在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OY8ISBUV\i23[1].exe->$SYSDIR\inf\dotnetfc1.exe 中发现 TrojanDownloader.Small.zoz 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G8I1BU4N\ThunderBHONew[1].dll 中发现 TrojanDownloader.Agent.xfu 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G8I1BU4N\10033[1].exe 中发现 TrojanDownloader.Delf.jpx 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G8I1BU4N\10033[2].exe 中发现 TrojanDownloader.Delf.jpx 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HISBLVEO\d39[1].exe->$COMMONFILES\CPUSH\cpush.dll 中发现 TrojanDownloader.Murlo.eb 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HISBLVEO\i23[1].exe->$SYSDIR\inf\dotnetfc1.exe 中发现 TrojanDownloader.Small.zoz 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MB8XQTZO\my_70349[1].exe 中发现 TrojanDownloader.Agent.aatp 病毒, 已删除
在 C:\WINDOWS\d39.exe->$COMMONFILES\CPUSH\cpush.dll 中发现 TrojanDownloader.Murlo.eb 病毒, 已删除
在 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OY8ISBUV\10033[1].exe 中发现 TrojanDownloader.Delf.jpx 病毒, 已删除
在 C:\WINDOWS\system32\i23.exe->$SYSDIR\inf\dotnetfc1.exe 中发现 TrojanDownloader.Small.zoz 病毒, 已删除
在 C:\WINDOWS\system32\inf\d03.exe->$COMMONFILES\CPUSH\cpush.dll 中发现 TrojanClicker.Agent.uz 病毒, 已删除
2008-06-14,09:20:48
System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<RTHDCPL><; RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Alcmtr><ALCMTR.EXE> [(Verified)Microsoft Windows Publisher]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher]
<LManager><C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE> [(Verified)Dritek System Inc.]
<KVMON><"D:\JiangMin\AntiVirus\KVMonXP.kxp"> [(Verified)Beijing Jiangmin New Sci.&Tec. Co. Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\KVSCRK~1.SCR> [Jiangmin Co., Ltd.]
==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><H>
==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Manual Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<D:\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Symantec Core LC / Symantec Core LC][Stopped/Manual Start]
<C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe><>
==================================
驱动程序
[1ikv / 1ikv][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\1ikv.sys><N/A>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
<system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BsDeamon / BsDeamon][Running/System Start]
<\??\D:\JiangMin\AntiVirus\BsDeamon.sys><Jiangmin Co., Ltd.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Intel AHCI Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[KRegEx / KRegEx][Running/Auto Start]
<\??\D:\JiangMin\antivirus\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
<\??\D:\JiangMin\common\KSysCall.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - System Monitor / KSysMon][Running/System Start]
<\??\D:\JiangMin\AntiVirus\KSysMon.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
<\??\D:\JiangMin\AntiVirus\KSysTrace.sys><Jiangmin Co., Ltd.>
[KVFileGuard From Jiangmin / KVFileGuard][Running/Manual Start]
<\??\D:\JiangMin\AntiVirus\KVfg.sys><Jiangmin Co., Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
<\??\D:\JiangMin\AntiVirus\KVREDIR.sys><Jiangmin Co., Ltd.>
[Intel(R) Wireless WiFi Link 适配器驱动程序(适用于 Windows XP 32 位) / NETw4x32][Running/Manual Start]
<system32\DRIVERS\NETw4x32.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
<system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Symantec Network Security Intermediate Filter Service / SymIM][Stopped/Manual Start]
<system32\DRIVERS\SymIM.sys><N/A>
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
<\SystemRoot\system32\Drivers\SysGuard.sys><Jiangmin Co., Ltd.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
<system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
[ytfg0 / ytfg04][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ytfg04.sys><N/A>
==================================
浏览器加载项
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\MACROMED\FLASH\SWFLASH.OCX, Macromedia, Inc.>
[Thunder5下载]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\ThunderBHONew.dll, N/A>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\JiangMin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\MACROMED\FLASH\SWFLASH.OCX, Macromedia, Inc.>
[RegisterHelper Class]
{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\JiangMin\AntiVirus\UrlGuard.dll, Jiangmin Co., Ltd.>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 1296 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1440 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1488 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1648 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1728 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1800 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 332 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 384 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 1, 13]
[PID: 1180 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.0145]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0145]
[PID: 1344 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 272 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / user][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\JiangMin\AntiVirus\KsPec.dll] [Jiangmin Co., Ltd., 1, 0, 8, 317]
[D:\JiangMin\common\KvTrust.dll] [Jiangmin Co., Ltd., 10, 0, 8, 326]
[D:\JiangMin\common\KvTools.dll] [Jiangmin Co., Ltd., 2, 0, 7, 1224]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 717]
[C:\WINDOWS\system32\kvinstall.dll] [Jiangmin Co.,Ltd, 2, 0, 7, 831]
[D:\JiangMin\common\KvTrustInit.dll] [Jiangmin Co., Ltd., 11, 0, 8, 327]
[C:\WINDOWS\system32\9sdb.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\JiangMin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 2, 0, 7, 1018]
[D:\JiangMin\AntiVirus\lang\kvxp0804.lng] [N/A, ]
[D:\JiangMin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 2, 0, 7, 828]
[D:\JiangMin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0145]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0145]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[PID: 924 / user][C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE] [Dritek System Inc., 1, 0, 6, 523]
[C:\PROGRA~1\LAUNCH~1\CDRomUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\LAUNCH~1\ComFnUtl.dll] [Dritek System Inc., 1, 0, 0, 711]
[C:\PROGRA~1\LAUNCH~1\MixerUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\LAUNCH~1\OSDUtl.dll] [Dritek System Inc., 1, 0, 3, 309]
[C:\PROGRA~1\LAUNCH~1\RgnMaker.dll] [Dritek System Inc., 12.07.1999 ( VC60 )]
[C:\PROGRA~1\LAUNCH~1\SzUPFUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\LAUNCH~1\Wnd2File.dll] [Dritek System Inc., 3.00]
[C:\PROGRA~1\LAUNCH~1\SzPtcUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\LAUNCH~1\LgKCUtl.Dll] [Dritek System Inc., 2, 0, 2, 1007]
[C:\PROGRA~1\LAUNCH~1\DialCnt.Dll] [Dritek System Inc., 2, 1, 0, 1]
[C:\PROGRA~1\LAUNCH~1\MMDUtl.DLL] [Dritek System Inc., 1, 2, 8, 2813]
[C:\WINDOWS\system32\NvCpl.dll] [NVIDIA Corporation, 6.14.11.0145]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0145]
[C:\PROGRA~1\LAUNCH~1\NTKCUtl.dll] [Dritek System Inc., 1.00]
[PID: 904 / user][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700 / user][E:\sre\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\sre\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
