我扫了个报告,请大家帮帮忙阿,我的服务管理器打开没有服务了
2007-03-26,10:32:03
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMEKRMIG6.1)(; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE) [(Verified)Microsoft Windows Publisher]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(IMSCMig)(; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher]
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher]
(SoundMan)(SOUNDMAN.EXE) [Realtek Semiconductor Corp.]
(kav)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe") [Kaspersky Lab]
(MSConfig)("C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto) [(Verified)Microsoft Windows Publisher]
(AVPUDP)(; ) [N/A]
(cctray)(; ) [N/A]
(IEXPLORE)(; ) [N/A]
(SiSPower)(; Rundll32.exe SiSPower.dll,ModeAgent) [Silicon Integrated Systems Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(%SystemRoot%\system32\logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
(WinlogonNotify: klogon)(C:\WINDOWS\system32\klogon.dll) [Kaspersky Lab]
--------------------------------------------------------------------------------
启动文件夹
N/A
--------------------------------------------------------------------------------
服务
N/A
--------------------------------------------------------------------------------
驱动程序
N/A
--------------------------------------------------------------------------------
浏览器加载项
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} (C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab)
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司)
[PeerDraw 类]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} (C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation)
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (D:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_003.dll, Thunder Networking Technologies,LTD)
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} (%SystemRoot%\system32\shdocvw.dll, N/A)
[工程1.UserControl1]
{6373CFC7-6370-49C3-B6AC-B731AF07B668} (C:\WINDOWS\cuup.ocx, ZCZ)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[List Control]
{70CACCCA-8B83-4BCB-B2D1-188E9A495527} (D:\PROGRA~1\PPLive\SYNACA~1.OCX, )
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} (C:\Program Files\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation)
[Free Threaded XML DOM Document 5.0]
{88D969E6-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation)
[XSL Template 5.0]
{88D969E8-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation)
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation)
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} (c:\WINDOWS\system32\msxml6.dll, Microsoft Corporation)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[DHTML Edit Control Safe for Scripting for IE6]
{BF3FF9A2-AC03-40A1-BA0F-F31076325AA7} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} (C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTCheck.ocx, Apple Computer, Inc.)
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[&使用快车(FlashGet)下载]
(C:\Program Files\FlashGet\jc_link.htm, N/A)
[&使用快车(FlashGet)下载全部链接]
(C:\Program Files\FlashGet\jc_all.htm, N/A)
[使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
--------------------------------------------------------------------------------
正在运行的进程
[PID: 368][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 416][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1548][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\Program Files\JiangMin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 1, 0, 6, 921]
[C:\Program Files\JiangMin\AntiVirus\lang\KvXP0804.lng] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1828][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3672][C:\Documents and Settings\Administrator\桌面\病毒专杀\SREng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[PID: 3760][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
--------------------------------------------------------------------------------
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
--------------------------------------------------------------------------------
Winsock 提供者
N/A
--------------------------------------------------------------------------------
Autorun.inf
N/A
--------------------------------------------------------------------------------
HOSTS 文件
127.0.0.1 localhost
--------------------------------------------------------------------------------
API HOOK
RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF90F1B25)
RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF90F1D67)
RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF90F1F0B)
RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF90F1C49)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF90F1E8F)
--------------------------------------------------------------------------------
隐藏进程
N/A |
[复制链接]
发表于 2007-3-26 09:47:34
楼主
被卖了还帮别人数钱
