- 2007-06-24,20:59:39
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
- <CalSprite><C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe> [SnowFox Studio.]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab]
- <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\FireWall\pfw.exe> [广州众达天网技术有限公司]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
- <UIHost><C:\WINDOWS\system32\XPSTYLE_ThemePackage\Logonui.exe> [Microsoft Corporation]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><F:\eWido\shellexecutehook.dll> [(Verified)GRISOFT LTD]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
- <F:\eWido\guard.exe><GRISOFT s.r.o.>
- [卡巴斯基互联网安全套装 7.0 / AVP][Stopped/Auto Start]
- <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
- <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
- [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
- <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
- ==================================
- 驱动程序
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
- <\??\F:\eWido\guard.sys><N/A>
- [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
- <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
- [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
- <system32\DRIVERS\klim5.sys><Kaspersky Lab>
- [npkcrypt / npkcrypt][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
- [npkycryp / npkycryp][Stopped/Manual Start]
- <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
- [nv / nv][Running/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- [SKNFW / SKNFW][Running/System Start]
- <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
- [SkyProcs / SkyProcs][Running/Manual Start]
- <\??\C:\PROGRA~1\SkyNet\FireWall\SkyProcs.sys><N/A>
- [viamraid / viamraid][Running/Boot Start]
- <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
- [NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonwxp][Running/Manual Start]
- <system32\DRIVERS\yukonwxp.sys><Marvell Semiconductor Inc.>
- ==================================
- 浏览器加载项
- [QQCycloneHelper Class]
- {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQ包\QQDownload\QQIEHelper01.dll, 腾讯公司>
- [超级兔子上网精灵]
- {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
- []
- {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷(Thunder)\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
- [浩方对战平台]
- {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对站平台\GameClient.exe, 上海浩方在线信息技术有限公司>
- [Web 防护 统计]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
- [番茄花园]
- {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.tomatolei.com[/url], N/A>
- [WuYou.WySystem]
- {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <D:\初级会计电算化考试练习系统\wyocxdll\WYSYSTEM.OCX, WuYou Computer Cor>
- [QQCycloneHelper Class]
- {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQ包\QQDownload\QQIEHelper01.dll, 腾讯公司>
- [Windows Media Player]
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
- [Microsoft Rich Textbox Control 6.0 (SP6)]
- {3B7C8860-D78F-101B-B9B5-04021C009402} <C:\WINDOWS\system32\richtx32.ocx, Microsoft Corporation>
- [超级兔子上网精灵]
- {43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
- [WuYou.WySystem]
- {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <D:\初级会计电算化考试练习系统\wyocxdll\WYSYSTEM.OCX, WuYou Computer Cor>
- [超级兔子上网精灵]
- {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\超级兔子\haokanbar.dll, Xiang Feng Technology>
- []
- {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷(Thunder)\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
- [Xceed Zip Control]
- {B26F6246-4C7D-11D1-910E-00600807163F} <D:\初级会计电算化考试练习系统\webexam\activex\xcdzip35.ocx, Xceed Software Inc. 1-450-442-2626 [email]zip@xceedsoft.com[/email] [url]www.xceedsoft.com[/url]>
- [SearchAssistantOC]
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
- [RDS.DataSpace]
- {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [&使用超级旋风下载]
- <D:\QQ包\QQDownload\geturl.htm, N/A>
- [&使用超级旋风下载全部链接]
- <D:\QQ包\QQDownload\getAllurl.htm, N/A>
- [&使用迅雷下载]
- <F:\迅雷(Thunder)\Program\GetUrl.htm, N/A>
- [&使用迅雷下载全部链接]
- <F:\迅雷(Thunder)\Program\GetAllUrl.htm, N/A>
- [上传到QQ网络硬盘]
- <, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <, N/A>
- [添加到QQ表情]
- <, N/A>
- [用QQ彩信发送该图片]
- <, N/A>
- ==================================
- 正在运行的进程
- [PID: 464][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 528][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1468][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8340]
- [F:\eWido\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
- [PID: 1668][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1676][C:\WINDOWS\Resources\Themes\CalSprite\CalSprite.exe] [SnowFox Studio., 1.5.4.54]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.120]
- [PID: 3432][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
- [PID: 1596][D:\QQ包\QQ\QQ.exe] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\CoralAssist.dll] [Coral Team, 5.0.0 build 20060829]
- [D:\QQ包\QQ\CoralQQ.dll] [Coral Team, 5.0.1a Build 20070620]
- [D:\QQ包\QQ\kql.dll] [Coral Team, 5.0.1a build 20070620]
- [D:\QQ包\QQ\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
- [D:\QQ包\QQ\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [D:\QQ包\QQ\ipsearcher.dll] [, 1.0.0.3]
- [D:\QQ包\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQHelperDll.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.120]
- [D:\QQ包\QQ\NoDisturbFilter.cqx] [Coral Team, 1.0]
- [D:\QQ包\QQ\ConfigHotkey.cqx] [Coral Team, 1.0]
- [D:\QQ包\QQ\QQAPI.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
- [D:\QQ包\QQ\AutoReconnect.cqx] [Coral Team, 1.0.0]
- [D:\QQ包\QQ\LoginCtrl.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQRes.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\MailSummary.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQMainFrame.dll] [N/A, ]
- [D:\QQ包\QQ\CQQApplication.dll] [N/A, ]
- [D:\QQ包\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
- [D:\QQ包\QQ\NewSkin.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\HostingMgr.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\CameraDll.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\CoralHotkey.cqx] [Coral Team, 1.0]
- [D:\QQ包\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,313,1681]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.120]
- [D:\QQ包\QQ\QQAllInOne.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
- [D:\QQ包\QQ\QQSpace.dll] [TENCENT, 7,0,313,1681]
- [C:\WINDOWS\system32\msdmo.dll] [, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.120]
- [D:\QQ包\QQ\QQGroupMng.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQSettingCtrl.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQSysMsgMng.dll] [N/A, ]
- [D:\QQ包\QQ\UserDefinedHead.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQPlugin.dll] [N/A, ]
- [D:\QQ包\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQAvatar.dll] [N/A, ]
- [D:\QQ包\QQ\LongConnection.dll] [TENCENT, 7,0,313,1681]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.120]
- [D:\QQ包\QQ\QQCustomFace.dll] [N/A, ]
- [D:\QQ包\QQ\QRingMng.dll] [N/A, ]
- [D:\QQ包\QQ\QQPet.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\PhoneAPI.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
- [D:\QQ包\QQ\QQFileTransfer.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\BQQApplication.dll] [N/A, ]
- [D:\QQ包\QQ\PersonalDesktop.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\CommercesMng.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
- [D:\QQ包\QQ\QQSceneMng.dll] [N/A, ]
- [D:\QQ包\QQ\AddrSearch.dll] [腾讯科技(深圳)有限公司, 2, 1, 9, 93]
- [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
- [D:\QQ包\QQ\ImageOle.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQLiveQMng.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQMagicFace.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\GroupConnection.dll] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\QQZip.dll] [TENCENT, 7,0,313,1681]
- [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
- [PID: 2356][D:\QQ包\QQ\TIMPlatform.exe] [TENCENT, 7,0,313,1681]
- [D:\QQ包\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
- [PID: 4080][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 2580][D:\千千静听\TTPlayer.exe] [Alen Soft, 4, 6, 9, 0]
- [D:\千千静听\ttpcomm.dll] [N/A, ]
- [D:\千千静听\ttpres.dll] [Alen Soft, 4, 6, 9, 0]
- [D:\千千静听\msdmo.dll] [Microsoft Corporation, 6.03.01.0400]
- [D:\千千静听\AddIn\ttp_asf.dll] [N/A, ]
- [D:\千千静听\AddIn\ttp_aac.dll] [N/A, ]
- [D:\千千静听\AddIn\ttp_ac3dts.dll] [N/A, ]
- [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001] [Macrovision Europe Ltd., 1, 0, 0, 1]
- [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001.dir.0000\~df394b.tmp] [N/A, ]
- [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001] [Macrovision Europe Ltd., 1, 0, 0, 1]
- [C:\DOCUME~1\feiyutzl\LOCALS~1\Temp\~e5.0001.dir.0001\~df394b.tmp] [N/A, ]
- [PID: 3764][D:\QQ包\TT\TTraveler.exe] [腾讯公司, 3, 3, 200, 290]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.120]
- [D:\QQ包\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
- [D:\QQ包\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
- [D:\QQ包\TT\TTNetFavor.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.120]
- [PID: 2988][F:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.120]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.120]
- [F:\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5657AF0)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5657CD0)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5657E30)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5657BE0)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF5657DE0)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |