查看: 32448|回复: 4
卡巴启动项和扫描硬盘被禁
该用户从未签到
,17:18:32
System Repair Engineer 2.6.12.1018
Smallfrogs ()
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
& & &DAEMON Tools Lite&&&e:\DAEMON\daemon.exe&&&&[(Verified)DAEMON Tools Code Signing Services]
& & &Foxmail&&E:\Foxmail\Foxmail.exe -min&&&[Boda Network Technology Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &IMJPMIG8.1&&&C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE& /Spoil /RemAdvDef /Migration32&&&[(Verified)Microsoft Windows Publisher]
& & &PHIME2002ASync&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&&&[(Verified)Microsoft Windows Publisher]
& & &PHIME2002A&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&&&[(Verified)Microsoft Windows Publisher]
& & &Apoint&&C:\Program Files\Apoint\Apoint.exe&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &IMSCMIG40W&&C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log&&&[Microsoft Corporation]
& & &KADxMain&&C:\WINDOWS\system32\KADxMain.exe&&&[Knowles Acoustics]
& & &nwiz&&nwiz.exe /installquiet&&&[]
& & &NVHotkey&&rundll32.exe nvHotkey.dll,Start&&&[NVIDIA Corporation]
& & &NvMediaCenter&&RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &AVP&&&E:\Kaspersky Internet Security 7.0\avp.exe&&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &WPDShServiceObj&&C:\WINDOWS\system32\WPDShServiceObj.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&C:\WINDOWS\system32\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
& & &IE7 Uninstall Stub&&C:\WINDOWS\system32\ieudinit.exe&&&[(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018--5476DBF70820}]
& & &N/A&&C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install&&&[(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &360Safebox&&; &C:\Program Files\360Safebox\safeboxTray.exe& /r&&&[(Verified)Qizhi Software (beijing) Co. Ltd]
& & &ISUSPM Startup&&; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup&&&[Macrovision Corporation]
& & &ISUSScheduler&&; &C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe& -start&&&[Macrovision Corporation]
& & &NvCplDaemon&&; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &NVHotkey&&; rundll32.exe nvHotkey.dll,Start&&&[NVIDIA Corporation]
& & &NvMediaCenter&&; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &nwiz&&; nwiz.exe /installquiet&&&[]
& & &RoxWatchTray&&; &&&[N/A]
& & &SigmatelSysTrayApp&&; stsystra.exe&&&[SigmaTel, Inc.]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
&&&C:\WINDOWS\system32\svchost.exe -k netsvcs--&%SystemRoot%\System32\appmgmts.dll&&N/A&
[卡巴斯基互联网安全套装 7.0 / AVP][Running/Auto Start]
&&&&E:\Kaspersky Internet Security 7.0\avp.exe& -r&&Kaspersky Lab&
[Diskeeper / Diskeeper][Stopped/Manual Start]
&&&E:\Diskeeper-v10.0H\DkService.exe&&Diskeeper Corporation&
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe&&&Macrovision Europe Ltd.&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
&&&&C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe&&&Macrovision Corporation&
[MATLAB Server / matlabserver][Stopped/Manual Start]
&&&e:\MATLAB6p5\webserver\bin\win32\matlabserver.exe&&N/A&
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
&&&C:\WINDOWS\system32\nvsvc32.exe&&NVIDIA Corporation&
[RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start]
&&&&&(File is missing)&
[Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start]
&&&&&(File is missing)&
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
&&&C:\Program Files\WinPcap\rpcapd.exe -d -f rpcapd.ini&&N/A&
[SigmaTel Audio Service / STacSV][Running/Auto Start]
&&&C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe&&SigmaTel, Inc.&
[stllssvr / stllssvr][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\SureThing Shared\stllssvr.exe&&&MicroVision Development, Inc.&
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
&&&&C:\Program Files\Windows Live\installer\WLSetupSvc.exe&&&Microsoft Corporation&
==================================
驱动程序
[360AntiArp / 360AntiArp][Stopped/System Start]
&&&\??\C:\WINDOWS\system32\drivers\360AntiArp.sys&&360安全中心&
[Apaidi / Apaidi][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\Apaidi.sys&&N/A&
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start]
&&&system32\DRIVERS\Apfiltr.sys&&Alps Electric Co., Ltd.&
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
&&&system32\DRIVERS\b57xp32.sys&&Broadcom Corporation&
[DLABMFSM / DLABMFSM][Running/Auto Start]
&&&System32\DLA\DLABMFSM.SYS&&Roxio&
[DLABOIOM / DLABOIOM][Running/Auto Start]
&&&System32\DLA\DLABOIOM.SYS&&Roxio&
[DLACDBHM / DLACDBHM][Running/System Start]
&&&System32\Drivers\DLACDBHM.SYS&&Roxio&
[DLADResM / DLADResM][Running/Auto Start]
&&&System32\DLA\DLADResM.SYS&&Roxio&
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
&&&System32\DLA\DLAIFS_M.SYS&&Roxio&
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
&&&System32\DLA\DLAOPIOM.SYS&&Roxio&
[DLAPoolM / DLAPoolM][Running/Auto Start]
&&&System32\DLA\DLAPoolM.SYS&&Roxio&
[DLARTL_M / DLARTL_M][Running/System Start]
&&&System32\Drivers\DLARTL_M.SYS&&Roxio&
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
&&&System32\DLA\DLAUDFAM.SYS&&Roxio&
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
&&&System32\DLA\DLAUDF_M.SYS&&Roxio&
[DRVMCDB / DRVMCDB][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\DRVMCDB.SYS&&Sonic Solutions&
[DRVNDDM / DRVNDDM][Running/Auto Start]
&&&System32\Drivers\DRVNDDM.SYS&&Roxio&
[DXEC02 / DXEC02][Running/Manual Start]
&&&system32\drivers\dxec02.sys&&Knowles Acoustics&
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
&&&system32\DRIVERS\HDAudBus.sys&&Windows (R) Server 2003 DDK provider&
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
&&&system32\DRIVERS\HSFHWAZL.sys&&Conexant Systems, Inc.&
[HSF_DPV / HSF_DPV][Running/Manual Start]
&&&system32\DRIVERS\HSF_DPV.sys&&Conexant Systems, Inc.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[klif / klif][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[mdmxsdk / mdmxsdk][Running/Auto Start]
&&&system32\DRIVERS\mdmxsdk.sys&&Conexant&
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
&&&system32\drivers\npf.sys&&Politecnico di Torino&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[PxHelp20 / PxHelp20][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\PxHelp20.sys&&Sonic Solutions&
[rimmptsk / rimmptsk][Running/Auto Start]
&&&system32\DRIVERS\rimmptsk.sys&&REDC&
[rimsptsk / rimsptsk][Running/Auto Start]
&&&system32\DRIVERS\rimsptsk.sys&&REDC&
[Ricoh xD-Picture Card Driver / rismxdp][Running/Auto Start]
&&&system32\DRIVERS\rixdptsk.sys&&REDC&
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
&&&\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
&&&\SystemRoot\System32\drivers\sfdrv01.sys&&Protection Technology&
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
&&&\SystemRoot\System32\drivers\sfhlp02.sys&&Protection Technology&
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
&&&\SystemRoot\System32\drivers\sfsync02.sys&&Protection Technology&
[sptd / sptd][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\sptd.sys&&N/A&
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
&&&system32\drivers\sthda.sys&&SigmaTel, Inc.&
[Conexant Setup API / UIUSys][Stopped/Manual Start]
&&&system32\DRIVERS\UIUSYS.SYS&&N/A&
[winachsf / winachsf][Running/Manual Start]
&&&system32\DRIVERS\HSF_CNXT.sys&&Conexant Systems, Inc.&
==================================
浏览器加载项
[HelperObject Class]
&&{00C6482D-C502-44C8-8409-FCE54AD9C208} &e:\SnagIt 7\SnagItBHO.dll, TechSmith Corporation&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &E:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated&
[BitComet Helper]
&&{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &E:\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet&
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &E:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[Adobe PDF Conversion Toolbar Helper]
&&{AE7CD045-E861-484f-EE161910} &C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated&
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &e:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD&
[Web 反病毒统计]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &e:\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, N/A&
[BitComet]
&&{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} &, &
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation&
[SnagIt]
&&{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} &e:\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation&
[Adobe PDF]
&&{C5--0819E2EAAC93} &C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.&
[HelperObject Class]
&&{00C6482D-C502-44C8-8409-FCE54AD9C208} &e:\SnagIt 7\SnagItBHO.dll, TechSmith Corporation&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &E:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Adobe PDF Reader Link Helper]
&&{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} &C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &, &
[BitComet Helper]
&&{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &E:\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet&
[Adobe PDF]
&&{C5--0819E2EAAC93} &C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated&
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &E:\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[XDRM]
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &e:\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD&
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[360SafeLive]
&&{C--D416CB8059E3} &e:\360safe\live.dll, (Signed) &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &E:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[SnagIt]
&&{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} &e:\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation&
[Windows Live 登录帮助程序]
&&{C02-4ABF-8ECC-C6} &C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation&
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation&
[DapCtrl Class]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5).dll, ShenZhen Thunder Networking Technologies Ltd.&
[Adobe PDF Conversion Toolbar Helper]
&&{AE7CD045-E861-484F-EE161910} &C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated&
[]
&&{B69F34DD-F0F9-42DC-9EDD-8D} &, &
[]
&&{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} &, &
[]
&&{DE60714F-AC17-427E-861A-FD60CBDF119A} &, &
[Thunder DapPlayer]
&&{EEDD6FF9-13DE-496B-9A1C-D78B} &e:\Thunder\Components\DownAndPlay\DapPlayer3.0..dll, ShenZhen Thunder Networking Technologies Ltd.&
[]
&&{FB5FD2-BB9E-00C04F795683} &, &
[使用迅雷下载]
&&&E:\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&E:\Thunder\Program\getallurl.htm, N/A&
==================================
正在运行的进程
[PID: 968 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1036 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1064 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\system32\klogon.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 1112 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1124 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\dnsq.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
[PID: 1340 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1456 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\dnsq.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 1600 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\adialhk.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\dnsq.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 1652 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
[PID: 1776 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1816 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [E:\Kaspersky Internet Security 7.0\dnsq.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\system32\AdobePDF.dll]&&[Adobe Systems Incorporated., 8.0.0.00]
& & [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdistRes.CHS]&&[, ]
[PID: 148 / dell][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
& & [E:\Kaspersky Internet Security 7.0\scrchpg.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]&&[Adobe Systems, Inc., 8.1.0.0]
& & [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]&&[Adobe Systems, Inc., 8.0.0.0]
& & [C:\WINDOWS\system32\nvcpl.dll]&&[NVIDIA Corporation, 6.14.11.5683]
& & [C:\WINDOWS\system32\NVRSZHC.DLL]&&[NVIDIA Corporation, 6.14.11.5683]
& & [C:\WINDOWS\system32\nvapi.dll]&&[NVIDIA Corporation, 6.14.11.5683]
& & [C:\WINDOWS\system32\nvshell.dll]&&[, ]
& & [e:\WinRAR\rarext.dll]&&[N/A, ]
& & [E:\who lock me\WhoLockMe.dll]&&[Bitmind, 1, 0, 3, 0]
& & [e:\UltraEdit\ue32ctmn.dll]&&[, 1.0]
& & [E:\NamiRobot\Data\NamipanExt.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [E:\Kaspersky Internet Security 7.0\ShellEx.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\system32\TudouUpload.dll]&&[, 1.1.0.0]
& & [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll]&&[Adobe Systems Inc., 8.1.5.\0]
& & [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.chs]&&[Adobe Systems Inc., 8.0.5.\0]
& & [E:\FileZilla FTP Client\fzshellext.dll]&&[, 3, 0, 10, 0]
& & [C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll]&&[Roxio, 9.0.0.63]
& & [C:\WINDOWS\system32\DLAAPI_W.DLL]&&[N/A, ]
& & [C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll]&&[Roxio, 9.0.0.63]
& & [d:\WINDOW~1\CMDLIN~1.DLL]&&[N/A, ]
[PID: 508 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]&&[NVIDIA Corporation, 6.14.11.5683]
& & [C:\WINDOWS\system32\nvapi.dll]&&[NVIDIA Corporation, 6.14.11.5683]
[PID: 524 / SYSTEM][C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe]&&[SigmaTel, Inc., 1.0.5511.0&&nd595 cp1]
& & [C:\WINDOWS\system32\stacapi.dll]&&[SigmaTel, Inc., 1.0.5511.0&&nd595 cp1]
[PID: 560 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 740 / dell][C:\Program Files\Apoint\Apoint.exe]&&[Alps Electric Co., Ltd., 5.5.101.155]
& & [C:\WINDOWS\system32\VXDIF.DLL]&&[Alps Electric Co., Ltd., 6.0.3.9]
& & [C:\Program Files\Apoint\Apoint.DLL]&&[Alps Electric Co., Ltd., 5.5.104.284]
& & [C:\Program Files\Apoint\EzAuto.dll]&&[Alps Electric Co., Ltd., 5.5.1.85]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
& & [C:\Program Files\Apoint\EzLaunch.DLL]&&[Alps Electric Co., Ltd., 5.5.1.71]
[PID: 832 / dell][C:\WINDOWS\system32\KADxMain.exe]&&[Knowles Acoustics, 2, 1, 0, 12]
& & [C:\WINDOWS\system32\KADxCtl.dll]&&[Knowles Acoustics, 2, 0, 1, 10]
[PID: 852 / dell][C:\WINDOWS\system32\rundll32.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\nvHotkey.dll]&&[NVIDIA Corporation, 6.14.11.5683]
[PID: 876 / dell][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 920 / dell][E:\Foxmail\Foxmail.exe]&&[Boda Network Technology Inc., 5.0]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\adialhk.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
& & [E:\Foxmail\FoxAntiSpam.dll]&&[N/A, ]
[PID: 960 / dell][C:\Program Files\Apoint\HidFind.exe]&&[Alps Electric Co., Ltd., 1.1.0.23]
[PID: 992 / dell][C:\Program Files\Apoint\Apntex.exe]&&[Alps Electric Co., Ltd., 5.5.1.22]
& & [C:\WINDOWS\system32\VXDIF.DLL]&&[Alps Electric Co., Ltd., 6.0.3.9]
& & [C:\Program Files\Apoint\Apoint.DLL]&&[Alps Electric Co., Ltd., 5.5.104.284]
[PID: 120 / dell][C:\WINDOWS\system32\conime.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 2412 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 2840 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]&&[Microsoft Corporation, 7.0. (winmain(wmbla).0)]
[PID: 4008 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 2512 / dell][C:\WINDOWS\notepad.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
[PID: 2280 / dell][C:\Documents and Settings\dell\桌面\sreng2\SREngLdr.EXE]&&[Smallfrogs Studio, 2.6.12.1018]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
[PID: 2324 / dell][C:\Documents and Settings\dell\桌面\sreng2\SRE9482cb5f.EXE]&&[Smallfrogs Studio, 2.6.12.1018]
& & [C:\Documents and Settings\dell\桌面\sreng2\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
& & [E:\Kaspersky Internet Security 7.0\miscr3.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\fssync.dll]&&[Kaspersky Lab, 7.0.5.325]
& & [E:\Kaspersky Internet Security 7.0\adialhk.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [E:\Kaspersky Internet Security 7.0\dnsq.dll]&&[Kaspersky Lab, 7.0.1.325]
==================================
文件关联
.TXT&&Error. [C:\WINDOWS\notepad.exe %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
127.0.0.1&&yu.8s7.net
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&xxx.m111.biz
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&xxx.vh7.biz
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&xxx.mmma.biz
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&
127.0.0.1&&down.18dd.net
127.0.0.1&&
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 524, C:\PROGRAM FILES\SIGMATEL\C-MAJOR AUDIO\WDM\STACSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 832, C:\WINDOWS\SYSTEM32\KADXMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 920, E:\FOXMAIL\FOXMAIL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2280, C:\DOCUMENTS AND SETTINGS\DELL\桌面\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================复制代码彻底崩溃了,大体说一下中毒的过程及症状,希望有助于诊断,先谢过了。
最初是学校网关检测到我的机器短时间内反复连接网络,于是用卡巴全面扫描了一遍磁盘,检测到木马Trojan.Win32.Agent.wpt,感染了很多exe格式的电子书,删除掉以后本来以为没事了。后来发现msn无法登录,然后发现无法访问https协议的地址。在网上搜了一下,发现需要重装IE,直接将IE6升级到IE7,问题依旧,重置IE设置以后问题解决。但接着发现很多网页的显示有问题,比如遨游的设置中心全部是空白,百度主页登陆的链接消失了,本来还以为是IE设置里禁用了什么东西,不过紧接着就发现卡巴的硬盘全面扫描没反应,点了以后会显示 正在扫描(1%)&&然后跳一下就完成了,刚才为了扫SRE的报告,重启了一下,卡巴没有自启动,但是可以手动启动。无法使用IE,双击IE图标会生成一个IE的快捷方式。
请各位高手帮忙看一下,谢谢
[ 本帖最后由 2_71828 于
11:30 编辑 ]
该用户从未签到
建议你先安装ARP墙
呵呵,你的机器开启了这么多的服务和启动项,真为你的机器委屈,呵呵
[b]1.建议使用XDelBox删除以下文件:[/b]([url=.cn/attachment.php?aid=32758]论坛附件[/url];[url=/attach/B6C6A54A-8037-45BB-B840-709B8B99BAFE]网盘下载[/url];[url=/down/download.php?fname=./01.原创软件/XDelBox 1.7支持奥运版.rar]电信下载[/url])
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择[color=red]剪贴板导入不检查路径[/color],导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启自动进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备。
d:\window~1\cmdlin~1.dll
c:\windows\system32\drivers\apaidi.sys
[b]2.删除重启后使用SREng修复下面各项:[/b]
& & 启动项目 -- 注册表之如下项删除:
[RoxWatchTray]& & &; &
& & 启动项目 -- 服务-- 驱动程序之如下项删除:
[Apaidi / Apaidi]& & &\??\C:\WINDOWS\system32\drivers\Apaidi.sys&[/hide]
该用户从未签到
那些启动项里有不少是中毒以后新冒出来的,就是看到这么多稀奇古怪的启动项我才确定真的中毒了。
感谢帮助,我先去试一下
该用户从未签到
问题解决,非常感谢
顺带找到了卡巴硬盘扫描的问题,居然所有的硬盘都被加到了排除区域里,太有创意了
该用户从未签到
呵呵,把整个硬盘放到了排除列表?真是太有才了
