报告来了:
- 2007-06-10,16:11:42
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- <run><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
- <AVPSrv><C:\WINDOWS\AVPSrv.exe> [N/A]
- <!AVG Anti-Spyware><"D:\安装软件\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\安装软件\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <alpha><; %windir%\temp\2.vbs> [N/A]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <eMuleAutoStart><; D:\软件\电驴\eMule\emule.exe -AutoStart> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [N/A]
- <hxgame><; C:\Program Files\\hxupdate\\hxgame-update.exe> [N/A]
- <hxgame-update><; C:\Program Files\hxupdate\hxgame-update.exe> [N/A]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <iexplore><; C:\Progra~1\Eset\iexplore.exe> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
- <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
- <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <nwiz><; nwiz.exe /install> [NVIDIA Corporation]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <q75jwcb><; C:\DOCUME~1\user\LOCALS~1\Temp\c0nime.exe> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <StormCodec_Helper><; "C:\Documents and Settings\user\My Documents\Storm Codec\StormSet.exe" /S /opti> []
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <wcmdmgr><; C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch> [WildTangent, Inc.]
- <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [N/A]
- <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <D:\安装软件\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
- [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
- [CAC03559 / CAC03559][Stopped/Auto Start]
- <C:\WINDOWS\system32\8F2DA66B.EXE -d><Microsoft Corporation>
- [Google Updater Service / gusvc][Stopped/Manual Start]
- <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
- <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
- [Windows zjqq RunThem / zjqq][Running/Auto Start]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\uell\eovv.dll>< >
- ==================================
- 驱动程序
- [ababpc / ababpc][Running/Boot Start]
- <\SystemRoot\system32\drivers\ababpc.sys><N/A>
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [AliIde / AliIde][Stopped/Boot Start]
- <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\D:\安装软件\AVG Anti-Spyware 7.5\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [CmdIde / CmdIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
- [cpuz / cpuz][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\cpuz.sys><N/A>
- [dfngie / dfngie][Stopped/Auto Start]
- <\??\C:\WINDOWS\system32\drivers\dfngie.sys><N/A>
- [dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
- [EagleNT / EagleNT][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
- [eptob / eptobc][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\eptobc.sys><N/A>
- [gwiopm / gwiopm][Stopped/Manual Start]
- <\??\C:\Program Files\Wom\gwiopm.sys><N/A>
- [IsDrv120 / IsDrv120][Running/Boot Start]
- <2 - 系统找不到指定的文件。
- ><N/A>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [kmsinput / kmsinput][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
- [MegaIDE / MegaIDE][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
- [npkcrypt / npkcrypt][Running/Auto Start]
- <\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
- [npkcusb / npkcusb][Running/Manual Start]
- <\??\D:\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [NVIDIA Disk Cache Filter Driver / nvcchflt][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
- [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
- <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
- [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
- <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
- [NVIDIA nForce(tm) RAID Class Driver / nvraid][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [R2A / R2A][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32a2.sys><N/A>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
- <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
- [veadl / veadlf][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\veadlf.sys><N/A>
- [ViaIde / ViaIde][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
- ==================================
- 浏览器加载项
- [Thunder Browser Helper]
- {0005A87B-D626-4B3A-84F9-1D9571695F55} <D:\安装软件\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
- [ThunderIEHelper Class]
- {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
- [QQBrowserHelperObject Class]
- {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [Google Toolbar Helper]
- {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
- [ff Class]
- {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\c131.dll, TODO: <公司名>>
- [启动迅雷5]
- {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\软件\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
- [扑克]
- {12341234-1234-5678-9012-123456789012} <, N/A>
- [Web Anti-Virus]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
- [豪杰超级解霸V8]
- {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, herosoft>
- [JUJU猫]
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.jujumao.net[/url], N/A>
- [QQ]
- {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\QQ\QQ.EXE, TENCENT>
- [QQIEFloatBarCfgCmd Class]
- {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [Messenger]
- {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
- [&Google]
- {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [Thunder Browser Helper]
- {0005A87B-D626-4B3A-84F9-1D9571695F55} <D:\安装软件\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
- [ThunderIEHelper Class]
- {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
- [QQBrowserHelperObject Class]
- {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
- [Active Desktop Mover]
- {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
- [Google Toolbar Helper]
- {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
- [ff Class]
- {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\c131.dll, TODO: <公司名>>
- [&使用迅雷下载]
- <D:\安装软件\迅雷\Program\geturl.htm, N/A>
- [&使用迅雷下载全部链接]
- <D:\安装软件\迅雷\Program\getallurl.htm, N/A>
- [上传到QQ网络硬盘]
- <D:\Tencent\QQ\AddToNetDisk.htm, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <D:\Tencent\QQ\AddPanel.htm, N/A>
- [添加到QQ表情]
- <D:\Tencent\QQ\AddEmotion.htm, N/A>
- [用QQ彩信发送该图片]
- <D:\Tencent\QQ\SendMMS.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 612][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 700][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 724][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 776][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 788][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 940][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 988][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1084][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1200][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1256][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1592][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [D:\安装软件\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
- [C:\WINDOWS\system32\veadlf.dll] [N/A, ]
- [C:\WINDOWS\system32\eptobc.dll] [N/A, ]
- [c:\progra~1\uell\hryy.dll] [, 5, 0, 0, 4]
- [c:\progra~1\uell\mwdd.dll] [ , 5, 0, 0, 4]
- [C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.10035]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [D:\安装软件\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
- [C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1852][D:\安装软件\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
- [D:\安装软件\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
- [c:\progra~1\uell\hryy.dll] [, 5, 0, 0, 4]
- [c:\progra~1\uell\mwdd.dll] [ , 5, 0, 0, 4]
- [PID: 1864][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 3560][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\3c1.dll] [ , 1, 0, 0, 3]
- [c:\progra~1\uell\hryy.dll] [, 5, 0, 0, 4]
- [c:\progra~1\uell\mwdd.dll] [ , 5, 0, 0, 4]
- [PID: 3840][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.078\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [c:\progra~1\uell\hryy.dll] [, 5, 0, 0, 4]
- [c:\progra~1\uell\mwdd.dll] [ , 5, 0, 0, 4]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP Error. [winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- N/A
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5440B25)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5440D67)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5440F0B)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5440C49)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF5440E8F)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |