中毒救命 - 2006-10-6 20:31:00
2006-10-06,16:33:55
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KpopMon><D:\金山毒霸\duba\KPopMon.EXE> []
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<rx><C:\WINDOWS\System32\explore.exe> [N/A]
<zz><C:\WINDOWS\System32\intenet.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<internat.exe><rem internat.exe> [N/A]
<KAVRun><D:\金山毒霸\duba\KAVRun.EXE> [kingsoft]
<Kulansyn><D:\金山毒霸\duba\Kulansyn.EXE> [Kingsoft Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<YDTMain.exe><rem C:\PROGRA~1\YDT\YDTMain.exe> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KRepair.COM><D:\金山毒霸\duba\KRepair.COM> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system3.sys> [N/A]
==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\lou\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><N>
==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft AntiVirus Service / KAVSvc]
<D:\金山毒霸\duba\KAVSVC.EXE><kingsoft Antivirus>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
中毒救命 - 2006-10-6 20:31:00
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[basic2 / basic2]
<System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Fallback / Fallback]
<System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks]
<System32\DRIVERS\HSF_FSKS.sys><Conexant>
[GMSIPCI / GMSIPCI]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[hsf_msft / hsf_msft]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56]
<System32\DRIVERS\HSF_K56K.sys><Conexant>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[KSKNIGHT / KSKNIGHT]
<\??\F:\wg999\金山游侠\KSKNIGHT.SYS><N/A>
[KWatch / KWatch]
<\??\C:\WINDOWS\System32\drivers\KWatch.Sys><Kingsoft Corporation>
[New0 / New0]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[NPPTNT / NPPTNT]
<\??\C:\WINDOWS\System32\npptNT.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2]
<\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[QuakeDRV / QuakeDRV]
<\SystemRoot\System32\DRIVERS\quakedrv.sys><N/A>
[Rksample / Rksample]
<System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / sisagp]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SoftFax / SoftFax]
<System32\DRIVERS\HSF_FAXX.sys><Conexant>
[Tones / Tones]
<System32\DRIVERS\HSF_TONE.sys><Conexant>
==================================
中毒救命 - 2006-10-6 20:32:00
浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\System32\mskey32.dll, Microsoft>
[AlxTB BHO Class]
{F1FABE79-25FC-46de-8C5A-2C6DB9D64333} <C:\WINDOWS\System32\AlxTB1.dll, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.mail.yahoo.com/promo/rd1, N/A>
[金山卓越]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <url:http://www.joyo.com, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[金山毒霸网站]
{e1fc9760-7b95-49cd-80b9-8c9e41017b93} <url:http://www.duba.net, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[在线查毒]
{f58d36c3-40be-4418-a786-d8fbe3eb3554} <D:\金山毒霸\duba\kavie.htm, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[金山毒霸]
{A9BE2902-C447-420A-BB7F-A5DE921E6138} <D:\金鹕山蕉毒景霸診\duba\KAIEPlus.DLL, N/A>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <F:\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Kingsoft DUBA OnlineScan]
{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINDOWS\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[KATScan Control]
{DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} <C:\WINDOWS\System32\kingsoft\KATScan\KATScan.OCX, Kingsoft>
[Mail to a Friend...]
<http://client.alexa.com/holiday/script/actions/mailto.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
中毒救命 - 2006-10-6 20:32:00
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 732][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 884][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1164][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1380][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[C:\WINDOWS\System32\myztr.dll] [N/A, N/A]
[C:\WINDOWS\System32\myrx.dll] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.6631]
[C:\WINDOWS\System32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.6631]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.6631]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\System32\mskey32.dll] [Microsoft, 1, 0, 0, 1]
[PID: 1696][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1720][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[PID: 1732][D:\金山毒霸\duba\KPopMon.EXE] [, 2004, 2, 2, 31]
[D:\金山毒霸\duba\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[PID: 1884][D:\金山毒霸\duba\MailMon.EXE] [Kingsoft Co., Ltd, 2004, 2, 6, 245]
[D:\金山毒霸\duba\KMFilter.DLL] [, 2004, 3, 1, 37]
[D:\金山毒霸\duba\parse822.dll] [Quiksoft Corporation, 2, 0, 0, 9]
[D:\金山毒霸\duba\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\金山毒霸\duba\KAVLogFn.dll] [N/A, 2003, 11, 26, 16]
[D:\金山毒霸\duba\KAVMLM.DLL] [Kingsoft Corporation, 2003.11.12.10]
[D:\金山毒霸\duba\KAMsgBox.DLL] [, 2002.9.27.30]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[D:\金山毒霸\duba\KAVComm.dll] [Kingsoft Corporation, 2003, 11, 12, 66]
[D:\金山毒霸\duba\RpcBrge.DLL] [kingsoft, 2003, 11, 12, 64]
[D:\金山毒霸\duba\KAVDlg.DLL] [, 2004.7.20.81]
[D:\金山毒霸\duba\KAECall.DLL] [Kingsoft Corporation, 2003, 11, 14, 66]
[D:\金山毒霸\duba\KAEScan.DLL] [Kingsoft Corp., 2003, 5, 24, 36]
[D:\金山毒霸\duba\KAEPlat.DLL] [Kingsoft Corp., 2005, 12, 29, 56]
[D:\金山毒霸\duba\KAEMem.DAT] [Kingsoft, 2006, 4, 12, 13]
[D:\金山毒霸\duba\KAEUnpack.DAT] [Kingsoft Corp., 2006, 6, 15, 44]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[PID: 1956][D:\金山毒霸\duba\KAVPlus.EXE] [, 2004, 3, 3, 71]
[D:\金山毒霸\duba\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[PID: 196][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 236][D:\金山毒霸\duba\KAVSVC.EXE] [kingsoft Antivirus, 2003, 11, 12, 70]
[D:\金山毒霸\duba\SvcComm.dll] [kingsoft Antivirus, 2004, 7, 28, 1]
[D:\金山毒霸\duba\SvcTimer.DLL] [Kingsoft, 2004.4.29.79]
[D:\金山毒霸\duba\KavComm.dll] [Kingsoft Corporation, 2003, 11, 12, 66]
[D:\金山毒霸\duba\RpcBrge.DLL] [kingsoft, 2003, 11, 12, 64]
[D:\金山毒霸\duba\KWatchFn2.dll] [kingsoft Corporation, 2004, 8, 24, 25]
[D:\金山毒霸\duba\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[PID: 268][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.6631]
[PID: 360][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1908][C:\DOCUME~1\lou\LOCALS~1\Temp\1.exe] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[PID: 1660][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 676][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1616][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
[PID: 1868][F:\wg999\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\System32\nmhxy.dll] [N/A, N/A]
[D:\金山毒霸\duba\KMailFun.dll] [Kingsoft Co., Ltd, 2005, 4, 28, 227]
[C:\Program Files\Internet Explorer\PLUGINS\system3.sys] [N/A, N/A]
==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
© 2000 - 2026 Rising Corp. Ltd.