- 2007-04-07,08:45:35
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <win><C:\WINDOWS\Temp\serlass.exe> []
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <run><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <NvCplDaemon><RUNDLL32.EXE 是这一个行要在安全模式注册表下删除吗? C:\windows\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
- <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
- <SyGateManager><C:\Program Files\SyGate\SHN\Sygate.exe> [赛格特(Sygate)技术有限公司]
- <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
- <Vistadrv><C:\WINDOWS\Vista\systool\Vistadrive\vsdrv.exe> []
- <Zone Labs Client><C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe> [(Verified)Check Point Software Technologies Inc.]
- <硬盘空间状态><C:\windows\Vista\systool\Vistadrive\vsdrv.exe> []
- <鼠标点击特效><C:\windows\Vista\systool\UberIcon\UberIcon Manager.exe> []
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)]
- <Userinit><C:\windows\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WPDShServiceObj><C:\windows\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
- <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [(Verified)System Safety Limited]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\themeui]
- <WinlogonNotify: themeui><cryptsvc.dIl> []
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><C:\WINDOWS\system32\夜光时钟.SCR> []
- ==================================
- 启动文件夹
- [cmd]
- <C:\Documents and Settings\yang_aimin2000\「开始」菜单\程序\启动\cmd.lnk --> C:\WINDOWS\Temp\serlass.exe [N/A]><N>
- [RegVac]
- <C:\Documents and Settings\yang_aimin2000\「开始」菜单\程序\启动\RegVac.lnk --> C:\PROGRA~1\RegVac\regvac.exe [N/A]><N>
- ==================================
- 服务
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
- [卡巴斯基反病毒 6.0 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
- [ Cryptographic Server / CryptographicServer][Stopped/Auto Start]
- <><N/A>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
- <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
- [IEAgent service / IEAgent][Stopped/Auto Start]
- <"C:\windows\system32\ieagent.exe"><>
- [StarWind iSCSI Service / StarWindService][Running/Auto Start]
- <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
- [TrueVector Internet Monitor / vsmon][Running/Auto Start]
- <C:\WINDOWS\system32\ZONELABS\vsmon.exe -service><Zone Labs, LLC>
- ==================================
- 驱动程序
- [100133 / 100133][Stopped/Boot Start]
- <\SystemRoot\System32\drivers\100133.sys><N/A>
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
- <system32\drivers\ac97intc.sys><Intel Corporation>
- [AliIde / AliIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
- [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
- <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [bzusyn2 / bzusyn25][Stopped/Boot Start]
- <\SystemRoot\System32\DRIVERS\bzusyn25.sys><N/A>
- [ccefchhg / ccefchhg][Stopped/Boot Start]
- <\SystemRoot\system32\drivers\ccefchhg.sys><N/A>
- [CmdIde / CmdIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
- [C-Media WDM Audio Interface / cmuda][Running/Manual Start]
- <system32\drivers\cmuda.sys><C-Media Inc>
- [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
- <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
- [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
- <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
- [iycown3 / iycown37][Stopped/Boot Start]
- <\SystemRoot\System32\DRIVERS\iycown37.sys><N/A>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\windows\system32\drivers\klif.sys><Kaspersky Lab>
- [mmelhn3 / mmelhn36][Stopped/Boot Start]
- <\SystemRoot\System32\DRIVERS\mmelhn36.sys><N/A>
- [npkcrypt / npkcrypt][Running/Auto Start]
- <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
- <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
- [System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
- <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
- [sdetnv6 / sdetnv63][Stopped/Disabled]
- <System32\DRIVERS\sdetnv63.sys><N/A>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [sptd / sptd][Running/Boot Start]
- <\SystemRoot\System32\Drivers\sptd.sys><N/A>
- [TAP-Win32 Adapter V8 / tap0801][Running/Manual Start]
- <system32\DRIVERS\tap0801.sys><The OpenVPN Project>
- [TSP / TSP][Stopped/Manual Start]
- <\??\C:\windows\system32\drivers\klif.sys><Kaspersky Lab>
- [usb8028 / usb8028][Running/System Start]
- <system32\drivers\usb8028.sys><N/A>
- [usb8028x / usb8028x][Running/System Start]
- <system32\drivers\usb8028x.sys><Windows System Internal>
- [vaxDLb / vaxDLb][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\vaxDLb.sys><>
- [vaxDLs / vaxDLs][Running/Boot Start]
- <\SystemRoot\System32\Drivers\vaxDLs.sys><>
- [ViaIde / ViaIde][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
- [Virtual PC Application Services / VPCAppSv][Running/Auto Start]
- <system32\DRIVERS\VPCAppSv.sys><Connectix Corporation>
- [vsdatant / vsdatant][Running/System Start]
- <System32\vsdatant.sys><Zone Labs, LLC>
- [SyGate for NT, WG1N / WG1N][Running/Auto Start]
- <\SystemRoot\SYSTEM32\Drivers\WG1N.sys><Sygate Technologies, Inc.>
- [SyGate for NT, WG2N / WG2N][Running/Auto Start]
- <\SystemRoot\SYSTEM32\Drivers\WG2N.sys><Sygate Technologies, Inc.>
- [SyGate for NT, wg4n / wg4n][Running/Auto Start]
- <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
- [SyGate for NT, wg5n / wg5n][Running/Auto Start]
- <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
- [SyGate for NT, wg6n / wg6n][Running/Auto Start]
- <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
- [SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start]
- <\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys><N/A>
- ==================================
- 浏览器加载项
- [快速搜索]
- {BF5DC4AE-258C-43d5-9D80-1F7ACD734DD8} <C:\WINDOWS\Temp\sjbbx.exe, N/A>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [上传到QQ网络硬盘]
- <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
- [使用迅雷下载]
- <, N/A>
- [使用迅雷下载全部链接]
- <, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
- [添加到QQ表情]
- <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
- [用QQ彩信发送该图片]
- <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
- [访问通用网址]
- <, N/A>
- ==================================
- 正在运行的进程
- [PID: 1000][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 692][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\windows\system32\WBJJU.IME] [北京六合源软件技术有限公司, 2, 8, 1, 0]
- [C:\windows\system32\WbCodeU.dll] [, 2, 8, 1, 0]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
- [C:\windows\Vista\systool\UberIcon\UberIcon.dll] [N/A, ]
- [PID: 572][C:\Program Files\SyGate\SHN\Sygate.exe] [赛格特(Sygate)技术有限公司, 4.5.850.1]
- [C:\Program Files\SyGate\SHN\AREdt.dll] [, 1, 0, 0, 1]
- [C:\Program Files\Opera\Opera.dll] [Opera Software, 8746]
- [C:\windows\Vista\systool\UberIcon\UberIcon.dll] [N/A, ]
- [C:\windows\system32\WBJJU.IME] [北京六合源软件技术有限公司, 2, 8, 1, 0]
- [C:\windows\system32\WbCodeU.dll] [, 2, 8, 1, 0]
- [PID: 2780][E:\TDDownload\软件\清洁类\WINDOWS 清理助手\WINDOWS 清理助手\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\windows\Vista\systool\UberIcon\UberIcon.dll] [N/A, ]
- [C:\windows\system32\WBJJU.IME] [北京六合源软件技术有限公司, 2, 8, 1, 0]
- [C:\windows\system32\WbCodeU.dll] [, 2, 8, 1, 0]
- [C:\windows\Vista\systool\UberIcon\UberIcon.dll] [N/A, ]
- [C:\windows\system32\WBJJU.IME] [北京六合源软件技术有限公司, 2, 8, 1, 0]
- [C:\windows\system32\WbCodeU.dll] [, 2, 8, 1, 0]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\windows\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- N/A
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7CE0AF0)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7CE0CD0)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7CE0E30)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7CE0BE0)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF7CE0DE0)
- ==================================
- 隐藏进程
- N/A
- ==================================
[ 本帖最后由 我不告诉你 于 2007-4-7 10:28 编辑 ] |
发表于 2007-4-6 15:58:27
楼主
