【求助】帮忙给看看这些信息哪些有问题 bbs.ikaka.com

ELVA的fans - 2007-8-15 21:27:00

谢谢！~
当前运行的进程：

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
D:\TENCENTQQ\QQ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\TENCENTTM\TMDLLS\TIMPLATFORM.EXE
D:\SKYNET\FIREWALL\PFW.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 500\APP\ENTERNET.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\HIJACK\HIJACKTHIS1991汉化版\HIJACKTHIS1991ZWW.EXE

--------------------------------------------------

文件夹中的启动项

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\启动]
腾讯QQ.lnk = D:\tencentQQ\QQ.exe
QQ游戏启动加速程序.lnk = D:\QQGame\Accel.exe

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

internat.exe = internat.exe
SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

文件打开方式关联 for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) = NOTEPAD.EXE %1

--------------------------------------------------

外壳扩展和屏幕保护程序的键值从 C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 15/8/2007, 19:38:8)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 15/8/2007, 17:55:18)

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;\COMMAND;C:\KAV2003;\
if exist C:\WINDOWS\TEMP\KAVMove.BAT call C:\WINDOWS\TEMP\KAVMove.BAT
if exist C:\WINDOWS\TEMP\KAVMove.BAT del C:\WINDOWS\TEMP\KAVMove.BAT
if exist C:\WINDOWS\TEMP\KAVMove.EXE del C:\WINDOWS\TEMP\KAVMove.EXE
PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

if exist C:\WINDOWS\TEMP\KAVMove.BAT call C:\WINDOWS\TEMP\KAVMove.BAT
if exist C:\WINDOWS\TEMP\KAVMove.BAT del C:\WINDOWS\TEMP\KAVMove.BAT
if exist C:\WINDOWS\TEMP\KAVMove.EXE del C:\WINDOWS\TEMP\KAVMove.EXE

--------------------------------------------------

列举IE浏览器辅助对象(BHO模块):

(no name) - D:\FLASHGET\JCCATCH.DLL - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
ThunderBHO - D:\迅雷5\COMDLLS\XUNLEIBHO_002.DLL - {889D2FEB-5411-4565-8998-1DD2C5261283}

--------------------------------------------------

列举“计划任务”服务:

启用 Application Start.job

--------------------------------------------------

列举下载的程序文件：

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9D.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[FcBoot Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FCBOOT.DLL
CODEBASE = http://www.kele8.com/game/system/activex/fcboot.cab

[Netease Chat Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CHAT.OCX
CODEBASE = http://nchat.163.com/chat.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1086/V31Controls/x86/w98/zhcn/actsetup.cab

[Timer Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IETIMER.OCX
CODEBASE = http://www.hljav.com/tools/ietimer.cab

[ClientAuthX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\CLIENT~1\CLIENT~1.OCX
CODEBASE = http://www.hljav.com/tools/ClientAuthX.cab

[Fc2Boot Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FC2BOOT.DLL
CODEBASE = http://h5.kele8.com/onet/ActiveX/fc2boot.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38054.6800462963

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[搜狐工具栏]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOHUTO~1.DLL
CODEBASE = http://images.sohu.com/toolbar/SohuToolbar.cab

[QDiagLEUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGLE.OCX
CODEBASE = http://www.lenovohelp.com/html/qdiagle.cab

[TrainerOCX Control]
InProcServer32 = C:\PROGRA~1\WEBCYB~1\7_LEGEND\TRAINE~1.OCX
CODEBASE = http://www.lenovohelp.com/ccversions/8/install/installer.cab

[ComputerInfo Class]
InProcServer32 = C:\WINDOWS\SYSTEM\LENOVO\INFOCOLLECT\INFOCOLLECT.DLL
CODEBASE = http://rst.lenovo.com/ibis/client/mail/download/InfoCollect.cab

[Edit Class]
InProcServer32 = C:\WINDOWS\SYSTEM\CMBEDIT.DLL
CODEBASE = https://www.sz1.cmbchina.com/download/CMBEdit.cab

[PBActiveX40 Control]
InProcServer32 = C:\WINDOWS\SYSTEM\CMBPB40.OCX
CODEBASE = http://www4.bj.cmbchina.com/download/pb45.cab

[WebActivater Control]
InProcServer32 = C:\WINDOWS\SYSTEM\WEBACT~1.OCX
CODEBASE = http://game.qq.com/QQGame2.cab

[AxSubmitControl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL
CODEBASE = https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab

[WebActivater Control]
InProcServer32 = C:\WINDOWS\SYSTEM\3DSHOWVM.OCX
CODEBASE = http://dl_dir.qq.com/3dshow/3DShowVM.cab

[{A4639D2F-774E-11D3-A490-00C04F6843FB}]
CODEBASE = http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

[{CF85459D-DFA7-4028-A065-3C6D1356DCC8}]
CODEBASE = http://gd.chinavnet.com/CertInstall.cab

[pCastPanel Class]
InProcServer32 = C:\PROGRAM FILES\MOP\P2P\PCASTCTL.DLL
CODEBASE = http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.95_signed.cab

[GUpdate Class]
InProcServer32 = C:\PROGRAM FILES\MOP\P2P\GUPDATE.DLL
CODEBASE = http://ps.itv.mop.com/update/update/GUpdate-1.0.0.10-signed.cab

[PasswordEditCtrl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QQEDIT\QQEDIT.DLL
CODEBASE = https://password.qq.com/download/qqedit2.cab

[Tencent Safety Online Base Module]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TSOBASE.OCX
CODEBASE = http://safe.qq.com/cgi-bin/tso/TSOBase.ocx

[MMCPlayer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MMCSHELL.DLL
CODEBASE = http://p3p.sogou.com/MMCShell.cab

[{5AB9367B-DD7F-411D-A030-DF7DE5E17AAE}]
CODEBASE = http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab

[ClientATXCtrl Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CLIENT~1.OCX
CODEBASE = http://www.wayi.com.tw/gameup/ClientATXCtrl.cab

[EditCtrl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\ALIEDIT\ALIEDIT.DLL
CODEBASE = https://img.alipay.com/download/1101/aliedit.cab

[BSSPAX02 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BSSPAX02.OCX
CODEBASE = http://221.208.250.138/BSSPAX02.cab

[日历控件 9.0]
InProcServer32 = C:\WINDOWS\SYSTEM\MSCAL.OCX
CODEBASE = http://221.208.250.138/MyCal.CAB

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
报告完毕，共 8,491 字节
报告生成用时：4.529秒

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Mozilla/4.0(Compatible RogueCleanerEmbeddedWB- 14.58 from: http://bsalsa.com/ ; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-EmbeddedWB 14.58 http://bsalsa.com/ EmbeddedWB- 14.58 from: http://bsalsa.com/ )

瑞星卡卡安全论坛