firefox3 发表于 2012-12-16 18:22 
你用sreng扫描一下看看
[CODE]
2012-12-16,18:32:06
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<Process Hacker 2><"C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide> [wj32]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher]
<VMware User Process><"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr> [(Verified)VMware, Inc.]
<@OnlineArmor GUI><"C:\Program Files\Online Armor\OAui.exe"> [(Verified)Emsisoft GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{4F07DA45-8170-4859-9B5F-037EF2970034}><C:\PROGRA~1\ONLINE~2\oaevent.dll> [(Verified)Emsisoft GmbH]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
<WinlogonNotify: TPSvc><TPSvc.dll> [(Verified)Cortado AG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
<WinlogonNotify: VMUpgradeAtShutdown><VMUpgradeAtShutdownWXP.dll> [(Verified)VMware, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
[runctf]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\runctf.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><N>
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Online Armor Helper Service / OAcat][Running/Auto Start]
<"C:\Program Files\Online Armor\OAcat.exe"><Emsisoft GmbH>
[Online Armor / SvcOnlineArmor][Running/Auto Start]
<C:\Program Files\Online Armor\oasrv.exe><Emsisoft GmbH>
[TP AutoConnect Service / TPAutoConnSvc][Running/Manual Start]
<"C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe"><Cortado AG>
[TP VC Gateway Service / TPVCGateway][Stopped/Manual Start]
<"C:\Program Files\VMware\VMware Tools\TPVCGateway.exe"><Cortado AG>
[VMware Tools / VMTools][Running/Auto Start]
<"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"><VMware, Inc.>
[VMware 物理磁盘助手服务 / VMware Physical Disk Helper Service][Running/Auto Start]
<"C:\Program Files\VMware\VMware Tools\vmacthlp.exe"><VMware, Inc.>
==================================
驱动程序
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
<system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[OADriver / OADevice][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\OADriver.sys><N/A>
[Online Armor helper driver / oahlpXX][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oahlp32.sys><N/A>
[OAmon / OAmon][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\OAmon.sys><Emsisoft>
[OAnet / OAnet][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\OAnet.sys><Emsisoft>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
<system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[VMware VMCI Bus Driver / vmci][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\vmci.sys><VMware, Inc.>
[VMware Host Guest Client 重新定向器 / vmhgfs][Running/System Start]
<system32\drivers\vmhgfs.sys><VMware, Inc.>
[内存控制驱动程序 / VMMEMCTL][Running/Auto Start]
<\??\C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys><VMware, Inc.>
[VMware Pointing Device / vmmouse][Running/Manual Start]
<system32\DRIVERS\vmmouse.sys><VMware, Inc.>
[VMware Storage Controller Driver / vmscsi][Running/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[VMware USB Pointing Device / vmusbmouse][Running/Manual Start]
<system32\DRIVERS\vmusbmouse.sys><VMware, Inc.>
[VMware Ethernet Adapter Driver / vmxnet][Running/Manual Start]
<system32\DRIVERS\vmxnet.sys><VMware, Inc.>
[vmx_svga / vmx_svga][Running/Manual Start]
<system32\DRIVERS\vmx_svga.sys><VMware, Inc.>
[vSockets Driver / vsock][Running/Boot Start]
<\SystemRoot\system32\drivers\vsock.sys><VMware, Inc.>
[KProcessHacker2 / KProcessHacker2][Running/Disabled]
<\??\C:\Program Files\Process Hacker 2\kprocesshacker.sys><wj32>
\
入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x71AAFF42)
则么看呢,不会分析啊 |
楼主: firefox3
[复制链接]
楼主
发表于 2012-12-16 18:36:57
然后重启看看