- 2014-04-20,11:03:07
- System Repair Engineer 2.8.4.1331
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- Winsock 提供者
- 计划任务
- API HOOK
- 隐藏进程
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <CCBCertificate><C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe> [(Verified)Beijing Daming Wuzhou Science & Technology Co.,Ltd.]
- <USBKeyTools.exe><C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe> [(Verified)BeiJing HuaDa ZhiBao Electronic System CO., LTD.]
- <KSafeTray><"c:\program files\ksafe\KSafeTray.exe" -autorun> [(Verified)Kingsoft Security Co.,Ltd]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
- <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
- <WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
- <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
- <UPnPMonitor><C:\WINDOWS\system32\upnpui.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
- <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
- <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
- <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
- <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
- <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
- <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
- <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
- <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
- <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
- <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
- <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
- <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
- <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
- <Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
- <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
- <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
- <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [Alipay security service / AlipaySecSvc][Running/Auto Start]
- <"C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe"><Alipay Inc.>
- [ASP.NET State Service / aspnet_state][Stopped/Manual Start]
- <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><(File is missing)>
- [CrossLoop Service / CrossLoopService][Stopped/Manual Start]
- <"C:\Documents and Settings\chengbaoren\Local Settings\Application Data\CrossLoop\CrossLoopService.exe" --service><CrossLoop>
- [Cisco Systems, Inc. VPN Service / CVPND][Running/Auto Start]
- <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
- [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
- [HDZB Comm Service For V3.0 / HZ_CommSrv][Running/Auto Start]
- <C:\WINDOWS\system32\HZ_CommSrv.exe><华大智宝电子系统有限公司>
- [ICBC Daemon Service / ICBC Daemon Service][Stopped/Manual Start]
- <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe><N/A>
- [IconMan_R / IconMan_R][Running/Auto Start]
- <"C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"><Realsil Microelectronics Inc.>
- [KSafe service / KSafeSvc][Stopped/Auto Start]
- <"c:\program files\ksafe\KSafeSvc.exe" -svc><Kingsoft Corporation>
- [METrsptSvr / METrsptSvr][Stopped/Manual Start]
- <C:\WINDOWS\system32\svchost -k "METrsptSvr"-->C:\Documents and Settings\All Users\Application Data\Thunder Network\DeviceTips\Program\METrsptSvr.dll><N/A>
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
- <><(File is missing)>
- [Hillstone Secure Connect / SecureConnect][Running/Auto Start]
- <"C:\Program Files\Hillstone\Hillstone Secure Connect\bin\SSLChannel.exe" -s control><Hillstone Networks>
- [TightVNC Server / tvnserver][Stopped/Manual Start]
- <"C:\Documents and Settings\chengbaoren\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service><GlavSoft LLC.>
- [WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start]
- <C:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe><Beijing WatchData System Co., Ltd.>
- ==================================
- 驱动程序
- [Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
- <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
- [Ambfilt / Ambfilt][Stopped/Manual Start]
- <system32\drivers\Ambfilt.sys><Creative>
- [BAPIDRV / BAPIDRV][Running/System Start]
- <system32\DRIVERS\BAPIDRV.sys><360.cn>
- [BC / BC][Running/Boot Start]
- <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
- [bd0001 / bd0001][Stopped/System Start]
- <system32\DRIVERS\bd0001.sys><N/A>
- [bd0004 / bd0004][Stopped/System Start]
- <system32\DRIVERS\bd0004.sys><N/A>
- [BDMWrench / BDMWrench][Stopped/System Start]
- <system32\DRIVERS\BDMWrench.sys><N/A>
- [WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
- <System32\Drivers\btwusb.sys><Broadcom Corporation.>
- [Cisco Systems VPN Adapter / CVirtA][Stopped/Manual Start]
- <system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
- [Cisco Systems Inc. IPSec Driver / CVPNDRVA][Running/Auto Start]
- <\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
- [Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
- <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
- [Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
- <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
- [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
- <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
- [HUAWEI USB-NDIS miniport / ewusbnet][Stopped/Manual Start]
- <system32\DRIVERS\ewusbnet.sys><Huawei Technologies Co., Ltd.>
- [Huawei MobileBroadband USB PNP Device / ew_hwusbdev][Stopped/Manual Start]
- <system32\DRIVERS\ew_hwusbdev.sys><Huawei Technologies Co., Ltd.>
- [EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) / FPSensor][Running/Auto Start]
- <System32\Drivers\FPSensor.sys><EgisTec>
- [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
- <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
- [Intel(R) Management Engine Interface / HECI][Running/Manual Start]
- <system32\DRIVERS\HECI.sys><Intel Corporation>
- [Hillstone Virtual Network Adapter / hssvc][Running/Manual Start]
- <system32\DRIVERS\hssvc.sys><Hillstone Network>
- [huawei_enumerator / huawei_enumerator][Running/Manual Start]
- <system32\DRIVERS\ew_jubusenum.sys><Huawei Technologies Co., Ltd.>
- [Huawei DataCard USB Modem and USB Serial / hwdatacard][Stopped/Manual Start]
- <system32\DRIVERS\ewusbmdm.sys><Huawei Technologies Co., Ltd.>
- [ialm / ialm][Running/Manual Start]
- <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
- [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
- <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
- [英特尔(R) 显示器音频 / IntcDAud][Running/Manual Start]
- <system32\DRIVERS\IntcDAud.sys><Intel(R) Corporation>
- [kmodurl / kmodurl][Running/System Start]
- <\??\c:\program files\ksafe\kmodurlxp.sys><Kingsoft Corporation>
- [ksafebootsafe / ksafebootsafe][Running/Boot Start]
- <\SystemRoot\system32\Drivers\ksafebootsafe.sys><Kingsoft Corporation>
- [ksapi / ksapi][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\ksapi.sys><Kingsoft Corporation>
- [NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller / L1c][Running/Manual Start]
- <system32\DRIVERS\l1c51x86.sys><Atheros Communications, Inc.>
- [Monfilt / Monfilt][Stopped/Manual Start]
- <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
- [___ Intel(R) Wireless WiFi Link 5000 系列适配器驱动程序(适用于 Windows XP 32 位) / NETwNx32][Running/Manual Start]
- <system32\DRIVERS\NETwNx32.sys><Intel Corporation>
- [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
- <system32\drivers\npf.sys><CACE Technologies>
- [PassGuard / PassGuard][Running/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\PassGuard.sys><>
- [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
- <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
- [Protector / Protector][Running/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\Protector.sys><www.ISRA.org.cn>
- [ProtectorA / ProtectorA][Running/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><www.ISRA.org.cn>
- [NEC Note Keyboard with One-touch start buttons / Ps2Led][Stopped/Manual Start]
- <system32\DRIVERS\Ps2Led.sys><NEC Corporation>
- [Ps2LedIF / Ps2LedIF][Running/System Start]
- <\SystemRoot\system32\drivers\ps2ledif.sys><NEC Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [QQProtect / QQProtect][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\QQProtect.sys><Tencent>
- [RtsUStor.Sys Realtek USB Card Reader / RSUSBSTOR][Running/Manual Start]
- <System32\Drivers\RtsUStor.sys><Realtek Semiconductor Corp.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
- [SATALink driver accelerator / SiFilter][Stopped/Disabled]
- <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
- [TCP/IP Protocol Driver / Tcpip][Running/System Start]
- <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
- [TesSafe / TesSafe][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
- [viamraid / viamraid][Stopped/Boot Start]
- <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
- [vsdatant / vsdatant][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\vsdatant.sys><Zone Labs, LLC>
- ==================================
- 浏览器加载项
- [迅雷下载支持组件]
- {DE05CF4A-7B0A-4775-B5E5-396244938679} <C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll, (Signed) 深圳市迅雷网络技术有限公司>
- []
- {3ABECEEC-DD81-4511-A7FD-B3B657B64892} <, >
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash32_13_0_0_182.ocx, (Signed) Adobe Systems, Inc.>
- []
- {00000ADA-7E0D-47C1-986C-F017D09C4304} <, >
- []
- {000DA090-57AA-424B-A8F0-621B7C08B8F4} <, >
- []
- {08D512D2-7D97-4E22-B7DB-82791106C086} <, >
- [Edit Class]
- {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
- [UPEditorCtrl Class]
- {0E48410F-D1B8-472A-85DB-27F3D77284CE} <C:\WINDOWS\system32\UPEdit\UPEditor.dll, (Signed) 中国银联股份有限公司>
- []
- {0F4BF955-A127-41B7-A998-369904AA2578} <, >
- []
- {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <, >
- [iTrusPTA Class]
- {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\3.7.0.0\pta.dll, (Signed) iTruschina Co., Ltd.>
- []
- {1E525898-EE12-4002-9374-82D15147F762} <, >
- [迅雷下载支持事件]
- {1E935CBE-2951-48FE-93C8-4B7F1E5AA14E} <C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [InfoScan Control]
- {1F14548F-6975-40F1-AE24-6E2D1D449B2F} <C:\PROGRA~1\CCBCOM~1\Detector\InfoScan.dll, (Signed) CCB>
- [Windows Media Player]
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
- []
- {23A860E9-0C41-4E01-9206-D3FC0E413645} <, >
- [HTML Document]
- {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
- []
- {25C68603-9497-45fd-998B-A8D80B8FC591} <, >
- [DHTML Edit Control Safe for Scripting for IE5]
- {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
- []
- {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} <, >
- []
- {3AA9CF07-DF20-48FF-98BE-DED276E40146} <, >
- []
- {42839A31-E8DC-4A54-A43B-95BF52DE8125} <, >
- [Agent Class]
- {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent7.9.20.4754.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [EditCtrl Class]
- {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\3.7.0.0\aliedit.dll, (Signed) >
- []
- {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <, >
- [Shell Name Space]
- {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
- []
- {5D578929-E74E-46A2-A810-4F33D011DC52} <, >
- []
- {5EF7B131-C278-4034-BC88-2CE28B128681} <, >
- [CAntiVersion Object]
- {5EFE0AA6-B28B-41BD-9B3C-02AA3F79EA9A} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\AntiPhishingVer.dll, (Signed) 中国工商银行>
- [Windows Media Player]
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
- []
- {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <, >
- [SecCheck Class]
- {6EAAD146-39C4-4F5C-A0A7-DAA160ABD907} <C:\Program Files\alipay\AlipayDHC\1.1.0.0\npAlipaydhc.dll, (Signed) Alipay.com Inc. >
- []
- {6EE9CD3E-A386-4DAE-9737-A759DBF927AE} <, >
- []
- {70425897-213B-4a9a-943B-2EEFB2124E35} <, >
- [AxInputControl Class]
- {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\InputControl.dll, (Signed) >
- [BOC ProcessProtect Class]
- {776B71E2-B4CC-4C94-BC7C-09103AA690B6} <C:\WINDOWS\system32\ProcessProtection.dll, (Signed) www.nitsc.cn>
- [CertEnroll Class]
- {7978461C-CC22-48F2-BC69-02220D3E101D} <C:\WINDOWS\system32\aliedit\3.7.0.0\itrusenroll.dll, (Signed) iTruschina Co., Ltd.>
- []
- {7CCE07A5-A590-4554-B5C3-082840D7012E} <, >
- []
- {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <, >
- []
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <, >
- []
- {876D0712-C780-4347-B56D-C30C520033C5} <, >
- [Microsoft Web Browser]
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
- []
- {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
- [XML DOM Document 6.0]
- {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
- [XML HTTP 6.0]
- {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
- [AxSubmitControl Class]
- {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SubmitControl.dll, (Signed) >
- [SecCtrl Class]
- {8EB7C6CB-2DA6-4ABE-B2EA-EAC5A372E757} <C:\WINDOWS\system32\aliedit\3.7.0.0\npAliSecCtrl.dll, (Signed) Alipay.com Inc. >
- []
- {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
- []
- {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} <, >
- []
- {96CD6DA7-17F2-4576-82B0-BE4526FB7D6B} <, >
- [OFrameObject Class]
- {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7201.438.(799).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
- []
- {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <, >
- []
- {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9C} <, >
- []
- {A8502600-B272-4F68-A67B-A0305D46D297} <, >
- [APlayer3 Control]
- {A9332148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Documents and Settings\All Users\Application Data\Thunder Network\APlayer\APlayer_3.6.0.665.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
- [RMGetLicense Class]
- {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
- [DapCtrl Class]
- {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.7201.438.(799).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
- []
- {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F9} <, >
- []
- {AE7CD045-E861-484F-8273-0445EE161910} <, >
- []
- {B126AFB6-E324-1D10-304C-07111FBBD9AE} <, >
- [KeyCode Control]
- {B1CE16C6-EE96-44D0-8866-654C5536F810} <C:\PROGRA~1\CCBCOM~1\Detector\CCBENC~1.OCX, (Signed) CCB>
- []
- {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <, >
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
- []
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
- []
- {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <, >
- [InfosecCCBNetSign Class]
- {BC96F5A4-C930-4226-ADAB-59349AE585E9} <C:\WINDOWS\system32\CCBNetSignCom.dll, (Signed) Infosec Technologies Co., Ltd.>
- []
- {C09B2F68-1429-BDB7-EE59-6674248D7375} <, >
- []
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <, >
- [AUDIO__MP3 Moniker Class]
- {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
- [VIDEO__X_MS_WMV Moniker Class]
- {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
- []
- {CD764F38-0DF4-44BE-9D55-0AAAC36D5FBB} <, >
- [WDCCBCtrl Class]
- {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\WINDOWS\system32\wdccb.dll, (Signed) >
- [Microsoft Url Search Hook]
- {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash32_13_0_0_182.ocx, (Signed) Adobe Systems, Inc.>
- []
- {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} <, >
- [InstallHelper Class]
- {DAEB1ABC-48F1-4bb8-82E8-0DAC468F35A4} <C:\Program Files\Tencent\QQmusic\QQMusicInstall\QQMusicMMInstaller.dll, (Signed) Tencent>
- [xoliimpl Class]
- {DD5BF6D1-6663-47E0-9DFA-5C343CAF178E} <C:\WINDOWS\xinstaller.dll, (Signed) 深圳市迅雷技术有限公司>
- [AccountProtectBHO Class]
- {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} <C:\Documents and Settings\chengbaoren\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll, (Signed) Tencent>
- [迅雷下载支持组件]
- {DE05CF4A-7B0A-4775-B5E5-396244938679} <C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [PlayerCtrl Class]
- {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.dll, (Signed) Tencent>
- []
- {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
- [BOC Edit Class]
- {E61E8363-041F-455C-8AD0-8A61F1D8E540} <C:\WINDOWS\system32\KeyboardProtection.dll, (Signed) www.nitsc.cn>
- []
- {E758BC30-C8C3-4379-B27B-B50E146460A9} <, >
- [XML HTTP Request]
- {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
- [PPLive Lite Class]
- {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\Internet Explorer\PPLite\plugin\pplugin2.dll, (Signed) >
- []
- {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <, >
- []
- {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
- [XML HTTP]
- {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
- []
- {F7E55BDF-9528-46ba-B550-777859627591} <, >
- []
- {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
- [webmod Class]
- {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <C:\WINDOWS\system32\aliedit\3.7.0.0\alidcp.dll, (Signed) Alipay.com Co.,Ltd>
- [&使用&迅雷下载]
- <C:\Program Files\Thunder Network\Thunder\BHO\\GetUrl.htm, N/A>
- [&使用&迅雷下载全部链接]
- <C:\Program Files\Thunder Network\Thunder\BHO\\GetAllUrl.htm, N/A>
- [&使用&迅雷离线下载]
- <C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm, N/A>
- [使用迅雷看看播放器播放]
- <C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm, N/A>
- [添加当前页到迅雷看看播放器标签]
- <C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 872 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [PID: 1644 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [PID: 1668 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1712 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
- [PID: 1724 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 2016 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 132 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 364 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 396 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 788 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 220 / SYSTEM][C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe] [Alipay Inc. , 1, 0, 41, 0]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 332 / SYSTEM][C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe] [Cisco Systems, Inc., 5.0.04.0300]
- [C:\WINDOWS\system32\vpnapi.dll] [N/A, ]
- [C:\WINDOWS\system32\vsdata.dll] [Zone Labs, LLC, 7.0.462.000]
- [C:\WINDOWS\system32\VSINIT.dll] [Zone Labs, LLC, 7.0.462.000]
- [PID: 544 / SYSTEM][C:\WINDOWS\system32\HZ_CommSrv.exe] [华大智宝电子系统有限公司, 1, 2, 0, 3]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 556 / SYSTEM][C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe] [Realsil Microelectronics Inc., 1.5.3.1]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RsCRLib.dll] [Realtek Semiconductor Corp., 1.1.3.1]
- [PID: 680 / SYSTEM][C:\Program Files\Hillstone\Hillstone Secure Connect\bin\SSLChannel.exe] [Hillstone Networks, 1, 0, 0, 1]
- [PID: 848 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [c:\program files\sina\sina_live\2010\live_deamon.dll] [新浪网技术(中国)有限公司, 1, 0, 0, 1]
- [c:\program files\sina\sina_live\2010\UCLiveCore.dll] [北京新浪信息技术有限公司, 3, 0, 4, 8]
- [PID: 1076 / SYSTEM][C:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0]
- [C:\WINDOWS\system32\WatchData\Watchdata CCB OCL CSP v3.2\wdkmgr.dll] [Watchdata, 2, 1, 1, 40]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1028 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1508 / chengbaoren][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(796).dll] [深圳市迅雷网络技术有限公司, 1, 1, 1, 73]
- [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100]
- [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0]
- [c:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
- [c:\program files\ksafe\kwsui.dll] [Kingsoft Corporation, 2014.03.20.4098]
- [c:\program files\ksafe\kswebshield.dll] [Kingsoft Corporation, 2014.03.20.4098]
- [C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 9.0.5.2008061100\0]
- [C:\Program Files\Tencent\QQ\ShellExt\QQShellExt.dll] [Tencent, 5.2.10446.0]
- [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
- [C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 9.0.5.2008061100\0]
- [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
- [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
- [C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll] [Autodesk, Inc., 1.1.0.278]
- [C:\Program Files\Common Files\Autodesk shared\dwf common\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
- [C:\Program Files\Common Files\Autodesk shared\dwf common\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
- [C:\Program Files\360\360zip\360ZipExt.dll] [360.cn, 2, 0, 0, 1071]
- [PID: 1280 / chengbaoren][C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe] [Alipay Inc. , 1, 1, 0, 1]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\Program Files\alipay\SafeTransaction\AliPayST.dll] [阿里巴巴云计算有限公司, 1, 1, 0, 3]
- [PID: 1120 / chengbaoren][C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe] [Alipay Inc. , 1, 0, 0, 36]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\aliedit\3.7.0.0\alidcp.dll] [Alipay.com Co.,Ltd, 2.0.0.7]
- [PID: 944 / chengbaoren][C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe] [, 2, 1, 8, 8]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 952 / chengbaoren][C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe] [北京华大智宝电子系统有限公司, 1, 6, 0, 47]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\ccb_hdcsp.dll] [CIDC, 1, 4, 3, 55]
- [C:\Program Files\CCBComponents\HDZB\HD_Token.dll] [hdzb, 2, 0, 0, 6]
- [PID: 968 / chengbaoren][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.3.4.6]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 976 / chengbaoren][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 2276 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 3712 / chengbaoren][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1104 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 268 / chengbaoren][C:\Program Files\SogouInput\Components\SGImeGuard\1.0.0.20\SGImeGuard.exe] [Sogou.com Inc., 1.0.0.20]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\Documents and Settings\chengbaoren\Application Data\SogouPY\USBDT\USBDTCon.dll] [北京搜狗科技发展有限公司, 2, 2, 0, 15208]
- [C:\Documents and Settings\chengbaoren\Application Data\SogouPY\USBDT\USBDT.dll] [北京搜狗科技发展有限公司, 2, 2, 0, 15208]
- [PID: 3764 / chengbaoren][C:\Documents and Settings\chengbaoren\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
- [PID: 2296 / chengbaoren][C:\Documents and Settings\chengbaoren\桌面\sreng2\SRE964f1c6b.EXE] [Smallfrogs Studio, 2.8.4.1331]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [c:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
- ==================================
- 文件关联
- N/A
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- N/A
- ==================================
- 进程特权扫描
- N/A
- ==================================
- 计划任务
- N/A
- ==================================
- Windows 安全更新检查
- N/A
- ==================================
- API HOOK
- 入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x011402F1)
- 入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x010E02F1)
- 入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x011102F1)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |