收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 SRE报告,症状:CPU经常到100%
12下一页
返回列表 发新帖
查看: 3545|回复: 10
收起左侧

[已解决] SRE报告,症状:CPU经常到100%

 关闭 [复制链接]
兔斯基
发表于 2007-9-29 12:33:50 | 显示全部楼层 |阅读模式
某SRE报告,请分析下,症状:CPU经常到100%,IEMC.exe等进程是否有问题,另卡巴、AVG、windows清理助手等扫描无毒
  1. 2007-09-29,12:22:30

  3. System Repair Engineer 2.3.13.690
  4. Smallfrogs (http://www.KZTechs.com)

  6. Windows 2000 Professional Service Pack 4 (Build 2195)
  7. - 管理权限用户 - 完整功能

  9. 以下内容被选中:
  10.     所有的启动项目(包括注册表、启动文件夹、服务等)
  11.     浏览器加载项
  12.     正在运行的进程(包括进程模块信息)
  13.     文件关联
  14.     Winsock 提供者
  15.     Autorun.inf
  16.     HOSTS 文件


  19. 启动项目
  20. 注册表
  21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  22.       [(Verified)Microsoft Corporation]
  23.       [(Verified)Google Inc.]
  24. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  25.     <>  [N/A]
  26. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  27.       [(Verified)Microsoft Corporation]
  28.     <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
  29.       [N/A]
  30.       [深圳市三代科技开发有限公司]
  31.     <"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
  32.     <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [(Verified)GRISOFT s.r.o.]
  33. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  34.       [(Verified)Microsoft Corporation]
  35.       [(Verified)Microsoft Corporation]
  36. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  37.     <>  [N/A]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  39.       [N/A]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  41.       [Kaspersky Lab]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\noitfy]
  43.       [N/A]
  44. [HKEY_CURRENT_USER\Control Panel\Desktop]
  45.       [(Verified)Microsoft Corporation]

  47. ==================================
  48. 启动文件夹
  49. N/A

  51. ==================================
  52. 服务
  53. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  54.   
  55. [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  56.   <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r>
  57. [C-DillaSrv / C-DillaSrv][Running/Auto Start]
  58.   
  59. [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  60.   
  61. [Google Updater Service / gusvc][Stopped/Manual Start]
  62.   <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">
  63. [IEMC / IEMC][Running/Auto Start]
  64.   <"C:\WINNT\system32\Iemc.exe" -service>
  65. [卡巴斯基网络代理 / klnagent][Running/Auto Start]
  66.   <"C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe">
  67. [Messenger / Messenger][Stopped/Boot Start]
  68.   <\SystemRoot\C:\WINNT\system32\services.exe>
  69. [NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  70.   
  71. [RemoteService / RemoteService][Stopped/Manual Start]
  72.   <>
  73. [scsvc / scsvc][Running/Auto Start]
  74.   <>
  75. [Svcam / Svcam][Running/Auto Start]
  76.   <>
  77. [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  78.   C:\WINNT\system32\mspmsnsv.dll>

  80. ==================================
  81. 驱动程序
  82. [2067187 / 2067187][Stopped/Boot Start]
  83.   <\SystemRoot\System32\drivers\2067187.sys>
  84. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  85.   <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys>
  86. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  87.   
  88. [C-Dilla / C-Dilla][Stopped/Manual Start]
  89.   <\??\C:\WINNT\system32\drivers\CDANT.SYS>
  90. [c12969609 / c12969609][Stopped/Boot Start]
  91.   <\SystemRoot\System32\drivers\c12969609.sys>
  92. [C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  93.   
  94. [dmboot / dmboot][Stopped/Disabled]
  95.   
  96. [Logical Disk Manager Driver / dmio][Running/Boot Start]
  97.   <\SystemRoot\System32\drivers\dmio.sys>
  98. [dmload / dmload][Running/Boot Start]
  99.   <\SystemRoot\System32\drivers\dmload.sys>
  100. [Smart card reader 2000 service / ft2k][Running/Manual Start]
  101.   
  102. [gaiddabj / gaiddabj][Stopped/Boot Start]
  103.   <\SystemRoot\system32\drivers\gaiddabj.sys>
  104. [kl1 / kl1][Running/Boot Start]
  105.   <\SystemRoot\system32\drivers\kl1.sys>
  106. [klif / klif][Running/System Start]
  107.   <\??\C:\WINNT\system32\drivers\klif.sys>
  108. [npkcrypt / npkcrypt][Running/Auto Start]
  109.   <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys>
  110. [nv / nv][Running/Manual Start]
  111.   
  112. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  113.   
  114. [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  115.   
  116. [ScFilter / ScFilter][Stopped/Manual Start]
  117.   <\??\C:\WINNT\system32\ScFilter.sys>
  118. [SiS AGP Filter / SISAGP][Running/Boot Start]
  119.   <\SystemRoot\system32\DRIVERS\SISAGPx.sys>
  120. [sjhpakd / sjhpakd][Stopped/Manual Start]
  121.   <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjhpakdlxj>

  123. ==================================
  124. 浏览器加载项
  125. [IEHelpObj Class]
  126.   {2D585C2F-24E6-4A88-A986-EE402F1A8EBF}
  127. [Google Toolbar Helper]
  128.   {AA58ED58-01DD-4d91-8333-CF10577473F7}
  129. [Google Toolbar Notifier BHO]
  130.   {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
  131. [Web反病毒保护]
  132.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
  133. [QQ]
  134.   {c95fe080-8f5d-11d2-a20b-00aa003c157b}
  135. [FlashGet]
  136.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
  137. [QQIEFloatBarCfgCmd Class]
  138.   {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
  139. [@msdxmLC.dll,-1@2052,电台(&R)]
  140.   {8E718888-423F-11D2-876E-00A0C9082467}
  141. [&Google]
  142.   {2318C2B1-4965-11d4-9B18-009027A5CD4F}
  143. [InstaFred]
  144.   {1F831FA1-42FC-11D4-95A6-0080AD30DCE1}
  145. [AcDcToday 控件]
  146.   {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}
  147. [NOXLATE-BANR]
  148.   {AE563722-B4F5-11D4-A415-00108302FDFD}
  149. [Shockwave Flash Object]
  150.   {D27CDB6E-AE6D-11CF-96B8-444553540000}
  151. [AcPreview 控件]
  152.   {F281A59C-7B65-11D3-8617-0010830243BD}
  153. [&使用暴风下载器下载]
  154.   
  155. [上传到QQ网络硬盘]
  156.   
  157. [使用网际快车下载]
  158.   <, N/A>
  159. [使用网际快车下载全部链接]
  160.   <, N/A>
  161. [添加到QQ自定义面板]
  162.   
  163. [添加到QQ表情]
  164.   
  165. [用QQ彩信发送该图片]
  166.   
  167. [豪杰超级解霸V8实时播放]
  168.   

  170. ==================================
  171. 正在运行的进程
  172. [PID: 176][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  173. [PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
  174. [PID: 220][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
  175.     [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  176.     [C:\WINNT\system32\LogonNotify.dll]  [N/A, N/A]
  177.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  178.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  179.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  180. [PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
  181.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  182.     [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
  183. [PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
  184.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  185. [PID: 396][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
  186. [PID: 472][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  187.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  188. [PID: 520][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
  189.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  190.     [C:\WINNT\system32\adimon.dll]  [Autodesk, Inc., 3,0,14,176]
  191.     [C:\WINNT\system32\heidi3.dll]  [Autodesk, Inc., 3,0,14,176]
  192.     [C:\WINNT\system32\KMPJLMN.DLL]  [KYOCERA MITA Corporation, 0, 3, 259, 6]
  193.     [C:\WINNT\system32\FXZSMLHI.DLL]  [Fuji Xerox Co., Ltd., 1.000.703.21]
  194.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  195.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  196. [PID: 552][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
  197.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
  198.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  199. [PID: 584][C:\WINNT\system32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.24.010]
  200. [PID: 604][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  201.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  202. [PID: 644][C:\WINNT\system32\Iemc.exe]  [N/A, N/A]
  203.     [C:\WINNT\FExcep.dll]  [N/A, N/A]
  204.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  205.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  206.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  207. [PID: 656][C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe]  [Kaspersky Lab, 5.0.0474.0]
  208.     [C:\Program Files\Kaspersky Lab\NetworkAgent\klstfix.dll]  [Kaspersky Lab, 5.0.0474.0]
  209.     [C:\Program Files\Kaspersky Lab\NetworkAgent\klcsn.dll]  [Kaspersky Lab, 5.0.0474.0]
  210.     [C:\Program Files\Kaspersky Lab\NetworkAgent\kltrace.dll]  [Kaspersky Lab, 5.0.0474.0]
  211.     [C:\Program Files\Kaspersky Lab\NetworkAgent\FSSync.dll]  [Kaspersky Lab, 5.0.0474.0]
  212.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  213.     [C:\Program Files\Kaspersky Lab\NetworkAgent\klsecur2.dll]  [Kaspersky Lab, 5.0.0474.0]
  214. [PID: 756][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
  215.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  216.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  217. [PID: 828][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
  218. [PID: 772][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
  219.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  220.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  221.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  222. [PID: 1056][C:\WINNT\system32\scsvc.exe]  [, 3, 1, 0, 0]
  223.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  224.     [C:\WINNT\FExcep.dll]  [N/A, N/A]
  225.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  226.     [C:\WINNT\system32\procinfo.dll]  [N/A, N/A]
  227.     [C:\WINNT\system32\PMDLL5.dll]  [N/A, N/A]
  228.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  229.     [C:\WINNT\system32\ForbidModem.dll]  [N/A, N/A]
  230. [PID: 1168][C:\WINNT\system32\Svcam.exe]  [, 1]
  231.     [C:\WINNT\FExcep.dll]  [N/A, N/A]
  232.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  233.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  234. [PID: 1204][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
  235. [PID: 1256][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
  236. [PID: 1304][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
  237.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  238.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  239.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  240.     [C:\WINNT\system32\IEHlpCom.dll]  [, 1, 0, 0, 1]
  241.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
  242.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  243.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  244.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
  245. [PID: 1428][C:\WINNT\system32\WinShell.exe]  [N/A, N/A]
  246.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  247.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  248.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  249. [PID: 1448][C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
  250.     [C:\Program Files\Ringz Studio\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  [N/A, N/A]
  251.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  252.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  253.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  254.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  255. [PID: 1484][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [GRISOFT s.r.o., 7, 5, 1, 43]
  256.     [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
  257.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  258.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  259.     [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [N/A, N/A]
  260.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  261. [PID: 1492][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
  262.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  263.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  264.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  265. [PID: 1500][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
  266.     [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll]  [Google Inc., 2, 0, 301, 7164]
  267.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  268.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  269.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  270.     [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll]  [Google Inc., 2, 0, 301, 7164]
  271.     [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
  272.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  273. [PID: 860][C:\Program Files\Ringz Studio\Storm Downloader\TDUpdate.exe]  [N/A, N/A]
  274.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
  275. [PID: 688][C:\WINNT\system32\taskmgr.exe]  [Microsoft Corporation, 5.00.2195.6620]
  276.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  277.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  278.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  279. [PID: 1068][D:\常用工具\杀毒\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
  280.     [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
  281.     [C:\WINNT\system32\FDHook3.dll]  [N/A, N/A]
  282.     [C:\WINNT\system32\dllhook.dll]  [N/A, N/A]
  283.     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

  285. ==================================
  286. 文件关联
  287. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  288. .EXE  OK. ["%1" %*]
  289. .COM  OK. ["%1" %*]
  290. .PIF  OK. ["%1" %*]
  291. .REG  OK. [regedit.exe "%1"]
  292. .BAT  OK. ["%1" %*]
  293. .SCR  OK. ["%1" /S]
  294. .CHM  OK. ["C:\WINNT\hh.exe" %1]
  295. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  296. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  297. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  298. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  299. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  300. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  302. ==================================
  303. Winsock 提供者
  304. N/A

  306. ==================================
  307. Autorun.inf
  308. N/A

  310. ==================================
  311. HOSTS 文件
  312. 127.0.0.1       localhost

  314. ==================================
  315. API HOOK
  316. 警告!System Repair Engineer 提醒
  317. 你下面的函数内容与预期值不符,他
  318. 们可能被一些恶意的软件所修改:
  319. RVA  错误: LoadLibraryA
  320. RVA  错误: LoadLibraryExA
  321. RVA  错误: LoadLibraryExW
  322. RVA  错误: LoadLibraryW

  324. ==================================
复制代码

[ 本帖最后由 兔斯基 于 2007-9-29 12:49 编辑 ]
回复

举报

雪茄烟
发表于 2007-9-29 13:13:40 | 显示全部楼层
看不懂报告耶,肯定是中毒了.你进安全模式下杀下
回复

举报

风雪
发表于 2007-9-29 15:00:52 | 显示全部楼层
System Repair Engineer2.5(SREng)或者System Repair Engineer2.5(SREng)下载System Repair Engineer2.5扫描日志上来.
如果不能运行将下载的SREngPS.EXE重命名为SREngPS.com(SREngPS.scr\SREngPS.bat\SREngPS.pif)或者改名为11BD.abc等等自己随便改运行.
sreng——智能扫描——扫描——保存日志——打开日志记事本SREngLOG——Ctrl+A——Ctrl+C——到论坛回复——Ctrl+V。
使用新版本扫描日志上来。
回复

举报

石油工业
发表于 2007-9-29 15:43:03 | 显示全部楼层
不怎么看得懂
回复

举报

随风飘扬
发表于 2007-9-29 17:26:42 | 显示全部楼层
楼主进任务管理器看下是哪些程序占CPU那么高啊?
回复

举报

兔斯基
 楼主| 发表于 2007-9-29 19:34:25 | 显示全部楼层
谢谢楼上的各位
今天发现进程里IEMC.EXE 占CPU较高,用UNlocker发现其与SCSVC.EXE SVCAM.EXE两个文件关联,解锁后可删除,但SCSVC.EXE SVCAM.EXE这两个无法删除,重启后这三个进程仍然存在;后进入安全模式下,发现有SCSVC.EXE SVCAM.EXE这两个进程,用冰刃无法结束,且冰刃未在相应文件夹中找到这两个文件;UNlocker无法删除。后进入纯dos模式,删除IEMC.EXE,另两个提示文件不存在。重启后三个进程仍然存在。
现在还没试删2067187.sys这个驱动文件
回复

举报

风雪
发表于 2007-9-29 22:45:17 | 显示全部楼层
楼主不肯使用新版本扫描日志。
下面给一个参考。
用xdelbox(http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902下载)删除下面文件(按住鼠标左键向下拖动,用鼠标从第一行拖动从上往下到最后一行,右键复制,或者(添入“文件路径”点击“添加”路径),在xdelbox窗口空白处点右键-从剪贴板导入,在抑制再生前打钩,在要删除文件上点击右键,选择立刻重启删除,运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等))。
C:\WINNT\system32\ScFilter.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjhpakdlxj
C:\WINNT\system32\drivers\gaiddabj.sys
C:\WINNT\System32\drivers\dmload.sys
C:\WINNT\System32\drivers\c12969609.sys
C:\WINNT\System32\drivers\2067187.sys
C:\WINNT\system32\Svcam.exe
C:\WINNT\system32\scsvc.exe
C:\WINNT\system32\Iemc.exe
C:\WINNT\system32\WinShell.exe
C:\WINNT\system32\IEHlpCom.dll
(C:\WINNT\FExcep.dll
C:\WINNT\system32\FDHook3.dll
C:\WINNT\system32\ForbidModem.dll
C:\WINNT\system32\procinfo.dll
C:\WINNT\system32\PMDLL5.dll
C:\WINNT\system32\dllhook.dll)括号中的发到样本区测试。或者http://www.virscan.org测试一下。

运行 System Repair Engineer在"启动项目->服务->"Win32服务应用程序"选中"隐藏微软服务" 然后将下面名称的服务
"删除服务"->"设置"->"否" (注意: 按"否"是确认删除服务,按"是"为取消操作)
[IEMC / IEMC][Running/Auto Start]
  <"C:\WINNT\system32\Iemc.exe" -service>

运行 System Repair Engineer在"启动项目->服务->"驱动程序"选中"隐藏微软服务" 然后将下面名称的服务
"删除服务"->"设置"->"否" (注意: 按"否"是确认删除服务,按"是"为取消操作)
[2067187 / 2067187][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\2067187.sys>
[c12969609 / c12969609][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\c12969609.sys>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys>
[gaiddabj / gaiddabj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\gaiddabj.sys>
[sjhpakd / sjhpakd][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sjhpakdlxj>
[ScFilter / ScFilter][Stopped/Manual Start]
  <\??\C:\WINNT\system32\ScFilter.sys>

Windows清理助手升级查一下:
http://www.arswp.com/download/arswp2/arswp2.zip
回复

举报

兔斯基
 楼主| 发表于 2007-10-7 10:34:27 | 显示全部楼层

回复 undefined 的帖子

谢谢风雪,解决了
回复

举报

风雪
发表于 2007-10-7 10:40:55 | 显示全部楼层
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys>
不要删除,我的失误。
回复

举报

兔斯基
 楼主| 发表于 2007-10-7 10:49:54 | 显示全部楼层

回复 undefined 的帖子

再次感谢风雪,不过偶因为另一台正常的机器里也有dmload.sys,所以没删,不过这个不知道正常不
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-23 07:08 , Processed in 0.124336 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表