGRA~1\MICROS~3\rapimgr.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 2532 / Administrator][C:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Microsoft ActiveSync\dtptdns.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\ayKAEKAE1056.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1046.dll] [N/A, ]
[C:\WINDOWS\system32\ayEZZEZZ1042.dll] [N/A, ]
[C:\WINDOWS\system32\ayNNBNNB1044.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1057.dll] [N/A, ]
[C:\WINDOWS\system32\aySADSAD1032.dll] [N/A, ]
[C:\WINDOWS\system32\ayHADHAD1058.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1029.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Microsoft ActiveSync\rapistub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 1204 / Administrator][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\PROGRA~1\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\KuGou\KuGou2008\wmadmod.dll] [Microsoft Corporation, 10.00.00.3646]
[C:\WINDOWS\system32\ayKAEKAE1056.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1046.dll] [N/A, ]
[C:\WINDOWS\system32\ayEZZEZZ1042.dll] [N/A, ]
[C:\WINDOWS\system32\ayNNBNNB1044.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1057.dll] [N/A, ]
[C:\WINDOWS\system32\aySADSAD1032.dll] [N/A, ]
[C:\WINDOWS\system32\ayHADHAD1058.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1029.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[PID: 3872 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2788 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1888 / Administrator][C:\WINDOWS\system32\inf\svch0st.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\lwizysys16_080324.dll] [N/A, ]
[C:\WINDOWS\system32\ayKAEKAE1056.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1046.dll] [N/A, ]
[C:\WINDOWS\system32\ayEZZEZZ1042.dll] [N/A, ]
[C:\WINDOWS\system32\ayNNBNNB1044.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1057.dll] [N/A, ]
[C:\WINDOWS\system32\aySADSAD1032.dll] [N/A, ]
[C:\WINDOWS\system32\ayHADHAD1058.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1029.dll] [N/A, ]
[PID: 2584 / Administrator][C:\WINDOWS\system32\tmpzycj1.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2640 / Administrator][C:\DOCUME~1\ADMINI~1.MY-\LOCALS~1\Temp\SkypeClient.exe] [, 1, 0, 0, 1]
[PID: 3024 / Administrator][C:\WINDOWS\system32\2008020136TestHttp.exe] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[PID: 1212 / Administrator][C:\DOCUME~1\ADMINI~1.MY-\LOCALS~1\Temp\Rar$EX02.516\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Sys] [N/A, ]
[C:\DOCUME~1\ADMINI~1.MY-\LOCALS~1\Temp\Rar$EX02.516\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.music100000.cn
127.0.0.1 www.keeppure.cn
127.0.0.1 qq.90356.com.cn
127.0.0.1 74.5460w.cn
127.0.0.1 www.qisihuisheng.net
127.0.0.1 xia.qisihuisheng.net
127.0.0.1 web.shijiediyi.net
127.0.0.1 tttt.591jx.com
127.0.0.1 picon.chinaren.com
127.0.0.1 bt.etimes888.com
127.0.0.1 www.shaohen6677.com
127.0.0.1 wellbate.com
127.0.0.1 www.beiyong1111.cn
127.0.0.1 a.topxxxx.cn
127.0.0.1 588.star-google.com
127.0.0.1 www.dj8910.com
127.0.0.1 mm.tt1890.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 ppp.749571.com
127.0.0.1 dd.749571.com
127.0.0.1 niu.xinniankl.com
127.0.0.1 xxx.haoqq1680.com
127.0.0.1 exe.xinniankl.com
127.0.0.1 the.microgood.net
127.0.0.1 iii.wzxyq.com
127.0.0.1 mm.sqmnoopt.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 keeppure.cn
127.0.0.1 aaa.1l1l1l.com
127.0.0.1 www.cfjs119.cn
127.0.0.1 cool.e0shop.cn
127.0.0.1 yun.yun878.com
127.0.0.1 web.47255.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.exiao01.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 up.22x44.com
127.0.0.1 www.music100000.cn
127.0.0.1 www.keeppure.cn
127.0.0.1 qq.90356.com.cn
127.0.0.1 74.5460w.cn
127.0.0.1 www.qisihuisheng.net
127.0.0.1 xia.qisihuisheng.net
127.0.0.1 web.shijiediyi.net
127.0.0.1 tttt.591jx.com
127.0.0.1 picon.chinaren.com
127.0.0.1 bt.etimes888.com
127.0.0.1 www.shaohen6677.com
127.0.0.1 wellbate.com
127.0.0.1 www.beiyong1111.cn
127.0.0.1 a.topxxxx.cn
127.0.0.1 588.star-google.com
127.0.0.1 www.dj8910.com
127.0.0.1 mm.tt1890.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 ppp.749571.com
127.0.0.1 dd.749571.com
127.0.0.1 niu.xinniankl.com
127.0.0.1 xxx.haoqq1680.com
127.0.0.1 exe.xinniankl.com
127.0.0.1 the.microgood.net
127.0.0.1 iii.wzxyq.com
127.0.0.1 mm.sqmnoopt.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 keeppure.cn
127.0.0.1 aaa.1l1l1l.com
127.0.0.1 www.cfjs119.cn
127.0.0.1 cool.e0shop.cn
127.0.0.1 yun.yun878.com
127.0.0.1 web.47255.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.exiao01.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 up.22x44.com
127.0.0.1 www.music100000.cn
127.0.0.1 www.keeppure.cn
127.0.0.1 qq.90356.com.cn
127.0.0.1 74.5460w.cn
127.0.0.1 www.qisihuisheng.net
127.0.0.1 xia.qisihuisheng.net
127.0.0.1 web.shijiediyi.net
127.0.0.1 tttt.591jx.com
127.0.0.1 picon.chinaren.com
127.0.0.1 bt.etimes888.com
127.0.0.1 www.shaohen6677.com
127.0.0.1 wellbate.com
127.0.0.1 www.beiyong1111.cn
127.0.0.1 a.topxxxx.cn
127.0.0.1 588.star-google.com
127.0.0.1 www.dj8910.com
127.0.0.1 mm.tt1890.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 ppp.749571.com
127.0.0.1 dd.749571.com
127.0.0.1 niu.xinniankl.com
127.0.0.1 xxx.haoqq1680.com
127.0.0.1 exe.xinniankl.com
127.0.0.1 the.microgood.net
127.0.0.1 iii.wzxyq.com
127.0.0.1 mm.sqmnoopt.com
127.0.0.1 ppp.buyaoni.com
127.0.0.1 keeppure.cn
127.0.0.1 aaa.1l1l1l.com
127.0.0.1 www.cfjs119.cn
127.0.0.1 cool.e0shop.cn
127.0.0.1 yun.yun878.com
127.0.0.1 web.47255.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.exiao01.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 up.22x44.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 244, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1532, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1624, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3608, C:\PROGRA~1\WNWB2005\WNWB.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3044, C:\WINDOWS\SYSTEM32\WISPTIS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2624, C:\HDWMS\BIN\HDMAIN.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2640, C:\DOCUME~1\ADMINI~1.MY-\LOCALS~1\TEMP\SKYPECLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2640, C:\DOCUME~1\ADMINI~1.MY-\LOCALS~1\TEMP\SKYPECLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3024, C:\WINDOWS\SYSTEM32\2008020136TESTHTTP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3024, C:\WINDOWS\SYSTEM32\2008020136TESTHTTP.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================红桃jacker分析:
启动项目注册表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{c12b53ac-ba76-4993-9d41-7eae5fdf9208}><C:\WINDOWS\system32\ayKAEKAE1056.dll> []
<{7a170d6e-7afb-4596-8252-f6606c0c594e}><C:\WINDOWS\system32\ayCBDCBD1046.dll> []
<{6c15c2d7-e36e-4077-bbe3-2efd193e6aa1}><C:\WINDOWS\system32\ayEZZEZZ1042.dll> []
<{9bd1d99c-d041-45ff-b34d-04ced2e505f7}><C:\WINDOWS\system32\ayNNBNNB1044.dll> []
<{a1fce912-3517-41d0-b809-16a255470bb4}><C:\WINDOWS\system32\ayDABDAB1057.dll> []
<{b4d47a00-9d9c-4272-96e1-620385045b02}><C:\WINDOWS\system32\aySADSAD1032.dll> []
<{08443b98-2313-4616-9080-7c886e965ca6}><C:\WINDOWS\system32\ayHADHAD1058.dll> []
禁止启动,借助删除工具删除这些文件,icesword或者费尔的删除工具
服务
[portablemsi / portablemsi][Stopped/Auto Start]
<C:\WINDOWS\system32\tcpip.exe><N/A>
好像是木马下载器//关闭服务,删除文件
驱动程序:
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
直接用sreng关闭这个驱动,然后借助工具删除文件
[pop / pop][Running/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
机器狗变种,找专杀扫描一下 -
鸽子资料
2007-06-29 19:54:31
找朋友要了个新的鸽子,自己运行后,发现下面情况出现:
1 任务管理器打开,进程空白
2 添加服务/服务名称应该是牧马人随意取名 本人xp安装在d盘
[Windows XP Vista / Windows XP Vista ][Stopped/Auto Start]
<D:\WINDOWS\com.cn.ini><N/A>
3更改关联
文件关联
.TXT Error. [D:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [D:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
处理方法:
关闭服务,
删除文件
修复关联 -
记录一下
2006-07-17 19:40:16
O23 - NT 服务: Grayasd - Unknown owner - C:\WINDOWS\windoxz.exe
