各位大侠这个是log报告帮忙看看
- 2007-07-11,11:54:33
- System Repair Engineer 2.5.16.900
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
- <Flashget><; C:\PROGRA~1\FLASHGET\Flashget.exe /min> [FlashGet.com]
- <IMJPMIG8.1><; > [N/A]
- <PHIME2002A><; > [N/A]
- <PHIME2002ASync><; > [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
- <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [卡巴斯基反病毒6.0个人版 / AVP][Stopped/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
- [Help and Support / helpsvc][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
- <><N/A>
- ==================================
- 驱动程序
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
- <system32\drivers\ac97intc.sys><Intel Corporation>
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
- <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
- [Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
- <system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
- [HSFHWBS2 / HSFHWBS2][Running/Manual Start]
- <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
- [HSF_DP / HSF_DP][Running/Manual Start]
- <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
- [ialm / ialm][Running/Manual Start]
- <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [mdmxsdk / mdmxsdk][Running/Auto Start]
- <system32\DRIVERS\mdmxsdk.sys><Conexant>
- [nv / nv][Stopped/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [winachsf / winachsf][Running/Manual Start]
- <system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>
- [11575250 / 11575250][Running/]
- <2 - 系统找不到指定的文件。
- ><N/A>
- ==================================
- 浏览器加载项
- [Flashget Catch Url Class]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, [url]www.flashget.com[/url]>
- [gFlash Class]
- {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, >
- [Web反病毒统计]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
- [QQ]
- {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
- [快车]
- {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
- [快车(FlashGet)]
- {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
- [BitComet工具栏]
- {3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, >
- [Flashget Catch Url Class]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, [url]www.flashget.com[/url]>
- [BitComet工具栏]
- {3F1ABCDB-A875-46C1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, >
- [360SafeLive]
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [快车(FlashGet)]
- {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
- [gFlash Class]
- {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, >
- [&使用快车(FlashGet)下载]
- <C:\Program Files\FlashGet\jc_link.htm, N/A>
- [&使用快车(FlashGet)下载全部链接]
- <C:\Program Files\FlashGet\jc_all.htm, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
- [添加到QQ表情]
- <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
- [用QQ彩信发送该图片]
- <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
- [用比特精灵下载(&B)]
- <D:\Program Files\BitSpirit\bsurl.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 556 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 580 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 848 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1092 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1344 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4342]
- [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342]
- [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342]
- [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342]
- [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342]
- [C:\Program Files\FlashGet\fgmgr.dll] [[url]www.flashget.com[/url], 1, 8, 0, 1001]
- [C:\WINDOWS\RichDll.dll] [N/A, ]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\FlashGet\jccatch.dll] [[url]www.flashget.com[/url], 1, 8, 0, 1003]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [PID: 1468 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- [C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 3723, 0]
- [C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
- [C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
- [C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
- [C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
- [PID: 1632 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1768 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 2980 / SYSTEM][C:\WINDOWS\Logo1_.exe] [, 1.0.0.0]
- [PID: 2772 / Administrator][F:\1\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
- [F:\1\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2980, C:\WINDOWS\LOGO1_.EXE]
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |