瑞星卡卡安全论坛

公司近二十台计算机启机时桌面空白，进安全模式用360修复一下，有时正常，有时还是空白，用启动新任务explorer.exe的方法倒是能找回图标，但也不是长久之计啊，在网上搜索了好多说法，什么注册表里多了什么项，有什么病毒进程之类的说法，我都查过机子了，没有，就是找不到对症的，确不了诊，想请明师指点一下~~~

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
友情提示：
扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。
         
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <CCProxy><C:\CCProxy\CCProxy.exe>  []
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Adobe Photo Downloader><; "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe">  [Adobe Systems Incorporated]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <UIUCU><; C:\DOCUME~1\wsj\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S>  [N/A]
    <WinampAgent><; C:\Program Files\Winamp1\winampa.exe>  []

启动文件夹
N/A

==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[SMS Agent Host / CcmExec][Running/Auto Start]
  <C:\WINDOWS\system32\CCM\CcmExec.exe><Microsoft Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Security Machine Manager / DATEING][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\GRJRX.DLL,Export 1087><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Running/Auto Start]
  <E:\软件备份\ewido_4.0.0.172c_3.3\ewido_4.0.0.172c_3.3\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Windows Auditor / JService][Running/Auto Start]
  <C:\WINDOWS\system32\jservice.exe><Microsoft Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C:\WINDOWS\System32\hpzipm12.exe><HP>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Screen Monitor / Screen Monitor][Running/Auto Start]
  <"C:\WINDOWS\system32\LanSecS\JMonitor.exe" /run><SBR Ltd.>
[Symantec Network Drivers Service / SNDSrvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SPBBCSvc / SPBBCSvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[TimeServer / TimeServer][Running/Auto Start]
  <C:\WINDOWS\system32\vnm\svchost.exe><N/A>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
  <"C:\WINDOWS\system32\WatchClient.exe" -service><>
[VNC Server Version 4 / WinVNC4][Running/Auto Start]
  <"C:\WINDOWS\system32\vnm\winvnc4.exe" -service><RealVNC Ltd.>

入口点错误：NtOpenProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：ZwOpenProcess (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：RegOpenKeyA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegOpenKeyW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegOpenKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegOpenKeyExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegCreateKeyA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegCreateKeyW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegCreateKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegCreateKeyExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：RegDeleteKeyW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindFirstFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindFirstFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：MoveFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：MoveFileExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：MoveFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：MoveFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CreateFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CopyFileA (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CopyFileExA (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CopyFileExW (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)
入口点错误：CopyFileW (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\prtHook.dll)