一台电脑,hosts不能修改,卡巴斯基不能正常启动,改为2007年后可以正常启动,但是改为2007年后,系统时间每次重新启动后都被改为2005年。ie浏览器主页被设为:www.hao123.net/?a30?,可以将主页设置为空白页,但是重新启动后,ie浏览器主页依然是:www.hao123.net/?a30?
请高手帮忙会诊一下,谢谢关注!!
下面是SRG的检测报告:- 2007-06-15,20:32:18
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
- <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
- <Userinit><C:\WINNT\system32\UserInit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll> [Kaspersky Lab]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [241A6771 / 241A6771][Stopped/Auto Start]
- <C:\WINNT\system32\3FFE3A0B.EXE -d><Microsoft Corporation>
- [Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
- <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r><Kaspersky Lab>
- [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
- <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
- [Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
- <C:\WINNT\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
- [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
- <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
- ==================================
- 驱动程序
- N/A
- ==================================
- 浏览器加载项
- [网页]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [使用迅雷下载]
- <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
- [使用迅雷下载全部链接]
- <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
- [添加到反]
- <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A>
- ==================================
- 正在运行的进程
- [PID: 180][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
- [PID: 208][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
- [PID: 228][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898]
- [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
- [C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.1.411]
- [C:\WINNT\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
- [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.1.411]
- [PID: 256][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.1.411]
- [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
- [PID: 580][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
- [C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
- [C:\WINNT\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
- [C:\WINNT\system32\gqwprs.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
- [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
- [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
- [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
- [C:\WINNT\system32\cmdbcs.dll] [N/A, ]
- [C:\WINNT\system32\msccrt.dll] [N/A, ]
- [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.411]
- [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.1.411]
- [PID: 692][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
- [C:\WINNT\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
- [PID: 1412][E:\恶意软件工具\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\WINNT\system32\windhcp.ocx] [N/A, ]
- [C:\WINNT\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
- [C:\WINNT\system32\msccrt.dll] [N/A, ]
- [C:\WINNT\system32\cmdbcs.dll] [N/A, ]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINNT\hh.exe" %1]
- .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- N/A
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBEAF1B25)
- RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBEAF1D67)
- RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBEAF1F0B)
- RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBEAF1C49)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xBEAF1E8F)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
[ 本帖最后由 linuxmmx 于 2007-6-16 21:45 编辑 ] |