注册 登录
编程论坛 Windows论坛

[求助] 中病毒了 360开不了了!

gqjian 发布于 2007-11-13 09:37, 1176 次点击

[CODE]

2007-11-13,08:44:14

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<hoqvmido><D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu> [N/A]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [中国互联网信息中心(CNNIC)]
<Vmlist><regsvr32 /s apphelps.dll> [N/A]
<360Safetray><; > [N/A]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<P2POver><; > [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<Thunder><; "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<zaqxga09><%systemroot%\system32\Rundll32.exe %systemroot%\system32\zaqxga09.dll DllUnregisterServer> [N/A]
<upsf><%systemroot%\system32\regsvr32.exe /s %systemroot%\system32\ipst.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache / Apache][Stopped/Auto Start]
<"D:\usr\local\apache\Apache.exe" --ntservice><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Symantec Quarantine Agent / IcePack][Running/Auto Start]
<D:\PROGRA~1\Symantec\QUARAN~1\Server\IcePack.exe><IBM Corp.>
[Intel Alert Handler / Intel Alert Handler][Running/Auto Start]
<C:\WINDOWS\system32\ams_ii\hndlrsvc.exe><Intel? Corporation>
[Intel Alert Originator / Intel Alert Originator][Stopped/Auto Start]
<C:\WINDOWS\system32\ams_ii\iao.exe><Intel? Corporation>
[Intel File Transfer / Intel File Transfer][Stopped/Auto Start]
<C:\WINDOWS\system32\cba\xfr.exe><Intel? Corporation>
[Intel PDS / Intel PDS][Running/Auto Start]
<C:\WINDOWS\system32\CBA\pds.exe><Intel? Corporation>
[IPRIP / IPRIP][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\icpb.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Symantec Central Quarantine / qserver][Running/Auto Start]
<D:\PROGRA~1\Symantec\QUARAN~1\Server\qserver.exe><Symantec Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Symantec Quarantine Scanner / ScanExplicit][Running/Auto Start]
<D:\PROGRA~1\Symantec\QUARAN~1\Server\ScanExplicit.exe><IBM Corp.>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><奇虎网>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071112.017\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071112.017\navex15.sys><Symantec Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/Auto Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><N/A>
[ups / upsf][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\upsf.sys><N/A>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
<system32\DRIVERS\vmnetadapter.sys><N/A>
[zaqxga0 / zaqxga09][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\zaqxga09.sys><N/A>

==================================
浏览器加载项
[sosHlpr Class]
{00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\ipst.dll, Microsoft Corporation>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360safe\live.dll, 360safe.com>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.36.60.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent-31\AddEmotion.htm, N/A>

==================================

2 回复
#2
gqjian2007-11-13 09:38
正在运行的进程
[PID: 324 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 372 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 396 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\winlib .dll] [N/A, ]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 9.0.0.338]
[PID: 440 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 452 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 668 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 812 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 840 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[c:\windows\system32\icpb.dll] [N/A, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\WINDOWS\system32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1288 / SYSTEM][C:\WINDOWS\system32\certsrv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1536 / SYSTEM][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 9.0.0.338]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1648 / SYSTEM][C:\WINDOWS\System32\dns.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1660 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1716 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)]
[PID: 1740 / SYSTEM][C:\WINDOWS\system32\CBA\pds.exe] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\loc32vc0.dll] [Intel, 3, 0, 0, 2]
[C:\WINDOWS\system32\CSL.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\CSSM32s.dll] [Intel Corporation, 1, 1, 2, 3]
[PID: 1808 / SYSTEM][C:\WINDOWS\System32\ismserv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1872 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 1916 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2004 / SYSTEM][D:\PROGRA~1\Symantec\QUARAN~1\Server\qserver.exe] [Symantec Corporation, 3.03.00.00]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\NAVAPI32.DLL] [Symantec Corp., 4.2.0.8]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\qspak32.dll] [Symantec Corporation, 9.0.0.318]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\IcePackTokens.dll] [Symantec Corporation, 3.03.00.00]
[C:\WINDOWS\system32\amslib.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\loc32vc0.dll] [Intel, 3, 0, 0, 2]
[D:\Program Files\Symantec\Quarantine\Server\qserverps.dll] [N/A, ]
[PID: 2040 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2056 / SYSTEM][D:\PROGRA~1\Symantec\QUARAN~1\Server\ScanExplicit.exe] [IBM Corp., Version "4.0" (build "400.259")]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\AVIScommon.dll] [N/A, ]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\NAVAPI32.DLL] [Symantec Corp., 4.2.0.8]
[PID: 2060 / SYSTEM][C:\WINDOWS\system32\MsgSys.EXE] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTSU2T.DLL] [Intel Corporation, 6.12.0.0000 E]
[PID: 2200 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 9.0.0.338]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec AntiVirus\ecmldr32.DLL] [Symantec Corp., 1.1.0.3]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec AntiVirus\DecSDK.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2ID.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2SS.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll] [Symantec Corporation, 3.02.11.32]
[C:\WINDOWS\system32\amslib.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\loc32vc0.dll] [Intel, 3, 0, 0, 2]
[C:\Program Files\Symantec AntiVirus\Dec2CAB.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2LHA.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2LZ.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2AMG.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2TAR.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2RTF.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec AntiVirus\Dec2Text.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 9.0.0.338]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071112.017\ecmsvr32.dll] [Symantec Corporation, 71.3.0.25]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071112.017\NAVEX32a.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071112.017\NAVENG32.DLL] [Symantec Corporation, 20071.3.0.24]
[PID: 2276 / SYSTEM][C:\WINDOWS\system32\tcpsvcs.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2372 / SYSTEM][D:\PROGRA~1\Symantec\QUARAN~1\Server\IcePack.exe] [IBM Corp., Version "4.0" (build "400.259")]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\AVIScommon.dll] [N/A, ]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\AVISFile.dll] [N/A, ]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\IcePackAgentComm.dll] [IBM Corp., Version "4.0" (build "400.259")]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\VDBUnpacker.dll] [IBM Corp., Version "4.0" (build "400.259")]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\DecSDK.dll] [Symantec Corporation, 3.01.07.16]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\Dec2.dll] [Symantec Corporation, 3.01.07.16]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\STPDC32I.DLL] [N/A, ]
[D:\PROGRA~1\Symantec\QUARAN~1\Server\DefCast.dll] [Symantec Corporation, 9.0.0.318]
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 9.0.0.338]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E]
[D:\Program Files\Symantec\Quarantine\Server\qserverps.dll] [N/A, ]
[PID: 2500 / SYSTEM][C:\WINDOWS\system32\ams_ii\hndlrsvc.exe] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\AMSLIB.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\loc32vc0.dll] [Intel, 3, 0, 0, 2]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\bcsthndl.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\itmlhndl.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\msbxhndl.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\pagehndl.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\prgxhndl.dll] [Intel? Corporation, 6.12.0.112 E]
[C:\WINDOWS\system32\ams_ii\ntelhndl.dll] [Intel? Corporation, 6.12.0.112 E]
[PID: 2680 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3176 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3436 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 196 / administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9136]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9136]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 9.0.0.338]
[D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 356 / administrator][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 9.0.0.338]
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 9.0.0.338]
#3
gqjian2007-11-13 09:38
[PID: 776 / administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 160 / administrator][D:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 6, 2, 60]
[D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1022.00 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[PID: 944 / administrator][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.4.401]
[D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 38]
[D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 19, 2, 180]
[D:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[D:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 19, 2, 180]
[D:\Program Files\Thunder Network\Thunder\Program\streammedialib.dll] [, 1, 2, 0, 78]
[D:\Program Files\Thunder Network\Thunder\Program\al.dll] [, 1, 0, 1, 1]
[D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
[D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 7, 25]
[D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 34]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [ , 1, 0, 1, 23]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed14.dll] [Thunder Networking Technologies,LTD, 3, 4, 5, 98]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 1, 1, 28]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\XLNet.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [N/A, ]
[D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 4, 2, 0]
[D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 61]
[D:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66]
[D:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Thunder Network\Thunder\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66]
[D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 19]
[D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 56]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\ThunderKAV.dll] [深圳市迅雷网络技术有限公司, 1, 0, 5, 28]
[D:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
[D:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
[D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 16]
[D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 8, 93]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [XunLei, 2, 3, 0, 28]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 2, 3, 0, 28]
[D:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 24]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 20]
[D:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [深圳市迅雷网络技术有限公司, 1, 3, 1, 4]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\bin\kave.dll] [Kaspersky Lab., 5, 0, 0, 62]
[PID: 3392 / administrator][D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\bin\ScanningProcess.exe] [N/A, ]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\bin\prloader.dll] [Kaspersky Lab, 6.0.1.305]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKAV\bin\prkernel.ppl] [Kaspersky Lab, 6.0.1.305]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\prefetch.ppl] [Kaspersky Labs, 1, 0, 0, 56]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\avpmgr.ppl] [Kaspersky Lab, 6.0.1.305]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\wdiskio.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\nfio.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\avlib.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\dtreg.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\prutil.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\avp1.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\l_llio.ppl] [Kaspersky Labs, 6.0.9.75]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\ichstrms.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\hashcont.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\hccmp.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\uniarc.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\minizip.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\cab.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\arj.ppl] [Kaspersky Lab, 6.0.0.16]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\rar.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\mdb.ppl] [Kaspersky Lab, 6.0.0.300]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (srv03_rtm.030324-2048)]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\msoe.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\tempfile.ppl] [Kaspersky Lab, 6.0.0.276]
[d:\program files\thunder network\thunder\plugins\xlsafehost\thunderkav\bin\iwgen.ppl] [Kaspersky Lab, 6.0.0.276]
[PID: 688 / administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3832 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 4076 / administrator][C:\Program Files\OCINS\idnsvr.exe] [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[C:\Program Files\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[PID: 3564 / administrator][C:\Program Files\WinRAR\WinRAR.exe] [Eugene Roshal, 3.30]
[PID: 1168 / administrator][D:\TEMP\Rar$EX00.922\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[D:\TEMP\Rar$EX00.922\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许: SeSystemtimePrivilege [PID = 1740, C:\WINDOWS\SYSTEM32\CBA\PDS.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 160, D:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 944, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 944, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3392, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PLUGINS\XLSAFEHOST\THUNDERKAV\BIN\SCANNINGPROCESS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3392, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PLUGINS\XLSAFEHOST\THUNDERKAV\BIN\SCANNINGPROCESS.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
1
©2025, BC-CN.NET
电脑版