本帖最后由 xinzhulin 于 2011-3-24 09:36 编辑
- 2011-03-24,09:19:45
- System Repair Engineer 2.8.4.1331
- Smallfrogs ([url=http://www.kztechs.com/]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 计划任务
- Windows 安全更新检查
- API HOOK
- 隐藏进程
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <egui><"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice> [(Verified)ESET, spol. s r.o.]
- <ESET_VC52_UPID><C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe /auto> [精睿.网络安全]
- <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
- <citic_certd><C:\Program Files\CITICBank\FeiTian\citic_certd.exe -r -a> [(Verified)Feitian Technologies Co., Ltd.]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
- <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
- <WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
- <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
- <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
- <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
- <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
- <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
- <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
- <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
- <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
- <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
- <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
- <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
- <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
- <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
- <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
- <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
- <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player 11><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
- <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
- <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
- <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [File is missing]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [ESET HTTP Server / EhttpSrv][Stopped/Manual Start]
- <"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"><ESET>
- [ESET Service / ekrn][Running/Auto Start]
- <"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"><ESET>
- [Help and Support / helpsvc][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [Manc / Manc][Running/Auto Start]
- <C:\WINDOWS\system32\manc.exe><N/A>
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
- <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
- [NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
- <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
- ==================================
- 驱动程序
- [Ambfilt / Ambfilt][Stopped/Manual Start]
- <system32\drivers\Ambfilt.sys><Creative>
- [eamon / eamon][Running/Auto Start]
- <system32\DRIVERS\eamon.sys><ESET>
- [ehdrv / ehdrv][Running/System Start]
- <system32\DRIVERS\ehdrv.sys><ESET>
- [epfw / epfw][Running/Auto Start]
- <system32\DRIVERS\epfw.sys><ESET>
- [Eset Personal Firewall / Epfwndis][Running/Manual Start]
- <system32\DRIVERS\Epfwndis.sys><ESET>
- [epfwtdi / epfwtdi][Running/System Start]
- <system32\DRIVERS\epfwtdi.sys><ESET>
- [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
- <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
- [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
- <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
- [Intel(R) Management Engine Interface / MEI][Running/Manual Start]
- <system32\DRIVERS\HECI.sys><Intel Corporation>
- [Monfilt / Monfilt][Stopped/Manual Start]
- <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
- <system32\drivers\nvhda32.sys><NVIDIA Corporation>
- [PLViewer Miniport / PLViewer][Running/Manual Start]
- <system32\DRIVERS\PLViewer.sys><YangTuSoft Corporation>
- [ProcMon / ProcMon][Running/Manual Start]
- <\??\C:\WINDOWS\system32\ProcMon.sys><N/A>
- [Protector / Protector][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\Protector.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
- [ProtectorA / ProtectorA][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [QKeyServiceDisplay / QKeyService][Running/Boot Start]
- <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
- [USB Token 32 Holder Service / R6BaseSmc][Running/Manual Start]
- <system32\DRIVERS\smccarda.sys><OEM>
- [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
- <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
- [TCP/IP Protocol Driver / Tcpip][Running/System Start]
- <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
- [TesSafe / TesSafe][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
- [USBUpper / USBUpper][Running/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\USBUpper.sys><Windows (R) Server 2003 DDK provider>
- [vgwdrv / vgwdrv][Running/Manual Start]
- <system32\DRIVERS\vgwdrv.sys><FlySkey>
- [Virtual Keybord Function Driver / vkeyfdo][Running/Manual Start]
- <System32\Drivers\vkeyfdo.sys><leiwhere.zhang>
- ==================================
- 浏览器加载项
- [CITICS ProcessProtect Class]
- {C37F9D60-975D-41f2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
- [CITICS Antiphishing Class]
- {C8CBC109-B04A-4dda-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
- [假冒网站检测控件设置]
- {00B03C7D-93A4-4814-98A9-66351ADEDF84} <res://CITICAP.dll/ConfigByHotIcon, N/A>
- [[url=http://www.3yx.com/]www.3yx.com[/url] QQ:6419667]
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url=http://www.3yx.com/]www.3yx.com[/url], N/A>
- [EditCtrl Class]
- {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
- [Shellexe Control]
- {AB22604A-E304-4D4E-98D1-16D0958F0D96} <C:\WINDOWS\DOWNLO~1\Shellexe.ocx, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
- [LockHardInf Control]
- {DCEF43C3-B7FB-4EEB-8942-A676428CA4F2} <C:\WINDOWS\DOWNLO~1\LOCKHA~1.OCX, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
- []
- {00B03C7D-93A4-4814-98A9-66351ADEDF84} <, >
- [InstallHelper Class]
- {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINDOWS\system32\MMInstaller.dll, (Signed) Tencent>
- []
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
- [Windows Media Player]
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
- [Microsoft Web 浏览器]
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
- [CITICS ProcessProtect Class]
- {C37F9D60-975D-41F2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
- [CITICS Antiphishing Class]
- {C8CBC109-B04A-4DDA-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx, (Signed) Adobe Systems, Inc.>
- [PlayerCtrl Class]
- {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <E:\新建文件夹 (2)\QzoneMusic.dll, (Signed) Tencent>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
- ==================================
- 正在运行的进程
- [PID: 1324 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [PID: 1372 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [PID: 1400 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
- [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [PID: 1444 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
- [PID: 1456 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 1620 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 4.00.1382.6658]
- [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.12.6658]
- [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.12.6658]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [PID: 1660 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 1824 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 1872 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1900 / SYSTEM][C:\WINDOWS\system32\manc.exe] [N/A, ]
- [PID: 1944 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\msres\PCtrl32.dll] [, ]
- [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
- [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 2044 / SYSTEM][C:\Program Files\ESET\ESET Smart Security\ekrn.exe] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\updater.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll] [ESET, 4.2.67.10 ]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [PID: 228 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 456 / SYSTEM][C:\WINDOWS\system32\msres\xfsvc.exe] [, 3, 0, 0, 0]
- [C:\WINDOWS\system32\msres\GUI.dll] [阳途科技, 2, 0, 0, 1]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\MFrame.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\msres\ComFun.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\XFMainTh.dll] [, 3, 0, 0, 0]
- [C:\WINDOWS\system32\msres\zip.dll] [zip, 1, 1, 0, 0]
- [C:\WINDOWS\system32\msres\CommonFunDll.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\NewLockDesk.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\HKForbit.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\ImageLib.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\ijl15.dll] [Intel Corporation, 1,5,4,36]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\msres\NetOp.dll] [, 2, 0, 0, 15]
- [C:\WINDOWS\system32\msres\PCtrl32.dll] [, ]
- [C:\WINDOWS\system32\msres\USBManage.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\FileOp.dll] [, 1, 0, 0, 2]
- [C:\WINDOWS\system32\msres\AnsiDLL.dll] [, 1, 0, 0, 1]
- [PID: 888 / SYSTEM][C:\WINDOWS\system32\msres\aidc.exe] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [PID: 900 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.12.6658]
- [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.12.6658]
- [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.12.6658]
- [C:\Program Files\WinRAR\rarext.dll] [, ]
- [C:\Program Files\Tencent\RTXC\RTXShlMenu.dll] [Tencent, 1, 0, 0, 1]
- [C:\Program Files\ESET\ESET Smart Security\shellExt.dll] [ESET, 4.2.67.10 ]
- [PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [PID: 1192 / Administrator][C:\Program Files\ESET\ESET Smart Security\egui.exe] [ESET, 4.2.67.10 ]
- [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
- [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\ESET\ESET Smart Security\eguiScan.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll] [ESET, 4.2.67.10 ]
- [C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll] [ESET, 4.2.67.10 ]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 1200 / Administrator][C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe] [精睿.网络安全, 1.7.6.3]
- [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\xfnet.dll] [N/A, ]
- [C:\WINDOWS\system32\WinMon.dll] [, 1, 0, 0, 1]
- [PID: 1236 / Administrator][C:\Program Files\CITICBank\FeiTian\citic_certd.exe] [China CITIC bank, 1, 0, 10, 519]
- [C:\WINDOWS\system32\citicp11.dll] [China CITIC bank, 1, 0, 10, 519]
- [PID: 1244 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [PID: 868 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
- [PID: 908 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SRE6730c97e.EXE] [Smallfrogs Studio, 2.8.4.1331]
- [C:\WINDOWS\system32\MsgTrack.dll] [, 1, 0, 2, 20]
- [C:\WINDOWS\system32\LanMap.dll] [, 1, 0, 0, 1]
- [C:\WINDOWS\system32\msres\PLChat.dll] [N/A, ]
- [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.1.1.4954]
- [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll] [Sogou.com Inc., 5.1.1.4954]
- [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
- [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
- ==================================
- 文件关联
- .TXT Error. [C:\WINDOWS\notepad.exe %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- MSAFD Tcpip [TCP/IP]
- C:\WINDOWS\system32\xfnet.dll(, N/A)
- MSAFD Tcpip [UDP/IP]
- C:\WINDOWS\system32\xfnet.dll(, N/A)
- MSAFD Tcpip [RAW/IP]
- C:\WINDOWS\system32\xfnet.dll(, N/A)
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 [url=http://www.gtxp2.com/]www.gtxp2.com[/url] #这家无良公司在所谓的网维工具内加入了屏蔽我站的信息,我们也是不得已做出反击,望见者谅解
- 127.0.0.1 gtxp2.com #封死此无良网站,B4此站的相关人员.此站人员已不可理喻。
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1400, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\WINDOWS\SYSTEM32\MSRES\XFSVC.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1200, C:\PROGRAM FILES\ESET\ESET_VC52UPID\ESET_VC52_UPID.EXE]
- ==================================
- 计划任务
- [已启用] SogouImeMgr.job
- C:\PROGRA~1\SOGOUI~1\511~1.495\SGTool.exe
- ==================================
- Windows 安全更新检查
- N/A
- ==================================
- API HOOK
- N/A
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
|