[CODE]

2008-03-18,08:52:56

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [Nero AG]
    <SandboxieControl><; C:\Program Files\Sandboxie\Control.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\dnsq.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><C:\WINDOWS\System32\XPSTYLE_ThemePackage\Logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
  <"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
  <d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NMIndexingService / NMIndexingService][Stopped/Disabled]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Disabled]
  <C:\WINDOWS\System32\HPZipm12.exe><HP>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[avgntdd / avgntdd][Running/System Start]
  <SYSTEM32\DRIVERS\avgntdd.sys><Avira GmbH>
[avgntmgr / avgntmgr][Running/Boot Start]
  <\SystemRoot\SYSTEM32\DRIVERS\avgntmgr.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
  <System32\DRIVERS\avipbb.sys><AVIRA GmbH>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
  <System32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Running/Manual Start]
  <System32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
  <System32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[Motorola Inc. USB Device / MotDev][Stopped/Manual Start]
  <System32\DRIVERS\motodrv.sys><Motorola Inc>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  <System32\DRIVERS\motmodem.sys><Motorola>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Protector / Protector][Running/System Start]
  <system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[ssmdrv / ssmdrv][Running/System Start]
  <System32\DRIVERS\ssmdrv.sys><Avira GmbH>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\System32\SVKP.sys><AntiCracking>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[VCD VNC Virtual Network Adapter / vcddev][Stopped/Manual Start]
  <System32\DRIVERS\vcdvnic.sys><VNN B.J.>
[Virtual Serial port driver / VComm][Running/Manual Start]
  <System32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XDva048 / XDva048][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva048.sys><N/A>
[Filseclab Packet Filter / XPacket][Running/Boot Start]
  <\SystemRoot\System32\xpacket.sys><Filseclab Corporation>
[ZSMC USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\TuZiThunder-v5.7.4\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\TuZiThunder-v5.7.4\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe-v3.64beta\safemon\safemon.dll, 奇虎网>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[Test2 Control]
  {124C5F0D-DD02-4150-8F59-0F3E712F2BC8} <C:\WINDOWS\DOWNLO~1\test2.ocx, wenjin>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[SSReaderPlug]
  {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\DOWNLO~1\SSREAD~1.DLL, 北京超星>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\aliedit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\System32\INPUTC~1.DLL, >
[MabinogiWebAvatarRenderer Class]
  {7623BE59-D4CF-4379-ABC4-B39E11854D66} <C:\WINDOWS\Downloaded Program Files\mabiwebframe.dll, devcat>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[BtecKBase Class]
  {E75D308D-B903-11D4-BD46-0050BA6E0CA5} <C:\WINDOWS\DOWNLO~1\BTECKB~1.DLL, Beijing BtecK Co, .Ltd(CHINA)>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\TuZiThunder-v5.7.4\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Detecter Class]
  {2C48F48F-01A6-4593-A678-C7DA83C55719} <C:\WINDOWS\system32\SecCtl.dll, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\System32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Init_Tool Control]
  {399C2756-84D4-4AC5-9E86-288340334FB1} <C:\WINDOWS\system32\INIT_T~1.OCX, Microsoft>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\System32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\TuZiThunder-v5.7.4\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\aliedit.dll, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe-v3.64beta\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )

各种杀软均不能运行，不能进入安全模式

试试专杀工具，还有这贴附件中的工具http://forum.ikaka.com/topic.asp?board=28&artid=8436148

还能扫日志，，还算好的了。呵呵。

我的电脑到底中没中病毒?
昨天晚上,我的杀软(瑞星)突然显示文件监控不能正常打开,我赶快在瑞星主页查看,按照磁碟机的那些特征找文件,没有.
下了瑞星那个安全环境运行工具,结果每次运行,都显示已经有磁碟机在运行,电脑立即重启.
我的电脑可以进入安全模式,在安全模式杀毒没毒.后来也没见杀出病毒.我把系统盘一键恢复了.然后杀软正常.但是安全环境运行工具仍然是那个提示.
把杀软中自带的专杀工具升级到最新,磁碟机专杀也没杀出什么.
请大虾指教,我的电脑到底中没中毒?

引用:

【nilifeng6789的贴子】我的电脑到底中没中病毒? 昨天晚上,我的杀软(瑞星)突然显示文件监控不能正常打开,我赶快在瑞星主页查看,按照磁碟机的那些特征找文件,没有. 下了瑞星那个安全环境运行工具,结果每次运行,都显示已经有磁碟机在运行,电脑立即重启. 我的电脑可以进入安全模式,在安全模式杀毒没毒.后来也没见杀出病毒.我把系统盘一键恢复了.然后杀软正常.但是安全环境运行工具仍然是那个提示. 把杀软中自带的专杀工具升级到最新,磁碟机专杀也没杀出什么. 请大虾指教,我的电脑到底中没中毒? ………………

运行磁碟机专杀工具反复提示需要重启，可能是以下某种情况导致：
1、任意分区根目录下存在名为 autorun.inf 的文件或文件夹；
2、任意分区根目录下存在名为 pagefile.pif 的文件或文件夹；
3、%windir%\system32下存在名为 dnsq.dll 的文件或文件夹；
4、%windir%\system32\com下存在名为 lsass.exe 的文件或文件夹；
5、%windir%\system32\com下存在名为 smss.exe 的文件或文件夹；
6、%windir%\system32\com下存在名为 netcfg.000 的文件或文件夹；
7、%windir%\system32\com下存在名为 netcfg.dll 的文件或文件夹；
8、%systemdrive%下存在名为 netapi000.sys 的文件或文件夹；

如果是文件夹，通常都是免疫程序生成的，并不代表存在病毒，如果要用专杀的话可以把文件夹改名后再试。

SREng 位置：系统修复--> 浏览器加载项(BHO) 下的如下项目删除
[Detecter Class]
  {2C48F48F-01A6-4593-A678-C7DA83C55719} <C:\WINDOWS\system32\SecCtl.dll, >