瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求看扫描日志 看见这个了: shellExecutehooks 我中的是什么病毒和木马啊

1   1  /  1  页   跳转

[求助] 求看扫描日志 看见这个了: shellExecutehooks 我中的是什么病毒和木马啊

收藏
叶落封心
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-10-25
  • 来自:
发表于: 2009-08-17 21:48 | 显示全部 短消息 资料
字号: 1楼

求看扫描日志 看见这个了: shellExecutehooks 我中的是什么病毒和木马啊

[code]2009-08-17,23:13:43
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    API HOOK
    Hidden Process

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <QQ2009><"C:\Program Files\Tencent\QQ\Bin\QQ.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <FlashGet 3><"C:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe" -minimize>  [(Verified)Trend Media Corporation Limited]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><"C:\Program Files\360\360Safe\safemon\360tray.exe" /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{E3531A16-FFEA-416F-82DF-32FEDE02EABF}><C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
    <Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
==================================
Startup Folders
N/A
==================================
Services
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
==================================
Drivers
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[Ambfilt / Ambfilt][Stopped/Manual Start]
  <system32\drivers\Ambfilt.sys><Creative>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BFSDRV / BFSDRV][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Monfilt / Monfilt][Stopped/Manual Start]
  <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
==================================
Browser Add-ons
[FlashGetBHO]
  {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, (Signed) Macromedia, Inc.>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[IFlashGetNetscapeEx Class]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[JetCarNetscape Class]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[]
  {9701758C-4373-482E-B13C-776C048EC890} <, >
[]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <, >
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[FlashGetBHO]
  {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, (Signed) Macromedia, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用快车3下载]
  <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\GetUrl.htm, N/A>
[使用快车3下载全部链接]
  <C:\Documents and Settings\yvonne\Application Data\FlashGetBHO\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm, N/A>
==================================

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
分享到:
gototop
 
叶落封心
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-10-25
  • 来自:
发表于: 2009-08-17 21:49 | 显示全部 短消息 资料
字号: 2楼

回复: 求看扫描日志 看见这个了: shellExecutehooks 我中的是什么病毒和木马啊

Running Processes
[PID: 632 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4224]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2553]
[PID: 956 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1040 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1144 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
[PID: 1268 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1340 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1444 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4224]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2553]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4178]
[PID: 1516 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1896 / yvonne][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 2040 / yvonne][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
[PID: 120 / yvonne][C:\Program Files\Tencent\QQ\Bin\QQ.exe]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\Common.dll]  [Tencent, 1, 26, 760, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Tencent\QQ\Bin\KernelUtil.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\GF.dll]  [Tencent, 1, 26, 760, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\Bin\AppMisc.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\AppUtil.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\ChatFrame.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\ConfigCenter.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\CustomFace.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\IM.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\KernelMisc.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\LongCnn.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\ContactInfoFrame.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\MsgMgr.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\SkinMgr.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\QInterLive.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\AppCtrl.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\SystemMsg.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Soso\Bin\Soso.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Weather\Bin\Weather.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.taotao\Bin\Taotao.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\MainFrame.dll]  [Tencent, 1, 26, 760, 0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\Tencent\QQ\Bin\TaskTray.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll]  [Tencent, 1.1.1.6]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL]  [Tencent, 1.1.1.3]
    [C:\Program Files\Tencent\QQ\Bin\BasicCtrlDll.dll]  [TENCENT, 8,0,773,1801]
    [C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll]  [Tencent, 1.26.1.26]
    [C:\WINDOWS\system32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.NetBar\Bin\NetBar.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.crm\Bin\CRM.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.mail\Bin\Mail.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\InformationBox.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\GroupApp.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qbar\Bin\QBar.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.memo\Bin\Memo.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.today\Bin\Today.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.remotehelp\Bin\RemoteHelp.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\VqqAllInOne.dll]  [Tencent, 2, 3, 0, 11]
    [C:\Program Files\Tencent\QQ\Bin\vqqConv.dll]  [ , 2, 3, 0, 11]
    [C:\Program Files\Tencent\QQ\Bin\VQQTrace.dll]  [ , 2, 3, 0, 11]
    [C:\Program Files\Tencent\QQ\Bin\VideoDevice.dll]  [Tencent, 2, 3, 0, 11]
    [C:\Program Files\Tencent\QQ\Bin\audioengine.dll]  [TENCENT, 2, 3, 0, 11]
    [C:\Program Files\Tencent\QQ\Bin\GIPSVoiceEngineDLL.dll]  [Global IP Solutions, 2, 6, 0, 0]
    [C:\Program Files\Tencent\QQ\Bin\appcom.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Plugin\com.tencent.winks\Bin\Winks.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\Camera.dll]  [Tencent, 1, 26, 760, 0]
    [C:\Program Files\Tencent\QQ\Bin\SCCore.dll]  [Tencent, 1, 7, 1, 6]
    [C:\Program Files\Tencent\QQ\Bin\AddrSearch.dll]  [Tencent, 2, 3, 10, 12]
[PID: 256 / yvonne][C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe]  [Tencent, 1, 26, 760, 0]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll]  [N/A, ]
[PID: 1112 / SYSTEM][C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[PID: 1608 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
[PID: 2224 / yvonne][C:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
[PID: 2440 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3932 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 160 / yvonne][E:\装机软件\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 2236 / yvonne][E:\装机软件\sreng2\SRE6697d61c.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
    [E:\装机软件\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
==================================
File Associations
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1      localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeDebugPrivilege [PID = 160, E:\装机软件\SRENG2\SRENGLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 160, E:\装机软件\SRENG2\SRENGLDR.EXE]
==================================
Scheduled Tasks
[Enabled] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\423~1.281\PinyinRepair.exe
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================[/code]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT