网页资讯视频图片知道文库贴吧地图采购
进入贴吧全吧搜索
sreng吧 关注:18贴子:293
  • 5回复贴,共1

电脑中毒了 SRE扫描报告

取消只看楼主收藏回复

[CODE]
2010-03-12,17:05:08
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.kztechs.com/)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
     所有的启动项目(包括注册表、启动文件夹、服务等)
     浏览器加载项
     正在运行的进程(包括进程模块信息)
     文件关联
     Winsock 提供者
     Autorun.inf
     HOSTS 文件
     进程特权扫描
     计划任务
     Windows 安全更新检查
     API HOOK
     隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>   [(Verified)Microsoft Windows Publisher]
     <SmartRAM><D:\软件\内存.exe>   [oovista & allinsmart]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
     <Alcmtr><ALCMTR.EXE>   [(Verified)Microsoft Windows Hardware Compatibility Publisher]
     <EnergyUtility><C:\Program Files\Lenovo\Energy Management\utility.exe>   [(Verified)Lenovo (Beijing) Limited]
     <Energy Management><C:\Program Files\Lenovo\Energy Management\Energy Management.exe>   [Lenovo (Beijing) Limited]
     <IntelZeroConfig><"C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe">   [Intel(R) Corporation]
     <RFWTray><"C:\Program Files\Rising\RFW\RsTray.exe" -system>   [(Verified)Beijing Rising Information Technology Corporation Limited]
     <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>   [(Verified)Beijing Rising Information Technology Corporation Limited]
     <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>   [File is missing]
     <nwiz><nwiz.exe /installquiet /keeploaded /nodetect>   [(Verified)NVIDIA Corporation]
     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>   [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
     <shell><Explorer.exe>   [(Verified)Microsoft Windows Component Publisher]
     <Userinit><C:\WINDOWS\system32\userinit.exe,>   [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
     <AppInit_DLLs><>   [N/A]

IP属地:安徽1楼2010-03-12 20:39回复
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
         <UIHost><logonui.exe>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
         <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>   [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
         <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>   [(Verified)Microsoft Windows Component Publisher]
         <CDBurn><%SystemRoot%\system32\SHELL32.dll>   [(Verified)Microsoft Windows Component Publisher]
         <WebCheck><%SystemRoot%\system32\webcheck.dll>   [(Verified)Microsoft Windows Publisher]
         <SysTray><C:\WINDOWS\system32\stobject.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
         <WinlogonNotify: crypt32chain><crypt32.dll>   [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
         <WinlogonNotify: cryptnet><cryptnet.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
         <WinlogonNotify: cscdll><cscdll.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
         <WinlogonNotify: ScCertProp><wlnotify.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
         <WinlogonNotify: Schedule><wlnotify.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
         <WinlogonNotify: sclgntfy><sclgntfy.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
         <WinlogonNotify: SensLogn><WlNotify.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
         <WinlogonNotify: termsrv><wlnotify.dll>   [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
         <WinlogonNotify: wlballoon><wlnotify.dll>   [(Verified)Microsoft Windows Publisher]
    
    IP属地:安徽2楼2010-03-12 20:39
    回复
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
           <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>   [(Verified)Microsoft Windows Component Publisher]
           <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>   [(Verified)Microsoft Windows Component Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
           <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>   [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
           <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>   [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
           <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>   [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
           <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>   [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
           <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>   [File is missing]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
           <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>   [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
           <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>   [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
           <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>   [(Verified)Microsoft Windows Publisher]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
           <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>   [File is missing]
      
      IP属地:安徽3楼2010-03-12 20:39
      回复
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
             <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>   [(Verified)Microsoft Windows Publisher]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
             <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>   [(Verified)Microsoft Windows Publisher]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
             <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>   [Microsoft Corporation]
        [HKEY_CURRENT_USER\Control Panel\Desktop]
             <SCRNSAVE.EXE><C:\WINDOWS\system32\scrnsave.scr>   [(Verified)Microsoft Windows Publisher]
        ==================================
        启动文件夹
        N/A
        ==================================
        服务
        [Bluetooth Service / btwdins][Running/Auto Start]
           <C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
        [Intel? PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
           <C:\Program Files\Intel\WiFi\bin\EvtEng.exe><Intel(R) Corporation>
        [FHPService / FHPService][Running/Auto Start]
           <C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe><>
        [Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start]
           <C:\Program Files\金山\ksmsvc.exe><Kingsoft Corporation>
        [NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
           <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
        [Intel? PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
           <C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe><Intel(R) Corporation>
        [Rav Service / RsRavMon][Running/Auto Start]
           <"C:\Program Files\Rising\Rav\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
        [RFW Service / RsRFWMon][Running/Auto Start]
           <"C:\Program Files\Rising\RFW\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
        [Intel?PROSet/Wireless WiFi Service / S24EventMonitor][Running/Auto Start]
           <C:\Program Files\Intel\WiFi\bin\S24EvMon.exe><Intel(R) Corporation>
        [Supplicant Service / SuService][Running/Auto Start]
           <D:\软件\联通\SuService.exe><锐捷网络>
        [主动防御 / ZhuDongFangYu][Running/Auto Start]
           <"C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe"><360.cn>
        ==================================
        驱动程序
        [360SelfProtection / 360SelfProtection][Running/System Start]
           <system32\drivers\360SelfProtection.sys><360安全中心>
        [Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
        
        IP属地:安徽4楼2010-03-12 20:39
        回复
          [qutmipc / qutmipc][Running/System Start]
             <\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心>
          [Rising RfwARP Driver / RFWARP][Running/Auto Start]
             <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
          [Rising RfwBase Driver / RfwBase9][Running/Manual Start]
             <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
          [rfwtdi / rfwtdi][Running/Auto Start]
             <\??\C:\Program Files\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
          [rsassist / rsassist][Running/Auto Start]
             <system32\drivers\rsassist.sys><Beijing Rising Information Technology Co., Ltd.>
          [rsfwdrv / rsfwdrv][Running/System Start]
             <\??\C:\Program Files\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
          [RsNTGDI / RsNTGDI][Running/Boot Start]
             <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
          [RsProtect / RsProtect][Running/System Start]
             <system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
          [WLAN 传输 / s24trans][Running/Auto Start]
             <system32\DRIVERS\s24trans.sys><Intel Corporation>
          [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
             <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
          [Secdrv / Secdrv][Stopped/Manual Start]
             <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
          [sptd / sptd][Running/Boot Start]
             <\SystemRoot\System32\Drivers\sptd.sys><N/A>
          [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
             <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
          [TCP/IP Protocol Driver / Tcpip][Running/System Start]
             <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
          [TesDrvPt / TesDrvPt][Stopped/Manual Start]
             <\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
          [TesSafe / TesSafe][Stopped/Manual Start]
             <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
          [TSKSP / TSKSP][Stopped/Manual Start]
             <\??\C:\Program Files\Tencent\QQDoctor\TSKSP.sys><Tencent>
          [ITECIR Hid Driver / vhidmini][Running/Manual Start]
             <system32\DRIVERS\ITEhidCIR.sys><ITE Tech. Inc.>
          [WSVD / WSVD][Stopped/Manual Start]
             <\??\C:\WINDOWS\system32\drivers\WSVD.sys><CyberLink>
          ==================================
          浏览器加载项
          [HaoKanBar BrowserHelper]
             {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\软件\超级兔子\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
          [超级兔子上网精灵]
             {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\软件\超级兔子\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
          
          IP属地:安徽6楼2010-03-12 20:39
          回复
            [DapCtrl Class]
               {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5915.268.(821).dll, (Signed) 深圳市迅雷网络技术有限公司>
            [SafeMon Class]
               {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360安全中心>
            [MiniFlashGetBHO]
               {C74E94A7-B7BD-4891-9328-455395BCC7AD} <D:\软件\迷你快车\libMiniBHO.dll, (Signed) FlashGet Inc>
            []
               {CCA281CA-C863-46EF-9331-5C8D4460577F} <, >
            [Shockwave Flash Object]
               {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx, (Signed) Adobe Systems, Inc.>
            [XPPlayer Class]
               {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.59150.261.(820).dll, (Signed) 深圳市迅雷网络技术有限公司>
            []
               {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
            ==================================
            正在运行的进程
            [PID: 800 / SYSTEM][\SystemRoot\System32\smss.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
            [PID: 1444 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
            [PID: 1476 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
                 [C:\WINDOWS\system32\netprovcredman.dll]   [Intel(R) Corporation, 12, 2, 0, 0]
            [PID: 1520 / SYSTEM][C:\WINDOWS\system32\services.exe]   [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)]
            [PID: 1532 / SYSTEM][C:\WINDOWS\system32\lsass.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
            [PID: 1696 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]   [NVIDIA Corporation, 6.14.11.8615]
                 [C:\WINDOWS\system32\nvapi.dll]   [NVIDIA Corporation, 6.14.11.8615]
            [PID: 1728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
            [PID: 1796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]   [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
            [PID: 1824 / SYSTEM][D:\软件\联通\SuService.exe]   [锐捷网络, 1, 0, 0, 2]
            [PID: 1848 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe]   [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
                 [C:\Program Files\Rising\Rav\combase.dll]   [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
                 [C:\Program Files\Rising\Rav\cnt09.dll]   [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
                 [C:\Program Files\Rising\Rav\moncomm.dll]   [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
            IP属地:安徽8楼2010-03-12 20:39
            回复

              扫二维码下载贴吧客户端

              下载贴吧APP
              看高清直播、视频!
              • 5回复贴,共1
              发表回复
              发贴请遵守贴吧协议及“七条底线”贴吧投诉
              内  容:
                查看全部
              发 表
              保存至快速回贴

              发布成功
              去贴吧APP订阅抽奖结果通知
              扫码进入贴吧APP
              ···········
              开奖后第一时间站内信通知
              ···········
              中奖结果全员公示