[CODE]

2008-06-17,15:43:22

System Repair Engineer 2.6.8.980
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\dnsq.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
    <IFEO[Your Image File Name Here without a path]><ntsd -d>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\新建文件夹\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[User Profile Hive Cleanup / UPHClean][Running/Auto Start]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

==================================
驱动程序
[ BsDeamon Application - BsDeamon Application / BsDeamon][Running/System Start]
  <\??\D:\新建文~1\JiangMin\ANTIVI~1\BsDeamon.sys><Jiangmin Co., Ltd.>
[HdFw_slot / HdFw_slot][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\HdFw.sys><Jiangmin Co., Ltd.>
[HDPT Miniport / HDPT][Running/Manual Start]
  <system32\DRIVERS\HDPT.sys><Jiangmin Co., Ltd.>
[JmFwDDos / JmFwDDos][Running/Auto Start]
  <system32\DRIVERS\JmFwDDos.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/Auto Start]
  <\??\D:\新建文件夹\JiangMin\antivirus\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
  <\??\D:\新建文件夹\JiangMin\common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
  <\??\D:\新建文件夹\JiangMin\AntiVirus\KSysTrace.sys><Jiangmin Co., Ltd.>
[KVFileGuard From Jiangmin / KVFileGuard][Stopped/Manual Start]
  <\??\D:\新建文件夹\JiangMin\AntiVirus\KVfg.sys><Jiangmin Co., Ltd.>
[KVRedir From Jiangmin / KVRedir][Running/System Start]
  <\??\D:\新建文件夹\JiangMin\AntiVirus\KVREDIR.SYS><Jiangmin Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
  <\SystemRoot\system32\Drivers\SysGuard.sys><Jiangmin Co., Ltd.>

==================================
浏览器加载项
[UrlBlock Class]
  {75BED22C-339D-4827-BA51-ECD7B55A8792} <D:\新建文件夹\JiangMin\WebWall\KVWebFilter.dll, Jiangmin Co.Ltd>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\新建文件夹\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\新建文件夹\JiangMin\AntiVirus\UrlGuard.dll, Jiangmin Co., Ltd.>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\新建文件夹\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[UrlBlock Class]
  {75BED22C-339D-4827-BA51-ECD7B55A8792} <D:\新建文件夹\JiangMin\WebWall\KVWebFilter.dll, Jiangmin Co.Ltd>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\新建文件夹\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\新建文件夹\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[IfObj Control]
  {D9901239-34A2-448D-A000-3705544ECE9D} <C:\WINDOWS\system32\com\netcfg.dll, 506>
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\新建文件夹\JiangMin\AntiVirus\UrlGuard.dll, Jiangmin Co., Ltd.>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 604][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 832 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 904 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1036 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1460 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
    [D:\新建文件夹\JiangMin\AntiVirus\KsPec.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 903]
    [D:\新建文件夹\JiangMin\common\KvTrust.dll]  [Jiangmin Co., Ltd., 10, 0, 7, 919]
    [D:\新建文件夹\JiangMin\common\KvTools.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 919]
    [D:\新建文件夹\JiangMin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 2, 0, 7, 905]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\新建文件夹\JiangMin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [D:\新建文件夹\JiangMin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 2, 0, 7, 828]
    [D:\新建文件夹\JiangMin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1600 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1672][C:\WINDOWS\system32\com\lsass.exe]  [N/A, ]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
    [D:\新建文件夹\JiangMin\AntiVirus\UrlGuard.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 913]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [D:\新建文件夹\JiangMin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 911]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\新建文件夹\JiangMin\Kernel\UNACE.dll]  [N/A, ]
[PID: 1820 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 224 / SYSTEM][C:\Program Files\UPHClean\uphclean.exe]  [Microsoft Corporation, 1.5.5.21]
[PID: 1632][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 1808][C:\WINDOWS\system32\com\smss.exe]  [N/A, ]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 3232 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 10128 / Administrator][F:\SRE9d2c65c3\SRE9d2c65c3.EXE]  [Smallfrogs Studio, 2.6.8.980]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]
[PID: 9136][C:\WINDOWS\system32\drivers\alg.exe]  [N/A, ]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\dnsq.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
N/A

==================================
API HOOK
入口点错误：OpenProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\dnsq.dll)

==================================
隐藏进程
    [9372] C:\Program Files\Internet Explorer\iexplore.exe

==================================


[/CODE]