[C:\Windows\system32\XLaccLSP.dll] [深圳市迅雷网络技术有限公司, 1.1.39.4216]
[PID: 4668 / Administrator][D:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1169\SGImeGuard.exe] [Sogou.com Inc., 1.0.0.1169]
[D:\360safe\safemon\safemon.dll] [360.cn, 8, 2, 2, 1300]
[PID: 696 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)]
[D:\360safe\safemon\safemon.dll] [360.cn, 8, 2, 2, 1300]
[D:\360safe\safemon\Safehmpg.dll] [360.cn, 1, 0, 0, 1150]
[C:\Windows\system32\aticfx32.dll] [Advanced Micro Devices, Inc. , 8.17.10.1091]
[C:\Windows\system32\atiuxpag.dll] [Advanced Micro Devices, Inc. , 8.14.01.6226]
[C:\Windows\system32\igd10umd32.dll] [Intel Corporation, 8.15.10.2342]
[C:\Windows\system32\atidxx32.dll] [Advanced Micro Devices, Inc. , 8.17.10.0378]
[D:\360safe\safemon\Adfilter.dll] [360.cn, 1, 0, 0, 2006]
[D:\360safe\safemon\ExtSmartWizIE.dll] [360.cn, 1, 0, 0, 1014]
[D:\360safe\safemon\iNetSafe.dll] [360.cn, 1, 0, 2, 1310]
[D:\360safe\safemon\urlproc.dll] [360.cn, 2, 9, 0, 1040]
[D:\360safe\deepscan\heavygate.dll] [360.cn, 3, 7, 9, 3]
[C:\Windows\system32\XLaccLSP.dll] [深圳市迅雷网络技术有限公司, 1.1.39.4216]
[D:\360safe\safemon\sepro.dll] [360.cn, 3, 0, 0, 1030]
[C:\Windows\system32\Macromed\Flash\Flash32_11_6_602_180.ocx] [Adobe Systems, Inc., 11,6,602,180]
[PID: 5276 / Administrator][D:\360safe\SoftMgr\SoftManagerLite.exe] [360.cn, 3, 0, 0, 1070]
[D:\360safe\SoftMgr\somkernl.dll] [360.cn, 2, 0, 0, 1050]
[d:\360safe\softmgr\360softmgrlitecore.dll] [360.cn, 1, 0, 0, 1210]
[D:\360safe\PDown.dll] [360.cn, 1, 3, 0, 1122]
[D:\360safe\safemon\7z.dll] [Igor Pavlov, 9.20.0.1020]
[d:\360safe\softmgr\softmgrlitebase.dll] [360.cn, 1, 0, 0, 1060]
[d:\360safe\softmgr\regularshutdown.dll] [360.cn, 1, 0, 0, 1010]
[D:\360safe\SoftMgr\img_reader.dll] [360.cn, 1, 0, 1, 0]
[D:\360safe\deepscan\bapi.dll] [360.cn, 2.0.0.1041]
[PID: 3088 / Administrator][C:\Users\Administrator.dell-PC\Downloads\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[PID: 5892 / Administrator][C:\Users\Administrator.dell-PC\Downloads\SREdc4c6705.EXE] [Smallfrogs Studio, 2.8.4.1331]
[D:\360safe\safemon\safemon.dll] [360.cn, 8, 2, 2, 1300]
[C:\Windows\system32\XLaccLSP.dll] [深圳市迅雷网络技术有限公司, 1.1.39.4216]
[PID: 5656 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
XLaccLSP
C:\Windows\system32\XLaccLSP.dll(深圳市迅雷网络技术有限公司, 迅雷网游加速器)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1804, C:\PROGRAM FILES\DELL WIRELESS\ATH_COEXAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 256, C:\PROGRAM FILES\DELL WIRELESS\BLUETOOTH SUITE\ADMINSERVICE.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2472, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3004, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3788, C:\PROGRAM FILES\CHINATELECOM C+W\C+WCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4076, C:\PROGRAM FILES\CHINATELECOM C+W\CWCLEANTOOLS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\CHINATELECOM C+W\LOGINACCOUNT.EXE]
==================================
计划任务
[已禁用] \\GoogleUpdateTaskMachineCore
C:\Program Files\Google\Update\GoogleUpdate.exe /c
[已禁用] \\GoogleUpdateTaskMachineUA
C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[已禁用] \\WpsUpdateTask_Administrator
D:\Program Files\Kingsoft\WPS Office Personal\office6\wpsupdate.exe -from=task
[已启用] \\{3F13E892-D715-4F36-9768-39CA3A6A30E0}
C:\Windows\system32\pcalua.exe -a F:\自由门\directx_redist.exe -d F:\自由门
[已禁用] \360safe\Safebox Startup
C:\Program Files\360Safebox\Launcher.exe /r
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
%windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
%windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
[已禁用] \Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c
[已禁用] \Microsoft\Windows\Location\Notifications
%windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
N/A
[已禁用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已禁用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已禁用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ehDRMInit
%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已禁用] \Microsoft\Windows\Media Center\InstallPlayReady
%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\mcupdate
%SystemRoot%\ehome\mcupdate $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\mcupdate_scheduled
%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\OCURActivate
%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已禁用] \Microsoft\Windows\Media Center\OCURDiscovery
%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\PBDADiscovery
%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
%windir%\ehome\MCUpdate.exe -pscn 0
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
%SystemRoot%\ehome\ehrec /RestartRecording
[已禁用] \Microsoft\Windows\Media Center\RegisterSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ReindexSearchRoot
%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\StartRecording
%SystemRoot%\ehome\ehrec /StartRecording
[已禁用] \Microsoft\Windows\Media Center\UpdateRecordPath
%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
%windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
%SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
N/A
[已禁用] \Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
%windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
N/A
[已禁用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
[已禁用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
"%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
