请高手能帮我看看
- 2007-04-23,22:57:32
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <jiajiasr><D:\news\jiajia\jj4\jiajiasr.exe> [加加工作组]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- <run><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <kis><"D:\shadu\kis\avp.exe"> [Kaspersky Lab]
- <TkBellExe><"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><E:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><D:\shadu\kis\adialhk.dll> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><E:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><E:\WINDOWS\system32\KALEIDO.SCR> [WeiserWare]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
- <"E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
- [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
- <D:\shadu\kis\avp.exe -r><Kaspersky Lab>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <E:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- ==================================
- 驱动程序
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
- <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
- [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
- <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\E:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [npkcrypt / npkcrypt][Running/Auto Start]
- <\??\D:\news\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
- <system32\DRIVERS\snpstd3.sys><>
- [viagfx / viagfx][Running/Manual Start]
- <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
- [ViaIde / ViaIde][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
- [viamraid / viamraid][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
- [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
- <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
- ==================================
- 浏览器加载项
- N/A
- ==================================
- 正在运行的进程
- [PID: 604][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 684][\??\E:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 708][\??\E:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [E:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
- [E:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
- [E:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 752][E:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 764][E:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 924][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1008][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1112][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [D:\shadu\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 1856][E:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [E:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
- [E:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [E:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [D:\shadu\kis\shellex.dll] [Kaspersky Lab, 6.0.0.299]
- [D:\shadu\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 940][E:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
- [E:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
- [PID: 948][D:\news\jiajia\jj4\jiajiasr.exe] [加加工作组, 4, 1, 0, 47]
- [E:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
- [PID: 2316][E:\DOCUME~1\专用\LOCALS~1\Temp\Rar$EX00.375\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [E:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 48]
- [D:\shadu\kis\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["E:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5BFAB25)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5BFAD67)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5BFAF0B)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5BFAC49)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF5BFAE8F)
- ==================================
- 隐藏进程
- N/A
- ==================================
|
[复制链接]
发表于 2007-4-23 23:08:44
