瑞星卡卡安全论坛

2006-11-23,13:51:04

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <VTPreset><; VTPreset.exe>  [(Verified)S3 Graphics, Inc.]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <CertAutoRegX><C:\PROGRA~1\ITOWNX~1\CertRegX.exe>  [M&W]
    <eKeyDaemon><"D:\Program Files\iTowNet\信城通桌面安全套件 V2.5.12\eKeyDaemon.exe">  [北京信城通数码科技有限公司]
    <MsnQun><; C:\Program Files\MsnQun\MsnQun.exe>  [Yoozone]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [N/A]
    <{82241403-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\h2241403.log>  [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]
    <{8C9BBB32-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\hc9bbb32.log>  [N/A]

==================================
启动文件夹
[Microtek 扫描仪探测器]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microtek 扫描仪探测器.lnk --> C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <E:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetOp Helper ver. 7.50 (2003048) / NetOp Host for NT Service]
  <"E:\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE"><Danware Data A/S>
[SevenSword Service / SevenSword]
  <C:\WINDOWS\System32\SevenSowrdSvr.exe><N/A>

==================================

驱动程序
[2655203 / 2655203]
  <System32\drivers\2655203.sys><N/A>
[3250750 / 3250750]
  <System32\drivers\3250750.sys><N/A>
[a0 / a0]
  <\SystemRoot\System32\drivers\2655203.sys><N/A>
[BIOS / BIOS]
  <\??\C:\WINDOWS\System32\drivers\BIOS.sys><BIOSTAR Group>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\E:\ewido anti-spyware 4.0\guard.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[NetOp Driver 1 ver. 7.50 (2003048) / NHostNT1]
  <\SystemRoot\System32\Drivers\NHOSTNT1.SYS><Danware Data A/S>
[NetOp Driver 3 ver. 7.50 (2003048) / NHOSTNT3]
  <\SystemRoot\System32\Drivers\NHOSTNT3.SYS><Danware Data A/S>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3Psddr / S3Psddr]
  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[USB eKey / UsbKDev]
  <System32\DRIVERS\UsbKDev.sys><N/A>
[iTowNet USB Key Device / utkey]
  <System32\Drivers\utkey.sys><Union Technology>
[iTowNet Virtual SmartCard / utvsc]
  <System32\DRIVERS\utvsc.sys><Union Technology>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <E:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[MessengerStatsClient Class]
  {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[导出到 Microsoft Excel(&x)]
  <res://E:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>

==================================

正在运行的进程
[PID: 720][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 776][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 844][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 856][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1180][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1208][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1464][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 16, 0, 0]
    [C:\WINDOWS\system32\NRPMONNT.DLL]  [Danware Data A/S, 7.50 (2003048)]
[PID: 1656][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [C:\WINDOWS\System32\h2241403.log]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\hc9bbb32.log]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\PROGRA~1\3721\alrex.dll]  [, 1, 0, 1, 1001]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 9, 1329]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [E:\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [E:\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1912][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 456][E:\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE]  [Danware Data A/S, 7.50 (2003048)]
[PID: 1172][C:\WINDOWS\System32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
[PID: 1728][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\ms822414.dll]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
[PID: 320][C:\PROGRA~1\ITOWNX~1\CertRegX.exe]  [M&W, 2, 0, 0, 3]
    [C:\WINDOWS\System32\xcsp_eclib.dll]  [M&W L.t.d, 2, 0, 2, 6]
    [C:\WINDOWS\System32\HookDev.dll]  [mw, 1, 0, 1, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
[PID: 348][D:\Program Files\iTowNet\信城通桌面安全套件 V2.5.12\eKeyDaemon.exe]  [北京信城通数码科技有限公司, 2.4.0.14]
    [C:\WINDOWS\System32\UTAdmDll.dll]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\System32\utsec.DLL]  [N/A, N/A]
    [C:\WINDOWS\System32\WKCSPIC.dll]  [UNION Technology, 2, 55, 0, 681]
[PID: 364][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 9, 1329]
    [C:\PROGRA~1\3721\notifier.dll]  [, 1, 0, 0, 5]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 400][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
[PID: 524][E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.86]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [E:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[PID: 1552][C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard 5\SFRes.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\Msmgr32.dll]  [Microtek International Inc., 3.3]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MS32RES.DLL]  [Microtek International Inc., 3.3]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MPHASE32.DLL]  [N/A, N/A]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\MSSTI.DLL]  [Microtek International Inc., 1.62.4]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [C:\Program Files\Microtek\ScanWizard 5\scanners\SME432.DLL]  [Microtek International Inc., 1.11]
[PID: 1580][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\MSMWUD13.dll]  [Microtek International Inc., 1.2.0]
    [C:\WINDOWS\System32\MSMe4W.DLL]  [Microtek International Inc., 1.00]
[PID: 428][E:\SRENG\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\Program Files\82241403\91f29088.dll]  [N/A, N/A]
    [E:\SRENG\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

支持你仍用xpsp1,和我电脑一样会有这么多问题

运行System Repair Engineer 启动项目，服务，win32服务应用程序，勾选隐藏微软服务后删除
[SevenSword Service / SevenSword]
<C:\WINDOWS\System32\SevenSowrdSvr.exe><N/A>
删除C:\WINDOWS\System32\SevenSowrdSvr.exe
http://www.pctutu.com/下载超级兔子清理流氓软件

启动项目，注册表，删除
<load><> [N/A]
<run><> [N/A]
<{8C9BBB32-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\hc9bbb32.log> [N/A]
删除C:\WINDOWS\System32\hc9bbb32.log
其他的不动了，用超级兔子清去吧