查看: 5724|回复: 0
收起左侧

[已解决] 我用SREng扫描了下系统 大家帮我看看 是不是中木马了~

 关闭 [复制链接]
xinzhulin
发表于 2011-3-24 09:35:23 | 显示全部楼层 |阅读模式
本帖最后由 xinzhulin 于 2011-3-24 09:36 编辑

  1. 2011-03-24,09:19:45
  2. System Repair Engineer 2.8.4.1331
  3. Smallfrogs ([url=http://www.kztechs.com/]http://www.KZTechs.com[/url])
  4. Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件
  13.     进程特权扫描
  14.     计划任务
  15.     Windows 安全更新检查
  16.     API HOOK
  17.     隐藏进程

  18. 启动项目
  19. 注册表
  20. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  21.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
  22. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  23.     <egui><"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice>  [(Verified)ESET, spol. s r.o.]
  24.     <ESET_VC52_UPID><C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe /auto>  [精睿.网络安全]
  25.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
  26.     <citic_certd><C:\Program Files\CITICBank\FeiTian\citic_certd.exe -r -a>  [(Verified)Feitian Technologies Co., Ltd.]
  27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  28.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
  29.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  31.     <AppInit_DLLs><>  [N/A]
  32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  33.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  35.     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  37.     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  38.     <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  39.     <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
  40.     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
  41.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  43.     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  45.     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  47.     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
  49.     <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  51.     <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  52. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  53.     <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  55.     <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
  56. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  57.     <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  58. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  59.     <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  60. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  61.     <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
  62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  63.     <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  65.     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  66.     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  67. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  68.     <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
  69. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  70.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
  71. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
  72.     <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
  73. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  74.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
  75. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  76.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  77. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  78.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
  79. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  80.     <Microsoft Windows Media Player 11><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
  81. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  82.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
  83. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  84.     <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  86.     <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
  87. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  88.     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
  89. [HKEY_CURRENT_USER\Control Panel\Desktop]
  90.     <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [File is missing]
  91. ==================================
  92. 启动文件夹
  93. N/A
  94. ==================================
  95. 服务
  96. [ESET HTTP Server / EhttpSrv][Stopped/Manual Start]
  97.   <"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"><ESET>
  98. [ESET Service / ekrn][Running/Auto Start]
  99.   <"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"><ESET>
  100. [Help and Support / helpsvc][Stopped/Disabled]
  101.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
  102. [Human Interface Device Access / HidServ][Stopped/Disabled]
  103.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  104. [Manc / Manc][Running/Auto Start]
  105.   <C:\WINDOWS\system32\manc.exe><N/A>
  106. [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  107.   <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
  108. [NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  109.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
  110. ==================================
  111. 驱动程序
  112. [Ambfilt / Ambfilt][Stopped/Manual Start]
  113.   <system32\drivers\Ambfilt.sys><Creative>
  114. [eamon / eamon][Running/Auto Start]
  115.   <system32\DRIVERS\eamon.sys><ESET>
  116. [ehdrv / ehdrv][Running/System Start]
  117.   <system32\DRIVERS\ehdrv.sys><ESET>
  118. [epfw / epfw][Running/Auto Start]
  119.   <system32\DRIVERS\epfw.sys><ESET>
  120. [Eset Personal Firewall / Epfwndis][Running/Manual Start]
  121.   <system32\DRIVERS\Epfwndis.sys><ESET>
  122. [epfwtdi / epfwtdi][Running/System Start]
  123.   <system32\DRIVERS\epfwtdi.sys><ESET>
  124. [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  125.   <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
  126. [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  127.   <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
  128. [Intel(R) Management Engine Interface / MEI][Running/Manual Start]
  129.   <system32\DRIVERS\HECI.sys><Intel Corporation>
  130. [Monfilt / Monfilt][Stopped/Manual Start]
  131.   <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
  132. [nv / nv][Running/Manual Start]
  133.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  134. [Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
  135.   <system32\drivers\nvhda32.sys><NVIDIA Corporation>
  136. [PLViewer Miniport / PLViewer][Running/Manual Start]
  137.   <system32\DRIVERS\PLViewer.sys><YangTuSoft Corporation>
  138. [ProcMon / ProcMon][Running/Manual Start]
  139.   <\??\C:\WINDOWS\system32\ProcMon.sys><N/A>
  140. [Protector / Protector][Stopped/Manual Start]
  141.   <\??\C:\WINDOWS\system32\drivers\Protector.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  142. [ProtectorA / ProtectorA][Stopped/Manual Start]
  143.   <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  144. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  145.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  146. [QKeyServiceDisplay / QKeyService][Running/Boot Start]
  147.   <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
  148. [USB Token 32 Holder Service / R6BaseSmc][Running/Manual Start]
  149.   <system32\DRIVERS\smccarda.sys><OEM>
  150. [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  151.   <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
  152. [Secdrv / Secdrv][Stopped/Manual Start]
  153.   <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
  154. [TCP/IP Protocol Driver / Tcpip][Running/System Start]
  155.   <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
  156. [TesSafe / TesSafe][Stopped/Manual Start]
  157.   <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
  158. [USBUpper / USBUpper][Running/Manual Start]
  159.   <\??\C:\WINDOWS\system32\drivers\USBUpper.sys><Windows (R) Server 2003 DDK provider>
  160. [vgwdrv / vgwdrv][Running/Manual Start]
  161.   <system32\DRIVERS\vgwdrv.sys><FlySkey>
  162. [Virtual Keybord Function Driver / vkeyfdo][Running/Manual Start]
  163.   <System32\Drivers\vkeyfdo.sys><leiwhere.zhang>
  164. ==================================
  165. 浏览器加载项
  166. [CITICS ProcessProtect Class]
  167.   {C37F9D60-975D-41f2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  168. [CITICS Antiphishing Class]
  169.   {C8CBC109-B04A-4dda-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
  170. [假冒网站检测控件设置]
  171.   {00B03C7D-93A4-4814-98A9-66351ADEDF84} <res://CITICAP.dll/ConfigByHotIcon, N/A>
  172. [[url=http://www.3yx.com/]www.3yx.com[/url]  QQ:6419667]
  173.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url=http://www.3yx.com/]www.3yx.com[/url], N/A>
  174. [EditCtrl Class]
  175.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
  176. [Shellexe Control]
  177.   {AB22604A-E304-4D4E-98D1-16D0958F0D96} <C:\WINDOWS\DOWNLO~1\Shellexe.ocx, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
  178. [LockHardInf Control]
  179.   {DCEF43C3-B7FB-4EEB-8942-A676428CA4F2} <C:\WINDOWS\DOWNLO~1\LOCKHA~1.OCX, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
  180. []
  181.   {00B03C7D-93A4-4814-98A9-66351ADEDF84} <, >
  182. [InstallHelper Class]
  183.   {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINDOWS\system32\MMInstaller.dll, (Signed) Tencent>
  184. []
  185.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
  186. [Windows Media Player]
  187.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
  188. [Microsoft Web 浏览器]
  189.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
  190. [CITICS ProcessProtect Class]
  191.   {C37F9D60-975D-41F2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  192. [CITICS Antiphishing Class]
  193.   {C8CBC109-B04A-4DDA-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
  194. [Shockwave Flash Object]
  195.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx, (Signed) Adobe Systems, Inc.>
  196. [PlayerCtrl Class]
  197.   {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <E:\新建文件夹 (2)\QzoneMusic.dll, (Signed) Tencent>
  198. [导出到 Microsoft Office Excel(&X)]
  199.   <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
  200. ==================================
  201. 正在运行的进程
  202. [PID: 1324 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  203. [PID: 1372 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  204. [PID: 1400 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  205.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  206.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  207.     [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  208.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  209.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  210. [PID: 1444 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
  211. [PID: 1456 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  212.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  213.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  214.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  215. [PID: 1620 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 4.00.1382.6658]
  216.     [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.12.6658]
  217.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.12.6658]
  218.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  219. [PID: 1660 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  220.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  221. [PID: 1780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  222.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  223.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  224.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  225. [PID: 1824 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  226.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  227.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  228.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  229. [PID: 1872 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  230.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  231. [PID: 1900 / SYSTEM][C:\WINDOWS\system32\manc.exe]  [N/A, ]
  232. [PID: 1944 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
  233.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  234.     [C:\WINDOWS\system32\msres\PCtrl32.dll]  [, ]
  235.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  236. [PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  237.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  238. [PID: 2044 / SYSTEM][C:\Program Files\ESET\ESET Smart Security\ekrn.exe]  [ESET, 4.2.67.10 ]
  239.     [C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll]  [ESET, 4.2.67.10 ]
  240.     [C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll]  [ESET, 4.2.67.10 ]
  241.     [C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll]  [ESET, 4.2.67.10 ]
  242.     [C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll]  [ESET, 4.2.67.10 ]
  243.     [C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll]  [ESET, 4.2.67.10 ]
  244.     [C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll]  [ESET, 4.2.67.10 ]
  245.     [C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll]  [ESET, 4.2.67.10 ]
  246.     [C:\Program Files\ESET\ESET Smart Security\updater.dll]  [ESET, 4.2.67.10 ]
  247.     [C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll]  [ESET, 4.2.67.10 ]
  248.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  249.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  250.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  251.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  252. [PID: 228 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  253.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  254.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  255.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  256. [PID: 456 / SYSTEM][C:\WINDOWS\system32\msres\xfsvc.exe]  [, 3, 0, 0, 0]
  257.     [C:\WINDOWS\system32\msres\GUI.dll]  [阳途科技, 2, 0, 0, 1]
  258.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  259.     [C:\WINDOWS\system32\msres\MFrame.dll]  [, 1, 0, 0, 1]
  260.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  261.     [C:\WINDOWS\system32\msres\ComFun.dll]  [, 1, 0, 0, 1]
  262.     [C:\WINDOWS\system32\msres\XFMainTh.dll]  [, 3, 0, 0, 0]
  263.     [C:\WINDOWS\system32\msres\zip.dll]  [zip, 1, 1, 0, 0]
  264.     [C:\WINDOWS\system32\msres\CommonFunDll.dll]  [, 1, 0, 0, 1]
  265.     [C:\WINDOWS\system32\msres\NewLockDesk.dll]  [, 1, 0, 0, 1]
  266.     [C:\WINDOWS\system32\msres\HKForbit.dll]  [, 1, 0, 0, 1]
  267.     [C:\WINDOWS\system32\msres\ImageLib.dll]  [, 1, 0, 0, 1]
  268.     [C:\WINDOWS\system32\msres\ijl15.dll]  [Intel Corporation, 1,5,4,36]
  269.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  270.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  271.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  272.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  273.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  274.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  275.     [C:\WINDOWS\system32\msres\NetOp.dll]  [, 2, 0, 0, 15]
  276.     [C:\WINDOWS\system32\msres\PCtrl32.dll]  [, ]
  277.     [C:\WINDOWS\system32\msres\USBManage.dll]  [, 1, 0, 0, 1]
  278.     [C:\WINDOWS\system32\msres\FileOp.dll]  [, 1, 0, 0, 2]
  279.     [C:\WINDOWS\system32\msres\AnsiDLL.dll]  [, 1, 0, 0, 1]
  280. [PID: 888 / SYSTEM][C:\WINDOWS\system32\msres\aidc.exe]  [, 1, 0, 0, 1]
  281.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  282.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  283.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  284.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  285.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  286. [PID: 900 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  287.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  288.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  289.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  290.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  291.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  292.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  293.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  294.     [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.12.6658]
  295.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.12.6658]
  296.     [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.12.6658]
  297.     [C:\Program Files\WinRAR\rarext.dll]  [, ]
  298.     [C:\Program Files\Tencent\RTXC\RTXShlMenu.dll]  [Tencent, 1, 0, 0, 1]
  299.     [C:\Program Files\ESET\ESET Smart Security\shellExt.dll]  [ESET, 4.2.67.10 ]
  300. [PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
  301.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  302. [PID: 1192 / Administrator][C:\Program Files\ESET\ESET Smart Security\egui.exe]  [ESET, 4.2.67.10 ]
  303.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
  304.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.4053]
  305.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  306.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  307.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  308.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  309.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  310.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  311.     [C:\Program Files\ESET\ESET Smart Security\eguiScan.dll]  [ESET, 4.2.67.10 ]
  312.     [C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll]  [ESET, 4.2.67.10 ]
  313.     [C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll]  [ESET, 4.2.67.10 ]
  314.     [C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll]  [ESET, 4.2.67.10 ]
  315.     [C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll]  [ESET, 4.2.67.10 ]
  316.     [C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll]  [ESET, 4.2.67.10 ]
  317.     [C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll]  [ESET, 4.2.67.10 ]
  318.     [C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll]  [ESET, 4.2.67.10 ]
  319.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  320.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  321.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  322. [PID: 1200 / Administrator][C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe]  [精睿.网络安全, 1.7.6.3]
  323.     [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  324.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  325.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  326.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  327.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  328.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  329.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  330.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  331.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  332. [PID: 1236 / Administrator][C:\Program Files\CITICBank\FeiTian\citic_certd.exe]  [China CITIC bank, 1, 0, 10, 519]
  333.     [C:\WINDOWS\system32\citicp11.dll]  [China CITIC bank, 1, 0, 10, 519]
  334. [PID: 1244 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
  335.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  336.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  337.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  338.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  339.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  340.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  341.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  342. [PID: 868 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  343. [PID: 908 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SRE6730c97e.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  344.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  345.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  346.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  347.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  348.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  349.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  350.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  351.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  352. ==================================
  353. 文件关联
  354. .TXT  Error. [C:\WINDOWS\notepad.exe %1]
  355. .EXE  OK. ["%1" %*]
  356. .COM  OK. ["%1" %*]
  357. .PIF  OK. ["%1" %*]
  358. .REG  OK. [regedit.exe "%1"]
  359. .BAT  OK. ["%1" %*]
  360. .SCR  OK. ["%1" /S]
  361. .CHM  Error. ["hh.exe" %1]
  362. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  363. .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
  364. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  365. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  366. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  367. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  368. ==================================
  369. Winsock 提供者
  370. MSAFD Tcpip [TCP/IP]
  371.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  372. MSAFD Tcpip [UDP/IP]
  373.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  374. MSAFD Tcpip [RAW/IP]
  375.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  376. ==================================
  377. Autorun.inf
  378. N/A
  379. ==================================
  380. HOSTS 文件
  381. 127.0.0.1 [url=http://www.gtxp2.com/]www.gtxp2.com[/url] #这家无良公司在所谓的网维工具内加入了屏蔽我站的信息,我们也是不得已做出反击,望见者谅解
  382. 127.0.0.1 gtxp2.com #封死此无良网站,B4此站的相关人员.此站人员已不可理喻。
  383. ==================================
  384. 进程特权扫描
  385. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1400, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
  386. 特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\WINDOWS\SYSTEM32\MSRES\XFSVC.EXE]
  387. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1200, C:\PROGRAM FILES\ESET\ESET_VC52UPID\ESET_VC52_UPID.EXE]
  388. ==================================
  389. 计划任务
  390. [已启用] SogouImeMgr.job
  391.         C:\PROGRA~1\SOGOUI~1\511~1.495\SGTool.exe
  392. ==================================
  393. Windows 安全更新检查
  394. N/A
  395. ==================================
  396. API HOOK
  397. N/A
  398. ==================================
  399. 隐藏进程
  400. N/A
  401. ==================================

复制代码

您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-2 11:51 , Processed in 0.131622 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表