- 2007-06-28,16:17:46
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <kis><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
- <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
- [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
- <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- ==================================
- 驱动程序
- [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [ialm / ialm][Running/Manual Start]
- <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
- [IdeBusDr / IdeBusDr][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
- [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [npkcrypt / npkcrypt][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
- [npkycryp / npkycryp][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
- <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
- [ZSMC USB PC Camera / ZSMC301b][Running/Manual Start]
- <System32\Drivers\usbVM31b.sys><VM>
- [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
- <system32\drivers\ialmsbw.sys><Intel Corporation>
- [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
- <system32\drivers\ialmkchw.sys><Intel Corporation>
- ==================================
- 浏览器加载项
- [启动迅雷5]
- {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
- [Web反病毒保护]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
- [Messenger]
- {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
- [Windows Live Safety Center Base Module]
- {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [ThunderAtOnce Class]
- {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
- [QuickTime Object]
- {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Program Files\StormII\Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
- [MMCPlayer Class]
- {05C1004E-2596-48E5-8E26-39362985EEB9} <d:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
- [InformationCardSigninHelper Class]
- {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
- [Windows Media Player]
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
- [XML DOM Document]
- {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XSL Template]
- {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
- [HtmlDlgSafeHelper Class]
- {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
- [Tabular Data Control]
- {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
- [QuickTime Object]
- {4063BE15-3B08-470D-A0D5-B37161CFFD69} <d:\Program Files\StormII\Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
- [Thunder Agent Class]
- {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
- [HHCtrl Object]
- {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
- [Shell Name Space]
- {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
- [Windows Live Safety Center Base Module]
- {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
- [PSFactoryBuffer]
- {64AA7031-C150-4118-8D31-FD273A2BB22C} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
- [Microsoft Shell UI Helper]
- {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
- [Windows Media Player]
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [Microsoft Web Browser]
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
- [Windows Live Safety Center Control Module]
- {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
- [GetInfo2 Class]
- {B345F37E-6763-433B-BC53-9B526A9B7B8B} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
- [RDS.DataSpace]
- {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- [AUDIO__MP3 Moniker Class]
- {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [VIDEO__X_MS_WMV Moniker Class]
- {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [RealPlayer G2 Control]
- {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [GetInfo Class]
- {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
- [XML HTTP Request]
- {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
- [Scripting.Dictionary]
- {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
- [Vod Class]
- {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
- [XML DOM Document 3.0]
- {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [Free Threaded XML DOM Document 3.0]
- {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML Schema Cache 3.0]
- {F5078F34-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML HTTP 3.0]
- {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XSL Template 3.0]
- {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML Data Source Object 3.0]
- {F5078F39-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML DOM Document]
- {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
- [Free Threaded XML DOM Document]
- {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML Data Source Object ]
- {F6D90F14-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
- [XML HTTP]
- {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
- [使用迅雷下载]
- <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
- [使用迅雷下载全部链接]
- <, N/A>
- ==================================
- 正在运行的进程
- [PID: 516][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 572][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1496][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 2, 0, 0, 1]
- [C:\WINDOWS\system32\dllMergeDict.dll] [N/A, ]
- [d:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918]
- [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
- [d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
- [PID: 252][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 2, 0, 0, 1]
- [C:\WINDOWS\system32\dllMergeDict.dll] [N/A, ]
- [d:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
- [D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
- [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
- [d:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
- [d:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
- [d:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
- [d:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
- [d:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Windows Live Safety Center\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
- [PID: 2420][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 2, 0, 0, 1]
- [C:\WINDOWS\system32\dllMergeDict.dll] [N/A, ]
- [d:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
- [D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0CF2B25)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0CF2D67)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0CF2F0B)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF0CF2C49)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF0CF2E8F)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |