收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 我的扫描报告。。请大虾看看
返回列表 发新帖
查看: 1517|回复: 8
收起左侧

[已解决] 我的扫描报告。。请大虾看看

 关闭 [复制链接]
victor
发表于 2007-9-7 08:47:56 | 显示全部楼层 |阅读模式
  1. 2007-09-07,08:25:46

  3. System Repair Engineer 2.5.16.900
  4. Smallfrogs (http://www.KZTechs.com)

  6. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

  8. 以下内容被选中:
  9.     所有的启动项目(包括注册表、启动文件夹、服务等)
  10.     浏览器加载项
  11.     正在运行的进程(包括进程模块信息)
  12.     文件关联
  13.     Winsock 提供者
  14.     Autorun.inf
  15.     HOSTS 文件
  16.     进程特权扫描


  19. 启动项目
  20. 注册表
  21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  22.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  23. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  24.     <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  25.     <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  26.     <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
  27.     <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
  28.     <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
  29.     <QlbCtrl><; %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start>  [N/A]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  31.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
  32.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  33.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  35.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
  37.     <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  39.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  41.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  43.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  45.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  47.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  49.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  51.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
  52. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  53.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

  55. ==================================
  56. 启动文件夹
  57. N/A

  59. ==================================
  60. 服务
  61. [AddFiltr / AddFiltr][Stopped/Manual Start]
  62.   <"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"><Hewlett-Packard Development Company, L.P.>
  63. [卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  64.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  65. [hpqwmiex / hpqwmiex][Running/Auto Start]
  66.   <C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>

  68. ==================================
  69. 驱动程序
  70. [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  71.   <system32\drivers\ac97intc.sys><Intel Corporation>
  72. [AliIde / AliIde][Running/Boot Start]
  73.   <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
  74. [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  75.   <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
  76. [Conexant AMC Audio / CAMCAUD][Running/Manual Start]
  77.   <system32\drivers\camc6aud.sys><Conexant Systems Inc.>
  78. [CAMCHALA / CAMCHALA][Running/Manual Start]
  79.   <system32\drivers\camc6hal.sys><Conexant Systems Inc.>
  80. [CmdIde / CmdIde][Running/Boot Start]
  81.   <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
  82. [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  83.   <system32\DRIVERS\e100b325.sys><Intel Corporation>
  84. [eabfiltr / eabfiltr][Running/System Start]
  85.   <system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
  86. [eabusb / eabusb][Stopped/Manual Start]
  87.   <system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
  88. [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  89.   <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
  90. [HBtnKey / HBtnKey][Running/Manual Start]
  91.   <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
  92. [HSFHWICH / HSFHWICH][Running/Manual Start]
  93.   <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
  94. [HSF_DPV / HSF_DPV][Running/Manual Start]
  95.   <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
  96. [ialm / ialm][Running/Manual Start]
  97.   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
  98. [KAVBootC / KAVBootC][Running/Boot Start]
  99.   <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
  100. [kl1 / kl1][Running/Boot Start]
  101.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  102. [klif / klif][Running/System Start]
  103.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  104. [mdmxsdk / mdmxsdk][Running/Auto Start]
  105.   <system32\DRIVERS\mdmxsdk.sys><Conexant>
  106. [npkcrypt / npkcrypt][Stopped/Auto Start]
  107.   <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
  108. [nv / nv][Stopped/Manual Start]
  109.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  110. [PnpWmkDrv / PnpWmkDrv][Running/System Start]
  111.   <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
  112. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  113.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  114. [Secdrv / Secdrv][Stopped/Manual Start]
  115.   <system32\DRIVERS\secdrv.sys><N/A>
  116. [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  117.   <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
  118. [用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  119.   <system32\DRIVERS\w29n51.sys><Intel? Corporation>
  120. [winachsf / winachsf][Running/Manual Start]
  121.   <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

  123. ==================================
  124. 浏览器加载项
  125. [ThunderAtOnce Class]
  126.   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
  127. [Thunder Browser Helper]
  128.   {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  129. [AcroIEHlprObj Class]
  130.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  131. [启动迅雷5]
  132.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
  133. [Web反病毒统计]
  134.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  135. [ThunderAtOnce Class]
  136.   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
  137. [Thunder Browser Helper]
  138.   {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  139. [AcroIEHlprObj Class]
  140.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  141. [Windows Media Player]
  142.   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  143. [IETag Factory]
  144.   {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
  145. [Microsoft Office Control]
  146.   {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
  147. [Thunder Agent Class]
  148.   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
  149. [Shell Name Space]
  150.   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
  151. [XMP Class]
  152.   {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
  153. [XDRM]
  154.   {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
  155. [Windows Media Player]
  156.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  157. [MediaComm Class]
  158.   {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
  159. [Microsoft Web 浏览器]
  160.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
  161. [Thunder Browser Helper]
  162.   {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  163. [RMGetLicense Class]
  164.   {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
  165. [Microsoft Scriptlet Component]
  166.   {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
  167. [SearchAssistantOC]
  168.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  169. [RDS.DataSpace]
  170.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  171. [Shockwave Flash Object]
  172.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  173. [Microsoft Agent Control 2.0]
  174.   {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
  175. [Thunder DapPlayer]
  176.   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.11.17.dll, ShenZhen Thunder Networking Technologies Ltd.>
  177. [XPPlayer Class]
  178.   {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
  179. [使用迅雷下载]
  180.   <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
  181. [使用迅雷下载全部链接]
  182.   <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
  183. [导出到 Microsoft Office Excel(&X)]
  184.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  185. [添加到QQ表情]
  186.   <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

  188. ==================================
  189. 正在运行的进程
  190. [PID: 808 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  191. [PID: 868 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  192. [PID: 892 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  193.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
  194.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  195. [PID: 936 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  196.     [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
  197. [PID: 948 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  198. [PID: 1096 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  199. [PID: 1184 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  200. [PID: 1244 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  201.     [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
  202. [PID: 1380 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  203. [PID: 1496 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  204. [PID: 1924 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
  205.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  206.     [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  207.     [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  208.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  209.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  210.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  211.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  212.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
  213.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
  214.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
  215.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
  216.     [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  217.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
  218.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
  219.     [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.15]
  220.     [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 18]
  221.     [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 11]
  222.     [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 12]
  223.     [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
  224.     [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  225.     [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  226. [PID: 1988 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  227. [PID: 1268 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
  228. [PID: 1056 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.3.8 16Jun06]
  229.     [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.3.8 16Jun06]
  230.     [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.3.8 16Jun06]
  231. [PID: 1568 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  232. [PID: 372 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  233.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  234.     [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
  235.     [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
  236.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
  237.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]

  239. ==================================
  240. 文件关联
  241. .TXT  Error. [C:\WINDOWS\notepad.exe %1]
  242. .EXE  OK. ["%1" %*]
  243. .COM  OK. ["%1" %*]
  244. .PIF  OK. ["%1" %*]
  245. .REG  OK. [regedit.exe "%1"]
  246. .BAT  OK. ["%1" %*]
  247. .SCR  OK. ["%1" /S]
  248. .CHM  Error. ["hh.exe" %1]
  249. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  250. .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
  251. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  252. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  253. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  254. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  256. ==================================
  257. Winsock 提供者
  258. N/A

  260. ==================================
  261. Autorun.inf
  262. N/A

  264. ==================================
  265. HOSTS 文件
  266. 127.0.0.1       localhost
  267. 58.66.176.100    service.52sttv.com

  269. ==================================
  270. 进程特权扫描
  271. 特殊特权被允许: SeLoadDriverPrivilege [PID = 2904, C:\PROGRAM FILES\装机人员工具\抓图软件.EXE]

  273. ==================================
  274. API HOOK
  275. RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  276. RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  277. RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  278. RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
  279. RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

  281. ==================================
  282. 隐藏进程
  283. N/A

  285. ==================================
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

无敌敏敏
发表于 2007-9-7 08:57:49 | 显示全部楼层
API HOOK
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

klif.sys是Kaspersky内核驱动,如果扫描显示成红色,是因为它没有正确丢弃高权限,攻击者由此可以侵入系统底层,利用这个漏洞以系统内核的权限执行任意代码。换句话说,攻击者可能利用这个漏洞把病毒和木马的代码“合法”地变成操作系统的最基础的部分,从而顺利地完成攻击。

[ 本帖最后由 无敌敏敏 于 2007-9-7 08:59 编辑 ]
回复

举报

victor
 楼主| 发表于 2007-9-7 09:01:55 | 显示全部楼层
那怎么修复呢??
请教
回复

举报

无敌敏敏
发表于 2007-9-7 09:12:36 | 显示全部楼层

回复 3楼 victor 的帖子

误报~ 不要修复~
回复

举报

victor
 楼主| 发表于 2007-9-7 09:27:13 | 显示全部楼层

回复 4楼 无敌敏敏 的帖子

是不是  卡吧   引起的呢???
回复

举报

无敌敏敏
发表于 2007-9-7 09:30:16 | 显示全部楼层

回复 5楼 victor 的帖子

Yes~
卡巴的内核驱动~
回复

举报

victor
 楼主| 发表于 2007-9-7 10:01:13 | 显示全部楼层
除了这个,,请问报告中还有别的问题么???
回复

举报

无敌敏敏
发表于 2007-9-7 10:17:30 | 显示全部楼层

回复 7楼 victor 的帖子

文件关联错误:
.CHM  Error. ["hh.exe" %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
回复

举报

victor
 楼主| 发表于 2007-9-7 17:31:21 | 显示全部楼层

回复 8楼 无敌敏敏 的帖子

那么如何解决
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.CHM  Error. ["hh.exe" %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
的问题???
谢谢!
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-21 23:34 , Processed in 0.240375 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表