- 2007-05-22,19:48:23
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <P2kAutostart><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
- <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
- <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- ==================================
- 启动文件夹
- [Kaspersky Anti-Hacker]
- <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Kaspersky Anti-Hacker.lnk --> C:\PROGRA~1\KASPER~1\KASPER~1\KAVPF.exe [Kaspersky Lab]><N>
- ==================================
- 服务
- [Alertera / Alertera][Stopped/Auto Start]
- <C:\WINDOWS\Alertera.exe><N/A>
- [Application Layer Gateway Serv / Application Layer Gateway Serv][Stopped/Auto Start]
- <><N/A>
- [AutoComplete Service / Autocomplete][Stopped/Manual Start]
- <d:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe><Acesoft>
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <C:\Program Files\avgas\avgas\guard.exe><Anti-Malware Development a.s.>
- [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
- [Gray_Pigeon_Server1.2 / GrayPigeonServer1.2][Stopped/Auto Start]
- <><N/A>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [iPod 服务 / iPod Service][Stopped/Manual Start]
- <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
- [Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
- <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
- [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
- <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>
- ==================================
- 驱动程序
- [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\C:\Program Files\avgas\avgas\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [Cdsys / Cdsys][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
- [GEARAspiWDM / GEARAspiWDM][Stopped/Manual Start]
- <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [KLIF / KLIF][Running/System Start]
- <System32\drivers\klif.sys><Kaspersky Lab>
- [Klpf / Klpf][Running/Boot Start]
- <\SystemRoot\System32\drivers\Klpf.sys><KL>
- [Klpid / Klpid][Running/Boot Start]
- <\SystemRoot\System32\drivers\Klpid.sys><KL>
- [Digital Audio Player Driver / Mp3Drv][Stopped/Manual Start]
- <System32\Drivers\Mp3Drv.sys><TGE, Ltd.>
- [npkcrypt / npkcrypt][Running/Auto Start]
- <\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Motorola USB Device / P2k][Stopped/Manual Start]
- <system32\DRIVERS\P2k.sys><Motorola Inc>
- [Padus ASPI Shell / pfc][Stopped/Manual Start]
- <system32\drivers\pfc.sys><Padus, Inc.>
- [PNP28349 / PNP28349][Running/Boot Start]
- <\SystemRoot\system32\Drivers\pnp28317.sys><Anti Driver>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [PxHelp20 / PxHelp20][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [MS3303H2 Serial port driver / Ser2pl][Stopped/Manual Start]
- <system32\DRIVERS\ser2pl.sys><MS3303H>
- [sptd / sptd][Running/Boot Start]
- <\SystemRoot\System32\Drivers\sptd.sys><N/A>
- [StScsi / StScsi][Stopped/Manual Start]
- <system32\DRIVERS\StScsi.sys><TGE, Ltd.>
- [TSP / TSP][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [vaxscsi / vaxscsi][Stopped/Manual Start]
- <\SystemRoot\System32\Drivers\vaxscsi.sys><Alcohol Soft Co., Ltd.>
- [ViaIde / ViaIde][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
- [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
- <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
- [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
- <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
- [zmwaptge / zmwaptge][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\zmwaptge.sys><Yahoo! China Corporation>
- ==================================
- 浏览器加载项
- [IeCatch5 Class]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <d:\Program Files\FlashGet\Jccatch.dll, FlashGet>
- [FlashGet Bar]
- {E0E899AB-F487-11D5-8D29-0050BA6940E3} <d:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
- [金山快译(&K)]
- {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
- [PasswordEditCtrl Class]
- {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
- [Windows Media Player]
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
- [IeCatch5 Class]
- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <d:\Program Files\FlashGet\Jccatch.dll, FlashGet>
- [金山快译(&K)]
- {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [FlashGet Bar]
- {E0E899AB-F487-11D5-8D29-0050BA6940E3} <d:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
- [上传到QQ网络硬盘]
- <, N/A>
- [使用网际快车下载]
- <D:\Program Files\FlashGet\jc_link.htm, N/A>
- [使用网际快车下载全部链接]
- <D:\Program Files\FlashGet\jc_all.htm, N/A>
- [添加到QQ自定义面板]
- <, N/A>
- [添加到QQ表情]
- <, N/A>
- [用QQ彩信发送该图片]
- <, N/A>
- ==================================
- 正在运行的进程
- [PID: 552][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 612][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 636][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 680][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 692][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 848][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 968][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1432][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [d:\Program Files\FlashGet\Jccatch.dll] [FlashGet, 1, 1, 5, 0]
- [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
- [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9371]
- [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9371]
- [C:\WINDOWS\system32\nvapi.dll] [N/A, ]
- [C:\WINDOWS\system32\nvshell.dll] [, ]
- [PID: 1836][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
- [PID: 1872][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1964][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] [Kaspersky Lab, 1.9.0.37]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] [BCGSoft Ltd, 5, 84, 0, 0]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] [Kaspersky 实验室, 1.5.0.0]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] [Kaspersky Lab, 5.0.201.1]
- [PID: 768][D:\工具\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- N/A
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF69F4B25)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF69F4D67)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF69F4F0B)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF69F4C49)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF69F4E8F)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
麻烦个位大大帮小弟看看,被这个病毒郁闷惨了,安全模式下面扫不出来,正常进入系统就有了 |