收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 我用SREng扫描了下系统 大家帮我看看 是不是中木马了~
返回列表 发新帖
查看: 5739|回复: 0
收起左侧

[已解决] 我用SREng扫描了下系统 大家帮我看看 是不是中木马了~

 关闭 [复制链接]
xinzhulin
发表于 2011-3-24 09:35:23 | 显示全部楼层 |阅读模式
本帖最后由 xinzhulin 于 2011-3-24 09:36 编辑

  2. 2011-03-24,09:19:45
  3. System Repair Engineer 2.8.4.1331
  4. Smallfrogs ([url=http://www.kztechs.com/]http://www.KZTechs.com[/url])
  5. Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
  6. 以下内容被选中:
  7.     所有的启动项目(包括注册表、启动文件夹、服务等)
  8.     浏览器加载项
  9.     正在运行的进程(包括进程模块信息)
  10.     文件关联
  11.     Winsock 提供者
  12.     Autorun.inf
  13.     HOSTS 文件
  14.     进程特权扫描
  15.     计划任务
  16.     Windows 安全更新检查
  17.     API HOOK
  18.     隐藏进程

  20. 启动项目
  21. 注册表
  22. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  23.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
  24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  25.     <egui><"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice>  [(Verified)ESET, spol. s r.o.]
  26.     <ESET_VC52_UPID><C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe /auto>  [精睿.网络安全]
  27.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
  28.     <citic_certd><C:\Program Files\CITICBank\FeiTian\citic_certd.exe -r -a>  [(Verified)Feitian Technologies Co., Ltd.]
  29. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  30.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
  31.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
  32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  33.     <AppInit_DLLs><>  [N/A]
  34. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  35.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  37.     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  39.     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  40.     <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  41.     <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
  42.     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
  43.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  45.     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  47.     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  49.     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
  51.     <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
  52. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  53.     <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  55.     <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  56. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  57.     <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
  58. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  59.     <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  60. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  61.     <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  63.     <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  65.     <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  67.     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  68.     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  69. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  70.     <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
  71. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  72.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
  73. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
  74.     <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
  75. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  76.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
  77. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  78.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  79. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  80.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
  81. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  82.     <Microsoft Windows Media Player 11><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
  83. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  84.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  86.     <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
  87. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  88.     <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
  89. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  90.     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
  91. [HKEY_CURRENT_USER\Control Panel\Desktop]
  92.     <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [File is missing]
  93. ==================================
  94. 启动文件夹
  95. N/A
  96. ==================================
  97. 服务
  98. [ESET HTTP Server / EhttpSrv][Stopped/Manual Start]
  99.   <"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"><ESET>
  100. [ESET Service / ekrn][Running/Auto Start]
  101.   <"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"><ESET>
  102. [Help and Support / helpsvc][Stopped/Disabled]
  103.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
  104. [Human Interface Device Access / HidServ][Stopped/Disabled]
  105.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  106. [Manc / Manc][Running/Auto Start]
  107.   <C:\WINDOWS\system32\manc.exe><N/A>
  108. [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  109.   <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
  110. [NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  111.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
  112. ==================================
  113. 驱动程序
  114. [Ambfilt / Ambfilt][Stopped/Manual Start]
  115.   <system32\drivers\Ambfilt.sys><Creative>
  116. [eamon / eamon][Running/Auto Start]
  117.   <system32\DRIVERS\eamon.sys><ESET>
  118. [ehdrv / ehdrv][Running/System Start]
  119.   <system32\DRIVERS\ehdrv.sys><ESET>
  120. [epfw / epfw][Running/Auto Start]
  121.   <system32\DRIVERS\epfw.sys><ESET>
  122. [Eset Personal Firewall / Epfwndis][Running/Manual Start]
  123.   <system32\DRIVERS\Epfwndis.sys><ESET>
  124. [epfwtdi / epfwtdi][Running/System Start]
  125.   <system32\DRIVERS\epfwtdi.sys><ESET>
  126. [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  127.   <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
  128. [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  129.   <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
  130. [Intel(R) Management Engine Interface / MEI][Running/Manual Start]
  131.   <system32\DRIVERS\HECI.sys><Intel Corporation>
  132. [Monfilt / Monfilt][Stopped/Manual Start]
  133.   <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
  134. [nv / nv][Running/Manual Start]
  135.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  136. [Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
  137.   <system32\drivers\nvhda32.sys><NVIDIA Corporation>
  138. [PLViewer Miniport / PLViewer][Running/Manual Start]
  139.   <system32\DRIVERS\PLViewer.sys><YangTuSoft Corporation>
  140. [ProcMon / ProcMon][Running/Manual Start]
  141.   <\??\C:\WINDOWS\system32\ProcMon.sys><N/A>
  142. [Protector / Protector][Stopped/Manual Start]
  143.   <\??\C:\WINDOWS\system32\drivers\Protector.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  144. [ProtectorA / ProtectorA][Stopped/Manual Start]
  145.   <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><[url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  146. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  147.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  148. [QKeyServiceDisplay / QKeyService][Running/Boot Start]
  149.   <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
  150. [USB Token 32 Holder Service / R6BaseSmc][Running/Manual Start]
  151.   <system32\DRIVERS\smccarda.sys><OEM>
  152. [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  153.   <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
  154. [Secdrv / Secdrv][Stopped/Manual Start]
  155.   <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
  156. [TCP/IP Protocol Driver / Tcpip][Running/System Start]
  157.   <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
  158. [TesSafe / TesSafe][Stopped/Manual Start]
  159.   <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
  160. [USBUpper / USBUpper][Running/Manual Start]
  161.   <\??\C:\WINDOWS\system32\drivers\USBUpper.sys><Windows (R) Server 2003 DDK provider>
  162. [vgwdrv / vgwdrv][Running/Manual Start]
  163.   <system32\DRIVERS\vgwdrv.sys><FlySkey>
  164. [Virtual Keybord Function Driver / vkeyfdo][Running/Manual Start]
  165.   <System32\Drivers\vkeyfdo.sys><leiwhere.zhang>
  166. ==================================
  167. 浏览器加载项
  168. [CITICS ProcessProtect Class]
  169.   {C37F9D60-975D-41f2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  170. [CITICS Antiphishing Class]
  171.   {C8CBC109-B04A-4dda-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
  172. [假冒网站检测控件设置]
  173.   {00B03C7D-93A4-4814-98A9-66351ADEDF84} <res://CITICAP.dll/ConfigByHotIcon, N/A>
  174. [[url=http://www.3yx.com/]www.3yx.com[/url]  QQ:6419667]
  175.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url=http://www.3yx.com/]www.3yx.com[/url], N/A>
  176. [EditCtrl Class]
  177.   {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
  178. [Shellexe Control]
  179.   {AB22604A-E304-4D4E-98D1-16D0958F0D96} <C:\WINDOWS\DOWNLO~1\Shellexe.ocx, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
  180. [LockHardInf Control]
  181.   {DCEF43C3-B7FB-4EEB-8942-A676428CA4F2} <C:\WINDOWS\DOWNLO~1\LOCKHA~1.OCX, [url=http://www.ylmf.com/]WwW.YlmF.CoM[/url]>
  182. []
  183.   {00B03C7D-93A4-4814-98A9-66351ADEDF84} <, >
  184. [InstallHelper Class]
  185.   {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINDOWS\system32\MMInstaller.dll, (Signed) Tencent>
  186. []
  187.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
  188. [Windows Media Player]
  189.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
  190. [Microsoft Web 浏览器]
  191.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
  192. [CITICS ProcessProtect Class]
  193.   {C37F9D60-975D-41F2-A745-4DC934D319AA} <C:\WINDOWS\system32\CITICSPP.dll, [url=http://www.isra.org.cn/]www.ISRA.org.cn[/url]>
  194. [CITICS Antiphishing Class]
  195.   {C8CBC109-B04A-4DDA-956E-BFFE0360DADD} <C:\WINDOWS\system32\CITICAP.dll, (Signed) NITSC>
  196. [Shockwave Flash Object]
  197.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx, (Signed) Adobe Systems, Inc.>
  198. [PlayerCtrl Class]
  199.   {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <E:\新建文件夹 (2)\QzoneMusic.dll, (Signed) Tencent>
  200. [导出到 Microsoft Office Excel(&X)]
  201.   <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
  202. ==================================
  203. 正在运行的进程
  204. [PID: 1324 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  205. [PID: 1372 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  206. [PID: 1400 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  207.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  208.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  209.     [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  210.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  211.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  212. [PID: 1444 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
  213. [PID: 1456 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  214.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  215.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  216.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  217. [PID: 1620 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 4.00.1382.6658]
  218.     [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.12.6658]
  219.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.12.6658]
  220.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  221. [PID: 1660 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  222.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  223. [PID: 1780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  224.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  225.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  226.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  227. [PID: 1824 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  228.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  229.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  230.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  231. [PID: 1872 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  232.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  233. [PID: 1900 / SYSTEM][C:\WINDOWS\system32\manc.exe]  [N/A, ]
  234. [PID: 1944 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
  235.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  236.     [C:\WINDOWS\system32\msres\PCtrl32.dll]  [, ]
  237.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  238. [PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
  239.     [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  240. [PID: 2044 / SYSTEM][C:\Program Files\ESET\ESET Smart Security\ekrn.exe]  [ESET, 4.2.67.10 ]
  241.     [C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll]  [ESET, 4.2.67.10 ]
  242.     [C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll]  [ESET, 4.2.67.10 ]
  243.     [C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll]  [ESET, 4.2.67.10 ]
  244.     [C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll]  [ESET, 4.2.67.10 ]
  245.     [C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll]  [ESET, 4.2.67.10 ]
  246.     [C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll]  [ESET, 4.2.67.10 ]
  247.     [C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll]  [ESET, 4.2.67.10 ]
  248.     [C:\Program Files\ESET\ESET Smart Security\updater.dll]  [ESET, 4.2.67.10 ]
  249.     [C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll]  [ESET, 4.2.67.10 ]
  250.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  251.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  252.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  253.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  254. [PID: 228 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  255.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  256.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  257.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  258. [PID: 456 / SYSTEM][C:\WINDOWS\system32\msres\xfsvc.exe]  [, 3, 0, 0, 0]
  259.     [C:\WINDOWS\system32\msres\GUI.dll]  [阳途科技, 2, 0, 0, 1]
  260.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  261.     [C:\WINDOWS\system32\msres\MFrame.dll]  [, 1, 0, 0, 1]
  262.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  263.     [C:\WINDOWS\system32\msres\ComFun.dll]  [, 1, 0, 0, 1]
  264.     [C:\WINDOWS\system32\msres\XFMainTh.dll]  [, 3, 0, 0, 0]
  265.     [C:\WINDOWS\system32\msres\zip.dll]  [zip, 1, 1, 0, 0]
  266.     [C:\WINDOWS\system32\msres\CommonFunDll.dll]  [, 1, 0, 0, 1]
  267.     [C:\WINDOWS\system32\msres\NewLockDesk.dll]  [, 1, 0, 0, 1]
  268.     [C:\WINDOWS\system32\msres\HKForbit.dll]  [, 1, 0, 0, 1]
  269.     [C:\WINDOWS\system32\msres\ImageLib.dll]  [, 1, 0, 0, 1]
  270.     [C:\WINDOWS\system32\msres\ijl15.dll]  [Intel Corporation, 1,5,4,36]
  271.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  272.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  273.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  274.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  275.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  276.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  277.     [C:\WINDOWS\system32\msres\NetOp.dll]  [, 2, 0, 0, 15]
  278.     [C:\WINDOWS\system32\msres\PCtrl32.dll]  [, ]
  279.     [C:\WINDOWS\system32\msres\USBManage.dll]  [, 1, 0, 0, 1]
  280.     [C:\WINDOWS\system32\msres\FileOp.dll]  [, 1, 0, 0, 2]
  281.     [C:\WINDOWS\system32\msres\AnsiDLL.dll]  [, 1, 0, 0, 1]
  282. [PID: 888 / SYSTEM][C:\WINDOWS\system32\msres\aidc.exe]  [, 1, 0, 0, 1]
  283.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  284.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  285.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  286.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  287.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  288. [PID: 900 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  289.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  290.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  291.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  292.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  293.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  294.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  295.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  296.     [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.12.6658]
  297.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.12.6658]
  298.     [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.12.6658]
  299.     [C:\Program Files\WinRAR\rarext.dll]  [, ]
  300.     [C:\Program Files\Tencent\RTXC\RTXShlMenu.dll]  [Tencent, 1, 0, 0, 1]
  301.     [C:\Program Files\ESET\ESET Smart Security\shellExt.dll]  [ESET, 4.2.67.10 ]
  302. [PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
  303.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  304. [PID: 1192 / Administrator][C:\Program Files\ESET\ESET Smart Security\egui.exe]  [ESET, 4.2.67.10 ]
  305.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
  306.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.4053]
  307.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  308.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  309.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  310.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  311.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  312.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  313.     [C:\Program Files\ESET\ESET Smart Security\eguiScan.dll]  [ESET, 4.2.67.10 ]
  314.     [C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll]  [ESET, 4.2.67.10 ]
  315.     [C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll]  [ESET, 4.2.67.10 ]
  316.     [C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll]  [ESET, 4.2.67.10 ]
  317.     [C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll]  [ESET, 4.2.67.10 ]
  318.     [C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll]  [ESET, 4.2.67.10 ]
  319.     [C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll]  [ESET, 4.2.67.10 ]
  320.     [C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll]  [ESET, 4.2.67.10 ]
  321.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  322.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  323.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  324. [PID: 1200 / Administrator][C:\Program Files\ESET\ESET_VC52UPID\ESET_VC52_UPID.exe]  [精睿.网络安全, 1.7.6.3]
  325.     [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  326.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  327.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  328.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  329.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  330.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  331.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  332.     [C:\WINDOWS\system32\xfnet.dll]  [N/A, ]
  333.     [C:\WINDOWS\system32\WinMon.dll]  [, 1, 0, 0, 1]
  334. [PID: 1236 / Administrator][C:\Program Files\CITICBank\FeiTian\citic_certd.exe]  [China CITIC bank, 1, 0, 10, 519]
  335.     [C:\WINDOWS\system32\citicp11.dll]  [China CITIC bank, 1, 0, 10, 519]
  336. [PID: 1244 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
  337.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  338.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  339.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  340.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  341.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  342.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  343.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  344. [PID: 868 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  345. [PID: 908 / Administrator][G:\辅助工具\系统扫描查看类\sreng2.8.4.1331 版本\SRE6730c97e.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  346.     [C:\WINDOWS\system32\MsgTrack.dll]  [, 1, 0, 2, 20]
  347.     [C:\WINDOWS\system32\LanMap.dll]  [, 1, 0, 0, 1]
  348.     [C:\WINDOWS\system32\msres\PLChat.dll]  [N/A, ]
  349.     [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
  350.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.1.1.4954]
  351.     [C:\Program Files\SogouInput\5.1.1.4954\Resource.dll]  [Sogou.com Inc., 5.1.1.4954]
  352.     [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
  353.     [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
  354. ==================================
  355. 文件关联
  356. .TXT  Error. [C:\WINDOWS\notepad.exe %1]
  357. .EXE  OK. ["%1" %*]
  358. .COM  OK. ["%1" %*]
  359. .PIF  OK. ["%1" %*]
  360. .REG  OK. [regedit.exe "%1"]
  361. .BAT  OK. ["%1" %*]
  362. .SCR  OK. ["%1" /S]
  363. .CHM  Error. ["hh.exe" %1]
  364. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  365. .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
  366. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  367. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  368. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  369. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  370. ==================================
  371. Winsock 提供者
  372. MSAFD Tcpip [TCP/IP]
  373.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  374. MSAFD Tcpip [UDP/IP]
  375.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  376. MSAFD Tcpip [RAW/IP]
  377.     C:\WINDOWS\system32\xfnet.dll(, N/A)
  378. ==================================
  379. Autorun.inf
  380. N/A
  381. ==================================
  382. HOSTS 文件
  383. 127.0.0.1 [url=http://www.gtxp2.com/]www.gtxp2.com[/url] #这家无良公司在所谓的网维工具内加入了屏蔽我站的信息,我们也是不得已做出反击,望见者谅解
  384. 127.0.0.1 gtxp2.com #封死此无良网站,B4此站的相关人员.此站人员已不可理喻。
  385. ==================================
  386. 进程特权扫描
  387. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1400, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
  388. 特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\WINDOWS\SYSTEM32\MSRES\XFSVC.EXE]
  389. 特殊特权被允许: SeLoadDriverPrivilege [PID = 1200, C:\PROGRAM FILES\ESET\ESET_VC52UPID\ESET_VC52_UPID.EXE]
  390. ==================================
  391. 计划任务
  392. [已启用] SogouImeMgr.job
  393.         C:\PROGRA~1\SOGOUI~1\511~1.495\SGTool.exe
  394. ==================================
  395. Windows 安全更新检查
  396. N/A
  397. ==================================
  398. API HOOK
  399. N/A
  400. ==================================
  401. 隐藏进程
  402. N/A
  403. ==================================

复制代码

回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-28 03:57 , Processed in 0.127397 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表