- 2007-07-12,20:27:37
- System Repair Engineer 2.5.16.900
- Smallfrogs (http://www.KZTechs.com)
- Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 启动项目
- 注册表
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
- <Userinit><C:\WINNT\System32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]
- <{0CD68AC9-FF63-3E61-626B-B663E62F6236}><> [N/A]
- <{36CD708B-6077-4C02-9377-D73EAA495A0F}><C:\WINNT\WinHttp.dll> [Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <DVDBurn><> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
- <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
- <CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmxpbpl.exe]
- <IFEO[cmxpbpl.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cyqttve.exe]
- <IFEO[cyqttve.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmecvcm.exe]
- <IFEO[dmecvcm.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtstorp.exe]
- <IFEO[dtstorp.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egclmvo.exe]
- <IFEO[egclmvo.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gnkjkrl.exe]
- <IFEO[gnkjkrl.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haqeyfy.exe]
- <IFEO[haqeyfy.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iywdqdf.exe]
- <IFEO[iywdqdf.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kocmbcd.exe]
- <IFEO[kocmbcd.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnmwiid.exe]
- <IFEO[lnmwiid.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\meex.com]
- <IFEO[meex.com]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nqgphqd.exe]
- <IFEO[nqgphqd.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oduxyym.exe]
- <IFEO[oduxyym.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ouvjwsc.exe]
- <IFEO[ouvjwsc.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe]
- <IFEO[rmwaccq.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suvtufx.exe]
- <IFEO[suvtufx.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udnnnvq.exe]
- <IFEO[udnnnvq.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vlskjgs.exe]
- <IFEO[vlskjgs.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wocfiba.exe]
- <IFEO[wocfiba.exe]><NoVirus> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe]
- <IFEO[wojhadp.exe]><NoVirus> [N/A]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><C:\WINNT\system32\sspipes.scr> [(Verified)Microsoft Windows 2000 Publisher]
- ==================================
- 启动文件夹
- [Kaspersky Anti-Hacker]
- <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Kaspersky Anti-Hacker.lnk --> C:\PROGRA~1\KASPER~1\KASPER~2\KAVPF.exe [Kaspersky Lab]><N>
- ==================================
- 服务
- [438F4BE6 / 438F4BE6][Stopped/Auto Start]
- <C:\WINNT\system32\9A313E6B.EXE -k><Microsoft Corporation>
- [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
- <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
- [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Running/Auto Start]
- <C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
- [kavsvc / kavsvc][Running/Manual Start]
- <"C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe"><Steganos GmbH>
- [ll_reg / ll_reg][Stopped/Auto Start]
- <Rundll32.exe Task688.dll ondll_server><Microsoft Corporation>
- [NetMeeting Remote Desktop (RPC) Sharing / NetMeeting Remote Desktop (RPC) Sharing][Stopped/Auto Start]
- <Rundll32.exe Task688.dll ondll_server><Microsoft Corporation>
- [PC Tools Spyware Doctor / SDhelper][Running/Auto Start]
- <D:\Program Files\Spyware Doctor\sdhelp.exe><PC Tools Research Pty Ltd>
- [VKTServ / VKTServ][Stopped/Auto Start]
- <><N/A>
- [Network Provisioning Stop / xmlpro][Stopped/Auto Start]
- <C:\WINNT\system32\Lysvr.exe -run><N/A>
- ==================================
- 驱动程序
- [dmboot / dmboot][Stopped/Disabled]
- <System32\drivers\dmboot.sys><VERITAS Software Corp.>
- [Logical Disk Manager Driver / dmio][Running/Boot Start]
- <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
- [dmload / dmload][Running/Boot Start]
- <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
- [ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver][Running/System Start]
- <\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
- [i81x / i81x][Running/Manual Start]
- <System32\DRIVERS\i81xnt5.sys><Intel Corporation>
- [File Security Kernel Anti-Spyware Driver / ikhfile][Running/System Start]
- <system32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
- [Kernel Anti-Spyware Driver / ikhlayer][Running/System Start]
- <system32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
- [Kl1 / Kl1][Running/Boot Start]
- <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
- [Klif / Klif][Running/System Start]
- <System32\drivers\klif.sys><Kaspersky Labs>
- [Klmc / Klmc][Running/System Start]
- <System32\drivers\klmc.sys><Kaspersky Lab>
- [Klpf / Klpf][Running/Boot Start]
- <\SystemRoot\System32\drivers\Klpf.sys><KL>
- [Klpid / Klpid][Running/Boot Start]
- <\SystemRoot\System32\drivers\Klpid.sys><KL>
- [Netgroup Packet Filter / NPF][Stopped/Manual Start]
- <system32\DRIVERS\npf.sys><CACE Technologies>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
- <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
- [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
- <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Spy Emergency Driver / SpyEmrg][Stopped/System Start]
- <System32\Drivers\spyemrg.sys><N/A>
- [TNE0260 Data Broadcasting Adapter / TNE0260][Running/Manual Start]
- <System32\DRIVERS\TNE0260.sys><Tsinghua Novel Corporation>
- [TSP / TSP][Stopped/Manual Start]
- <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Labs>
- ==================================
- 浏览器加载项
- [启动迅雷5]
- {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
- [PCTools Browser Monitor]
- {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <, N/A>
- [快车]
- {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\A 实用工具\下载工具\FlashGet182\flashget.exe, FlashGet.com>
- [电台(&R)]
- {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
- [FGCatchUrl]
- {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, N/A>
- [&使用快车(FlashGet)下载]
- <D:\A 实用工具\下载工具\FlashGet182\jc_link.htm, N/A>
- [&使用快车(FlashGet)下载全部链接]
- <D:\A 实用工具\下载工具\FlashGet182\jc_all.htm, N/A>
- [使用迅雷下载]
- <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
- [使用迅雷下载全部链接]
- <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 188][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
- [PID: 216][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
- [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 264][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
- [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 276][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 452][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 476][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7013]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 524][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
- [C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
- [C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
- [C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
- [C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
- [PID: 544][C:\Program Files\ewido anti-spyware 4.0\guard.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
- [C:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 792][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
- [C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
- [C:\WINNT\system32\2F58038F.DLL] [N/A, ]
- [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
- [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
- [C:\Program Files\Steganos AntiVirus 2006\scrchpg.dll] [Steganos GmbH, 5.0.1.18]
- [C:\Program Files\Steganos AntiVirus 2006\scrch_ag.dll] [Steganos GmbH, 8.5.0.1]
- [C:\Program Files\Steganos AntiVirus 2006\FSSync.dll] [Steganos GmbH, 8.5.0.0]
- [C:\Program Files\Steganos AntiVirus 2006\pr_rmt.dll] [Steganos GmbH, 8.5.0.390]
- [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
- [C:\Program Files\Steganos AntiVirus 2006\ccclient.dll] [Steganos GmbH, 8.5.0.1]
- [C:\Program Files\Steganos AntiVirus 2006\klipc.dll] [Steganos GmbH, 8.5.0.390]
- [C:\Program Files\Steganos AntiVirus 2006\KLUtil.dll] [Steganos GmbH, 8.5.0.1]
- [C:\Program Files\Steganos AntiVirus 2006\rpt.dll] [Steganos GmbH, 8.5.0.2]
- [C:\Program Files\Steganos AntiVirus 2006\CCIFACE.dll] [Steganos GmbH, 8.5.0.1]
- [C:\Program Files\Steganos AntiVirus 2006\prloader.dll] [Steganos GmbH, 8.5.0.390]
- [C:\Program Files\Steganos AntiVirus 2006\prkernel.ppl] [Kaspersky Lab, 5.0.390.0]
- [c:\program files\steganos antivirus 2006\prstring.ppl] [Kaspersky Lab, 5.0.390.0]
- [c:\program files\steganos antivirus 2006\pr_srv.ppl] [Kaspersky Lab, 5.0.390.0]
- [c:\program files\steganos antivirus 2006\pr_clnt.ppl] [Kaspersky Lab, 5.0.390.0]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [D:\Program Files\Spy Emergency 2006\SpyEmergencyExt.dll] [NETGATE Technologies s.r.o., 3, 0, 325, 0]
- [C:\Program Files\Steganos AntiVirus 2006\shellex.dll] [Steganos GmbH, 8.5.0.1]
- [C:\Program Files\ewido anti-spyware 4.0\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
- [PID: 880][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] [Kaspersky Lab, 1.9.0.37]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] [BCGSoft Ltd, 5, 84, 0, 0]
- [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] [Kaspersky 实验室, 1.5.0.0]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 304][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 952][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 956][D:\Program Files\Spyware Doctor\sdhelp.exe] [PC Tools Research Pty Ltd, 3.6.0.2026]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 1024][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 1132][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [PID: 1732][D:\A 实用工具\系统设置\System Repair Engineer 2.5.16.900\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
- [D:\Program Files\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
- [D:\A 实用工具\系统设置\System Repair Engineer 2.5.16.900\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP Error. [winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 202.100.96.68
- 127.0.0.1 202.96.64.84
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 544, C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE]
- 特殊特权被允许: SeSystemtimePrivilege [PID = 544, C:\PROGRAM FILES\EWIDO ANTI-SPYWARE 4.0\GUARD.EXE]
- 特殊特权被允许: SeSystemtimePrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 880, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-HACKER\KAVPF.EXE]
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
- RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
- RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
- RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
- 入口点错误:FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00000B)
- ==================================
- 隐藏进程
- [1517] C:\Program Files\Steganos AntiVirus 2006\kav.exe
- [1533] C:\Program Files\Steganos AntiVirus 2006\kavsvc.exe
- ==================================
复制代码 |