[CODE]2007-03-19,06:14:12System Repair Engineer 2.4.12.806Smallfrogs (http://www.KZTechs.com)Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中： 所有的启动项目（包括注册表、启动文件夹、服务等） 浏览器加载项 正在运行的进程（包括进程模块信息） 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表N/A==================================启动文件夹N/A==================================服务[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
[ATI Smart / ATI Smart][Stopped/Auto Start]
<>[卡巴斯基反病毒6.0 / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r>
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
[ServiceLayer / ServiceLayer][Running/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe">
==================================驱动程序[AliIde / AliIde][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\aliide.sys>
[ati2mtag / ati2mtag][Running/Manual Start]
[BIOS / BIOS][Running/System Start] <\??\C:\WINDOWS\system32\drivers\BIOS.sys>
[CmdIde / CmdIde][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\cmdide.sys>
[CnsMinKP / CnsMinKP][Running/Boot Start] <\SystemRoot\system32\drivers\CnsMinKP.sys>
[cpuz / cpuz][Stopped/Manual Start] <\??\C:\WINDOWS\system32\cpuz.sys>
[EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
[kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys>
[klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys>
[KWatch3 / KWatch3][Running/System Start] <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS>
[MegaIDE / MegaIDE][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\MegaIDE.sys>
[npkcrypt / npkcrypt][Running/Auto Start] <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys>
[nv / nv][Stopped/Manual Start]
[nvata / nvata][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvata.sys>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]

[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
[pcjhr / pcjhr][Running/Boot Start] <\SystemRoot\\SystemRoot\System32\drivers\pcjhr.sys>
[PnpWmkDrv / PnpWmkDrv][Running/System Start] <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
[Secdrv / Secdrv][Stopped/Manual Start]
[TSP / TSP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\klif.sys>
[ViaIde / ViaIde][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys>
[WINIO / WINIO][Stopped/Manual Start] <\??\I:\winio.sys>
[R2A / R2A][Stopped/Disabled] <\??\C:\WINDOWS\system32a2.sys>
==================================浏览器加载项[Thunder Browser Helper] {0005A87C-D626-4B3A-84F9-1D9571695F55}
[ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55}
[IeCatch5 Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[CnsHook Class] {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
[gFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA}
[Web反病毒保护] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[豪杰超级解霸9] {367E0A21-8601-4986-9C9A-153BF5ACA118}
[Yahoo 3.5G电邮] {507F9113-CD77-4866-BA92-0E86DA3D0B97}
[名品折扣] {59BC54A2-56B3-44a0-93E5-432D58746E26}
[雅虎助手] {5D73EE86-05F1-49ed-B850-E423120EC338}
[雅虎WIDGET] {6354ABE6-05F1-49ed-B850-E423120EC338}
[情景聊天] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
[] {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}
[] {FD00D911-7529-4084-9946-A29F1BDF4FE5}
[金山快译(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C}


[快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3}
[iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA}
[MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
[Thunder Browser Helper] {0005A87C-D626-4B3A-84F9-1D9571695F55}
[ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55}
[CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1}
[iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA}
[Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>[IeCatch5 Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844}
[MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
[Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6}
[金山快译(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C}
[WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E}
[AutoLive] {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
[Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2}
[RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062}
[Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>[CnsHook Class] {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
[Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000}
[快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3}
[gFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA}
[&使用BitComet下载]

[&使用BitComet下载全部链接]
[&使用BitComet下载本页视频]
[&使用快车(FlashGet)下载]
[&使用快车(FlashGet)下载全部链接]
[&使用迅雷下载]
[&使用迅雷下载全部链接]
[上传到QQ网络硬盘]
[使用超级解霸播放]
[添加到QQ自定义面板]
[添加到QQ表情]
[用QQ彩信发送该图片]
[用比特精灵下载(&B)]
==================================正在运行的进程[PID: 596][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 672][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 708][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4140] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)][PID: 752][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 764][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 904][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4140] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2503][PID: 944][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 1024][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 1140][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 1632][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\PROGRA~1\3721\alrex.dll] [, 2.5.0.1002] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 1, 1004] [C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006] [C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 2.5.0.3][PID: 1976][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6]

[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003][PID: 1984][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 1, 1004] [C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006][PID: 1872][D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 82, 70, 1] [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 82, 72, 2] [D:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL] [Nokia, 6, 82, 20, 2] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 82, 31, 0] [D:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_chi-sc.NLR] [Nokia, 6, 82, 69, 2][PID: 1968][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6][PID: 432][D:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe] [Time Information Services Ltd., 2.00 (526)] [D:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0] [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 82, 72, 2] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Nokia\Nokia PC Suite 6\PCSL.dll] [Nokia, 6, 82, 9, 0] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [D:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\Lang\PcSync2_chi-sc.nlr] [Time Information Services Ltd., 9.00 (526)] [D:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\Resource\PcSync2_Nokia.ngr] [Time Information Services Ltd., 9.00 (526)] [C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 82, 31, 0] [D:\Program Files\Nokia\Nokia PC Suite 6\CommonSelectDevice.dll] [Nokia, 6, 82, 74, 0] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\Nokia\MPAPI\MPAPIps.dll] [Nokia Corporation, 6.82.73.0] [C:\Program Files\Common Files\Nokia\Adapters\NclSet.dll] [Nokia, 6.82.9.0]

[C:\Program Files\Common Files\Nokia\Adapters\Nclaeo.dsc] [Nokia Mobile Phones Ltd., 4.00.008][PID: 2060][C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe] [Nokia Corporation, 6.82.162.0] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [C:\Program Files\Common Files\Nokia\MPAPI\MPAPIps.dll] [Nokia Corporation, 6.82.73.0][PID: 3336][D:\完美卸载V2006 完整版\Memory Booster.exe] [, 1, 0, 0, 1] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6][PID: 2084][D:\Program Files\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [D:\Program Files\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8][PID: 3492][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003] [C:\PROGRA~1\3721\scrblock.dll] [3721, 2.5.0.1002] [C:\PROGRA~1\3721\alrex.dll] [, 2.5.0.1002] [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 6] [C:\WINDOWS\DOWNLO~1\CnsHint.dll] [3721, 2, 5, 0, 2] [C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 1, 1004] [C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006] [C:\WINDOWS\DOWNLO~1\cnsplus.dll] [3721, 2, 5, 0, 2] [D:\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4] [C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 2.5.0.3] [C:\WINDOWS\system32\xunleibho_v6.dll] [, 4, 4, 0, 31] [D:\网际快车\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0] [D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll] [BitComet, 20070207] [D:\网际快车\FlashGet\getflash.dll] [, 1, 0, 0, 1] [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 2, 5, 0, 3] [C:\WINDOWS\DOWNLO~1\cnsio.dll] [北京三七二一科技有限公司, 2, 5, 0, 2] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]==================================文件关联.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE OK. ["%1" %*].COM OK. ["%1" %*].PIF OK. ["%1" %*].REG OK. [regedit.exe "%1"].BAT OK. ["%1" %*].SCR OK. ["%1" /S].CHM OK. ["C:\WINDOWS\hh.exe" %1].HLP OK. [%SystemRoot%\system32\winhlp32.exe %1].INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK OK. [{00021401-0000-0000-C000-000000000046}]==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件N/A==================================API HOOKRVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEF5E3B25)RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEF5E3D67)RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEF5E3F0B)RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xEF5E3C49)入口点错误：FreeLibrary (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x5F00002D)RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xEF5E3E8F)==================================隐藏进程N/A==================================[/CODE]