收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 同事的机器,据说中毒了,SRE的报告帮忙看看.
返回列表 发新帖
查看: 2945|回复: 4
收起左侧

同事的机器,据说中毒了,SRE的报告帮忙看看.

[复制链接]
top8233
发表于 2007-3-22 07:55:08 | 显示全部楼层 |阅读模式
CODE]

2007-03-21,17:06:21

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AGRSMMSG><; AGRSMMSG.exe>  [Agere Systems]
    <ATIModeChange><; Ati2mdxx.exe>  [ATI Technologies, Inc.]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <BCONSET><; regedit /s "C:\Program Files\ThinkPad\ConnectUtilities\bconprof.reg">  [N/A]
    <BluetoothAuthenticationAgent><; rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Corporation]
    <BMMGAG><; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
    <BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A]
    <EZEJMNAP><; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp.]
    <ibmmessages><; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]
    <IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <pyjj><; E:\ruanjian\拼音加加\jj4\JJSvr4.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <QCWLICON><; C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [N/A]
    <S3TRAY2><; S3Tray2.exe>  [S3 Graphics, Inc.]
    <tgcmd><; "C:\Program Files\Support.com\bin\tgcmd.exe" /server>  [SupportSoft, Inc.]
    <TP4EX><; tp4ex.exe>  [IBM Corporation]
    <TPHOTKEY><; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <TPKMAPMN><; C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  [N/A]
    <TrackPointSrv><; tp4serv.exe>  [IBM Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r><Kaspersky Lab>
[COM+ System Application / COMSysApp][Stopped/Manual Start]
  <C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}><N/A>
[Event Log / Eventlog][Running/Auto Start]
  <C:\WINDOWS\system32\services.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[Distributed Transaction Coordinator / MSDTC][Stopped/Manual Start]
  <C:\WINDOWS\System32\msdtc.exe><N/A>
[Office Source Engine / ose][Stopped/Manual Start]
  <C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE><Microsoft Corporation>
[Plug and Play / PlugPlay][Running/Auto Start]
  <C:\WINDOWS\system32\services.exe><Microsoft Corporation>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[MS Software Shadow Copy Provider / SwPrv][Stopped/Manual Start]
  <C:\WINDOWS\System32\dllhost.exe /Processid:{D06FBEBB-46B4-4BDA-81E4-0BEE826C3875}><N/A>

==================================
驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <System32\DRIVERS\AGRSM.sys><Agere Systems>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Fast Ethernet / b57w2k][Running/Manual Start]
  <System32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <System32\DRIVERS\ibmpmdrv.sys><N/A>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[Lucent Technologies Soft Modem / LucentSoftModem][Stopped/Manual Start]
  <System32\DRIVERS\LTSM.sys><Lucent Technologies>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NSC Infrared Device Driver / NSCIRDA][Stopped/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[S3SSavage / S3SSavage][Stopped/Manual Start]
  <System32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
  <System32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP][Running/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[eOAUtil.RegDllManager]
  {1C4E7D72-587D-4DC0-9606-9D4A71B8272A} <C:\E.OA\eOAUtil.dll, resoft>
[File  Uploader ]
  {B4FE8160-76DB-48C4-9803-68ED6278CA2C} <C:\WINDOWS\DOWNLO~1\UPLOAD~1.DLL, 洲信信息技术有限公司>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 620][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 692][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 760][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 924][C:\WINDOWS\System32\ibmpmsvc.exe]  [N/A, N/A]
[PID: 996][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, N/A]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, N/A]
[PID: 1008][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, N/A]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, N/A]
[PID: 1024][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1136][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1276][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1320][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1468][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[PID: 1572][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
[PID: 1584][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 1712][C:\WINDOWS\System32\QCONSVC.EXE]  [N/A, N/A]
[PID: 1952][C:\WINDOWS\System32\snmp.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 812][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\WINDOWS\System32\FOURIER_M1.IME]  [北京紫光华宇软件股份有限公司, 4.0.0.5001]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
[PID: 1552][D:\foxmail(不要删除)\Foxmail.exe]  [Boda Network Technology Inc., 5.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\foxmail(不要删除)\FoxAntiSpam.dll]  [N/A, N/A]
    [D:\foxmail(不要删除)\3rdParty\punylib.dll]  [CNNIC, 1, 0, 0, 3]
[PID: 1756][E:\飞鸽传书\IPMSG.exe]  [Azhi.net, 2.05]
[PID: 644][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\E.OA\eOAUtil.dll]  [resoft, 1.03.0007]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\System32\FOURIER_M1.IME]  [北京紫光华宇软件股份有限公司, 4.0.0.5001]
    [C:\WINDOWS\System32\macromed\flash\swflash.ocx]  [Macromedia, Inc., 5,0,44,0]
[PID: 428][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
[PID: 288][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 900][C:\PROGRA~1\WINZIP\winzip32.exe]  [WinZip Computing LP, 21.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\wzeay32.dll]  [WinZip Computing LP, 0.9.7g (32-bit)]
    [C:\PROGRA~1\WINZIP\WZCKTREE.DLL]  [WinZip Computing LP, 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZVINFO.DLL]  [WinZip Computing LP, 1.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZCAB3.DLL]  [WinZip Computing LP, 3.1 (32-bit)]
    [C:\PROGRA~1\WINZIP\wz32.dll]  [WinZip Computing LP, 21.0 (32-bit)]
    [C:\PROGRA~1\WINZIP\WZIMGS.BIN]  [N/A, N/A]
[PID: 332][C:\Documents and Settings\lj\桌面\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA  错误: LoadLibraryA
RVA  错误: LoadLibraryExA
RVA  错误: LoadLibraryExW
RVA  错误: LoadLibraryW

==================================


[/CODE]
回复

举报

wangjay1980
发表于 2007-3-22 08:58:27 | 显示全部楼层
报告没什么问题,有什么症状
回复

举报

top8233
 楼主| 发表于 2007-3-26 09:02:44 | 显示全部楼层
没症状,就是网络中心的网管硬说有问题,有病毒....
回复

举报

top8233
 楼主| 发表于 2007-3-26 09:10:09 | 显示全部楼层
这个同事的确实中毒了,wang懂 帮我看看  干净没有 万分感谢

2007-03-26,09:01:23

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE Webeye USB PC Camera>  [N/A]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Hummingbird Inetd / HCLInetd][Running/Auto Start]
  <C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe><Hummingbird Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Hummingbird Jconfig Daemon / Jconfigd][Running/Auto Start]
  <C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe><Hummingbird Ltd.>

==================================
驱动程序
[acpidisk / acpidisk][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC][Running/Manual Start]
  <system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MicroGuard Copy Protection / MicroGuard][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mgnt.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Webeye USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[eOAUtil.RegDllManager]
  {1C4E7D72-587D-4DC0-9606-9D4A71B8272A} <C:\E.OA\eOAUtil.dll, resoft>
[Java Plug-in 1.3.1_02]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <e:\program files\JAVA\bin\npjava131_02.dll, JavaSoft / Sun Microsystems, Inc.>
[File  Uploader ]
  {B4FE8160-76DB-48C4-9803-68ED6278CA2C} <C:\WINDOWS\DOWNLO~1\UPLOAD~1.DLL, 洲信信息技术有限公司>
[Java Plug-in 1.3.1_02]
  {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} <e:\program files\JAVA\bin\npjava131_02.dll, JavaSoft / Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[eOAUtil.RegDllManager]
  {1C4E7D72-587D-4DC0-9606-9D4A71B8272A} <C:\E.OA\eOAUtil.dll, resoft>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[File  Uploader ]
  {B4FE8160-76DB-48C4-9803-68ED6278CA2C} <C:\WINDOWS\DOWNLO~1\UPLOAD~1.DLL, 洲信信息技术有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
[PID: 1464][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 135]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
[PID: 1868][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [VM, 4.2.711.31]
[PID: 1884][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2720][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 2328][G:\常用工具\TOOL\局域网通信.exe]  [H.Shirouzu, 2.00]
[PID: 3188][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3220][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3952][H:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
回复

举报

wangjay1980
发表于 2007-3-26 10:08:25 | 显示全部楼层
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
这个删除

C:\PROGRA~1\baidu\bar\baidubar.dll删除

用这个清理一下,中了个流氓

arswp_1[1].6.0.rar

516.92 KB, 下载次数: 81
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 21:12 , Processed in 0.146510 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表