[CODE]

2007-04-21,19:04:21

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <ds5w50qwy><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe>  []
    <7ce><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe>  []
    <2g2rszq><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe>  []
    <734><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>  []
    <e><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe>  []
    <3yi27ifk><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe>  []
    <z><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servera.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)>  [N/A]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
    <WinlogonNotify: DfLogon><LogonDll.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[DFServEx / DFServEx][Running/Auto Start]
  <C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe><Hyper Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[100133 / 100133][Running/Boot Start]
  <\SystemRoot\System32\drivers\100133.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB2.0 PC Camera 301P / ZSMC0305][Stopped/Manual Start]
  <System32\Drivers\usbVM305.sys><Vimicro Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[NaviHelperObj Class]
  {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\tencent\QQ\QQ.EXE, TENCENT>
[鹅城影视]
  {DD1A363E-7803-4d06-923D-367BEE305F94} <http://www.hznets.com, N/A>
[NaviHelperObj Class]
  {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 1244][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
[PID: 1548][C:\WINDOWS\VM_STI.EXE]  [Vimicro, 4, 2, 1124, 6]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
[PID: 1556][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080][E:\Program Files\tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\Program Files\tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\Program Files\tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\Program Files\tencent\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\Program Files\tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [E:\Program Files\tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\Program Files\tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\Program Files\tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
[PID: 1264][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NaviHelper.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1252][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1440][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1496][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1124][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1144][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][C:\Documents and Settings\Administrator\桌面\sreng2[1].4\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

只有e盘没有设置还原精灵保护，然后e盘所有.exe文件都中了。不过幸亏是网吧的电脑中的。。。。。。

不知道是不是，反正瑞星4.20的病毒库杀不到这个毒，今天也有人发过关于这个毒的贴子。C:\WINDOWS\system32\NaviHelper.dll] [TODO: <公司名>, 1.0.0.1瑞星只杀了个这个。