我们公司电脑上的病毒，搞不掉啊 bbs.ikaka.com

hthczz - 2007-1-11 16:43:00

杀毒软件不报，但是查出了一些，可是修复不了，也删不掉
现在只好传日志，专家们帮解决下，感谢了！

2007-01-11,16:23:04

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<svcshare><C:\WINDOWS\system32\drivers\spoclsv.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<RegServer><regserve.exe> [(Verified)N/A]
<TridentWatchDog><twatdog.exe> [(Verified)N/A]
<DAEMON Tools-2052><"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<fzg><C:\Program Files\Config\svhost32.exe> [N/A]
<cimemli><C:\WINDOWS\system32\cimemli.exe> [N/A]
<ciomemlie><C:\WINDOWS\system32\cimemli32.exe> [N/A]
<Realtime Monitor><C:\PROGRA~1\CA-JIN~1\KILL\realmon.exe> [Computer Associates International, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KILL RPC Server / InoRPC][Running/Auto Start]
<"C:\Program Files\CA-Jinchen\KILL\InoRpc.exe"><Computer Associates International, Inc.>
[KILL Realtime Server / InoRT][Running/Auto Start]
<"C:\Program Files\CA-Jinchen\KILL\InoRT.exe"><Computer Associates International, Inc.>
[KILL Job Server / InoTask][Running/Auto Start]
<"C:\Program Files\CA-Jinchen\KILL\InoTask.exe"><Computer Associates International, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[d346bus / d346bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[INO_FLPY / INO_FLPY][Running/Boot Start]
<\SystemRoot\system32\Drivers\ino_flpy.sys><Computer Associates International, Inc.>
[INO_FLTR / INO_FLTR][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\ino_fltr.sys><Computer Associates International, Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start]
<system32\DRIVERS\LTSM.sys><LT>
[tridxp4 / tridxp4][Running/Manual Start]
<system32\DRIVERS\tridxp4m.sys><Trident Microsystems Inc.>
[Intel(R) PRO/Wireless 2100 Adapter 驱动程序 / w70n51][Running/Manual Start]
<system32\DRIVERS\w70n51.sys><Intel? Corporation>

hthczz - 2007-1-11 16:44:00

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 752][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[PID: 892][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1308][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1364][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1912][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1956][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\cimemost.dll] [N/A, N/A]
[C:\WINDOWS\system32\cimemost32.dll] [N/A, N/A]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\CA-Jinchen\KILL\InoShell.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\LANG\KILL\iShellres.dll] [冠群金辰, 6.0.200.0]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 408][C:\WINDOWS\system32\twatdog.exe] [N/A, N/A]
[C:\WINDOWS\system32\GenCtrl.dll] [, 6,14,01,0005]
[C:\WINDOWS\system32\TVCtrl.dll] [, 6,14,01,0005]
[PID: 440][C:\Program Files\D-Tools\daemon.exe] [DAEMON'S HOME, 3.46.0.0]
[C:\WINDOWS\daemon.dll] [N/A, 3.46.0.0]
[C:\Program Files\D-Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll] [N/A, 1.0.2.0]
[C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.01.0.0]
[C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.02.0.0]
[C:\Program Files\D-Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[PID: 448][C:\Program Files\Config\svhost32.exe] [N/A, N/A]
[C:\WINDOWS\system32\dllf.dll] [N/A, N/A]
[PID: 456][C:\WINDOWS\system32\cimemli.exe] [N/A, N/A]
[C:\WINDOWS\system32\cimemost.dll] [N/A, N/A]
[PID: 504][C:\WINDOWS\system32\cimemli32.exe] [N/A, N/A]
[C:\WINDOWS\system32\cimemost32.dll] [N/A, N/A]
[PID: 536][C:\PROGRA~1\CA-JIN~1\KILL\realmon.exe] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRA~1\CA-JIN~1\KILL\InConfig.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRA~1\CA-JIN~1\KILL\INOCORE.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRA~1\CA-JIN~1\KILL\InoOEM.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRA~1\CA-JIN~1\KILL\InDrvCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\DistCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRA~1\CA-JIN~1\KILL\LANG\KILL\Realmonres.dll] [冠群金辰, 6.0.200.0]
[C:\PROGRA~1\CA-JIN~1\KILL\secAPI.dll] [Computer Associates International, Inc., 6.0.312.0]
[PID: 544][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.0.0812.00]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\cimemost32.dll] [N/A, N/A]
[PID: 1228][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]

hthczz - 2007-1-11 16:44:00

[PID: 1352][C:\Program Files\CA-Jinchen\KILL\InoRpc.exe] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InConfig.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\INOCORE.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InoOEM.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\DistCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\ScanLog.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InocDB.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\LANG\KILL\wBkRsrcres.dll] [冠群金辰, 6.0.200.0]
[C:\Program Files\CA-Jinchen\KILL\InocAdn.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InDrvCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\secAPI.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\InoScan.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRAM FILES\CA\COMMON\SCANENGINE\ScanRes.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\RPCMtAdn.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\NameAPIX.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\RPCMtAPI.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InoAlert.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\albuild.dll] [Computer Associates International, Inc., 6, 0, 599, 0]
[C:\Program Files\CA-Jinchen\KILL\secAddIn.dll] [Computer Associates International, Inc., 6.0.312.0]
[PID: 1256][C:\Program Files\CA-Jinchen\KILL\InoRT.exe] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\ScanLog.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InConfig.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\INOCORE.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InoOEM.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InocDB.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\DistCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\LANG\KILL\wBkRsrcres.dll] [冠群金辰, 6.0.200.0]
[C:\Program Files\CA\Common\ScanEngine\InoScan.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRAM FILES\CA\COMMON\SCANENGINE\ScanRes.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\arclib.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\Avh32dll.dll] [N/A, N/A]
[PID: 1564][C:\Program Files\CA-Jinchen\KILL\InoTask.exe] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InoAlert.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\RPCMtAPI.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InoOEM.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InConfig.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\INOCORE.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InocDB.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\InDrvCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\ScanLog.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA\Common\ScanEngine\DistCfg.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\secAPI.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\Program Files\CA-Jinchen\KILL\LANG\KILL\wBkRsrcres.dll] [冠群金辰, 6.0.200.0]
[C:\Program Files\CA-Jinchen\KILL\albuild.dll] [Computer Associates International, Inc., 6, 0, 599, 0]
[C:\Program Files\CA\Common\ScanEngine\InoScan.dll] [Computer Associates International, Inc., 6.0.312.0]
[C:\PROGRAM FILES\CA\COMMON\SCANENGINE\ScanRes.dll] [Computer Associates International, Inc., 6.0.312.0]
[PID: 1496][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 2168][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 54616][\\192.168.8.28\驱动\系统扫描\SREng.EXE] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

瑞星卡卡安全论坛