瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 帮帮我,我的计算机被病毒入侵了,杀不了!谢谢!

1   1  /  1  页   跳转

帮帮我,我的计算机被病毒入侵了,杀不了!谢谢!

收藏
红红同学
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-03-22
  • 来自:
发表于: 2007-03-22 18:33 | 只看楼主 短消息 资料
字号: 1楼

帮帮我,我的计算机被病毒入侵了,杀不了!谢谢!

[CODE]

2007-03-22,18:13:46

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Power2GoExpress><"C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup>  [Cyberlink]
    <Google Desktop Search><; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <EzButton><C:\PROGRA~1\EzButton\EzButton.EXE>  [Dritek System Inc.]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Alps Electric Co., Ltd.]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Agere Systems]
    <EnergyUtility><C:\Program Files\Lenovo\EnergyCut\utilty.exe>  [TODO: <Company name>]
    <EnergyCut><C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe>  [N/A]
    <AnyComm_IncTray><"C:\Program Files\Lenovo\IGRS EasyShare\IncTray.exe">  [联想集团有限公司]
    <IgrsPortal><"C:\Program Files\Lenovo\IGRS EasyShare\IgrsPortal.exe">  [Lenovo Group Limited]
    <PCMService><"C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe">  [CyberLink Corp.]
    <kav><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <Sursen Live Update><"C:\WINDOWS\system32\SursenLiveUpdate\LiveUpdate.exe">  [(Verified)Sursen]
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <Thunder><"d:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[木马杀客2007]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\木马杀客2007.Lnk --> D:\TDDOWN~1\新1178~1\木马杀客\mmsk.exe [N/A]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
  <"C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
  <"C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe"><>
[CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
  <"C:\Program Files\Lenovo\ShuttleCenter\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
[General Updater/AutoUpdater Service / GUA][Running/Auto Start]
  <"C:\Program Files\lenovo\GUA\GUA.exe"><lenovo>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IGRS / IGRS][Running/Auto Start]
  <C:\Program Files\Lenovo\IGRS\IGRS.exe><联想集团有限公司>
[IGRSFILE / IGRSFILE][Running/Auto Start]
  <C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe><Lenovo Group Limited>
[IgrsFileShare / IgrsFileShare][Running/Auto Start]
  <"C:\Program Files\Lenovo\IGRS EasyShare\FileShare.exe"><联想集团有限公司>
[IgrsMonitor / IgrsMonitor][Running/Auto Start]
  <C:\WINDOWS\System32\IgrsSvcs.exe -k IgrsSvcs-->C:\Program Files\Lenovo\IGRS\Ext\IgrsMonitor.dll><联想集团有限公司>
[Intelligent Network Config / IncSvc][Running/Auto Start]
  <C:\WINDOWS\System32\IgrsSvcs.exe -k IgrsSvcs-->C:\Program Files\Lenovo\IGRS\Ext\IncSvc.dll><联想集团有限公司>
[Microsoft Update Service / iSPONER][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\UHQBO.DLL,Export 1087><Microsoft Corporation>
[MicroGrid DirectRouter / MicroGrid.DirectRouter][Running/Auto Start]
  <C:\WINDOWS\System32\IgrsSvcs.exe -k IgrsSvcs-->C:\Program Files\Lenovo\IGRS\Ext\router.dll><联想集团有限公司>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
  <"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>

==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <System32\Drivers\DKbFltr.sys><Dritek System Inc.>
[Dritek General Port I/O / DritekPortIO][Running/Auto Start]
  <\??\C:\PROGRA~1\EzButton\DPortIO.sys><Dritek System Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[jukb / jukby][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\jukby.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[msqmx / msqmx][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
  <system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Wireless Monitor & Config Protocol Driver / WMCDRV][Running/Auto Start]
  <system32\DRIVERS\wmcdrv.sys><Lenovo Group Limited>
最后编辑2007-03-22 19:35:56
分享到:
gototop
 
红红同学
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-03-22
  • 来自:
发表于: 2007-03-22 19:02 | 只看楼主 短消息 资料
字号: 2楼

==================================
浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, Microsoft Corporation>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[闪联任意通]
  {0C9B3AB9-DEDF-11D8-A2D4-0050FC464B19} <C:\Program Files\Lenovo\IGRS EasyShare\IgrsAnywhere.dll, 联想集团有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[闪联任意通]
  {0C9B3AB9-DEDF-11D8-A2D4-0050FC464B19} <C:\Program Files\Lenovo\IGRS EasyShare\IgrsAnywhere.dll, 联想集团有限公司>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 708][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 836][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1844][C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapEngine.dll]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\PCMRRec4.dll]  [CyberLink Corp., 4.01.2615]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSQLDBRec4.dll]  [, 4.01.1405]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvcps.dll]  [N/A, N/A]
[PID: 1860][C:\Program Files\Lenovo\ShuttleCenter\Kernel\CLML_NTService\CLMLServer.exe]  [Cyberlink, 2, 1, 0, 1815]
[PID: 1884][C:\Program Files\Lenovo\ShuttleCenter\Kernel\CLML_NTService\CLMLService.exe]  [Cyberlink, 2, 1, 0, 1815]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 1896][C:\Program Files\lenovo\GUA\GUA.exe]  [lenovo, 1.0.0.21]
[PID: 1916][C:\Program Files\Lenovo\IGRS\IGRS.exe]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\framework.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\ReliablePlugin.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\CorePlugin.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\SocketPlugin.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\BTComPlugin.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\SerialPortMonitor.dll]  [lenovo, 1, 0, 1, 19]
    [C:\Program Files\Lenovo\IGRS\ProxyPlugin.dll]  [联想集团有限公司, 1.0.1.217]
    [C:\Program Files\Lenovo\IGRS\SvcHostPlugin.dll]  [联想集团有限公司, 1.0.1.217]
[PID: 1940][C:\WINDOWS\System32\IgrsSvcs.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\lenovo\igrs\ext\igrsmonitor.dll]  [联想集团有限公司, 1, 2, 1, 21]
    [C:\WINDOWS\system32\IgrsApi.dll]  [Lenovo Group Limited, 1.0.1.195]
    [c:\program files\lenovo\igrs\ext\incsvc.dll]  [联想集团有限公司, 1, 0, 1, 14]
    [C:\WINDOWS\system32\wmcdrv.dll]  [Lenovo Group Limited, 3, 1, 0, 13]
    [c:\program files\lenovo\igrs\ext\router.dll]  [联想集团有限公司, 1, 5, 0, 17]
[PID: 1960][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
[PID: 364][C:\Program Files\Cyberlink\Shared files\RichVideo.exe]  [, 1.0.1321  ]
    [C:\Program Files\Cyberlink\Shared files\RichVideops.dll]  [N/A, N/A]
[PID: 588][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Lenovo\IGRS EasyShare\IgrsAnywhere.dll]  [联想集团有限公司, 1, 0, 2, 65]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
[PID: 1100][C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe]  [Lenovo Group Limited, 1, 0, 0, 4]
    [C:\WINDOWS\system32\IgrsApi.dll]  [Lenovo Group Limited, 1.0.1.195]
    [C:\Program Files\lenovo\IGRS Profiles\File Profile\Util.dll]  [N/A, 1, 0, 1, 1]
    [C:\Program Files\lenovo\IGRS Profiles\File Profile\FrameWork.dll]  [Lenovo, 1, 0, 1, 1]
    [C:\Program Files\lenovo\IGRS Profiles\File Profile\FileProfileModule.dll]  [Lenovo Group Limited, 2, 0, 2, 35]
    [C:\Program Files\lenovo\IGRS Profiles\File Profile\BFileDialog.dll]  [Lenovo Group Limited, 2, 0, 1, 32]
[PID: 1236][C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvcps.dll]  [N/A, N/A]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchMgr.dll]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchedps.dll]  [N/A, N/A]
[PID: 1396][C:\Program Files\Lenovo\IGRS EasyShare\FileShare.exe]  [联想集团有限公司, 1, 0, 2, 24]
    [C:\Program Files\Lenovo\IGRS EasyShare\IGRSAVSDK.dll]  [联想集团有限公司, 1, 0, 1, 50204]
    [C:\WINDOWS\system32\IgrsApi.dll]  [Lenovo Group Limited, 1.0.1.195]
    [C:\Program Files\Lenovo\IGRS EasyShare\QuickDB.dll]  [N/A, N/A]
[PID: 2076][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2084][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3196][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4497]
gototop
 
红红同学
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-03-22
  • 来自:
发表于: 2007-03-22 19:04 | 只看楼主 短消息 资料
字号: 3楼

[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4497]
[PID: 3204][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4497]
[PID: 3260][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
[PID: 3356][C:\PROGRA~1\EzButton\EzButton.EXE]  [Dritek System Inc., 1, 0, 5, 804]
    [C:\PROGRA~1\EzButton\SzUPFUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\EzButton\OSDUtl.dll]  [Dritek System Inc., 1, 1, 0, 306]
    [C:\PROGRA~1\EzButton\RgnMaker.dll]  [Dritek System Inc., 12.07.1999 ( VC60 )]
    [C:\PROGRA~1\EzButton\CDRomUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\EzButton\MixerUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\EzButton\ComFnUtl.dll]  [Dritek System Inc., 1, 0, 0, 605]
    [C:\PROGRA~1\EzButton\LgKCUtl.dll]  [Dritek System Inc., 2, 0, 2, 1007]
    [C:\PROGRA~1\EzButton\Wnd2File.dll]  [Dritek System Inc., 3.00]
    [C:\PROGRA~1\EzButton\TkBarUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\EzButton\PtIOUTL.dll]  [Dritek System Inc., 12, 23, 0, 2005]
[PID: 3440][C:\Program Files\Apoint2K\Apoint.exe]  [Alps Electric Co., Ltd., 5.3.10.166]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.2.65]
    [C:\Program Files\Apoint2K\Apoint.DLL]  [Alps Electric Co., Ltd., 5.3.203.165]
    [C:\Program Files\Apoint2K\EzAuto.dll]  [Alps Electric Co., Ltd., 4.5.1.83]
    [C:\Program Files\Apoint2K\EzLaunch.DLL]  [Alps Electric Co., Ltd., 4.5.0.47]
[PID: 3476][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.63 2.1.63 12/12/2005 14:50:01]
[PID: 3484][C:\Program Files\Lenovo\EnergyCut\utilty.exe]  [TODO: <Company name>, 1.0.0.1]
    [C:\Program Files\Lenovo\EnergyCut\kbdhook.dll]  [N/A, N/A]
[PID: 3496][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]  [N/A, N/A]
    [C:\Program Files\Lenovo\EnergyCut\HookLib.dll]  [N/A, N/A]
[PID: 3508][C:\Program Files\Lenovo\IGRS EasyShare\IncTray.exe]  [联想集团有限公司, 1, 0, 0, 13]
[PID: 3520][C:\Program Files\Lenovo\IGRS EasyShare\IgrsPortal.exe]  [Lenovo Group Limited, 1, 0, 3, 33]
    [C:\Program Files\Lenovo\IGRS EasyShare\IgrsTray.dll]  [Lenovo Group Limited, 1, 0, 1, 21]
    [C:\WINDOWS\system32\igrsrt.dll]  [Lenovo Group Limited, 1, 0, 1, 15]
    [C:\Program Files\Lenovo\IGRS EasyShare\IgrsIM.dll]  [Lenovo Group Limited, 1, 0, 0, 73]
    [C:\WINDOWS\system32\IgrsApi.dll]  [Lenovo Group Limited, 1.0.1.195]
[PID: 3528][C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe]  [CyberLink Corp., 4, 5, 0, 0]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapX.dll]  [Cyberlink, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLAuMixer.dll]  [CyberLink Corp., 1.00.1024 ]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchMgr.dll]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvcps.dll]  [N/A, N/A]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapEngine.dll]  [, 4.05.2228]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\PCMRRec4.dll]  [CyberLink Corp., 4.01.2615]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSQLDBRec4.dll]  [, 4.01.1405]
    [C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSchedps.dll]  [N/A, N/A]
[PID: 3600][C:\WINDOWS\system32\SursenLiveUpdate\LiveUpdate.exe]  [Sursen, 1,0,1026,12276]
    [C:\WINDOWS\system32\SursenLiveUpdate\LiveUpdate.dll]  [Sursen, 1,0,1026,12276]
[PID: 3696][C:\Program Files\Apoint2K\Apntex.exe]  [Alps Electric Co., Ltd., 5.0.1.15]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.2.65]
[PID: 3708][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 3880][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
[PID: 1144][C:\PROGRA~1\EzButton\VolumeLED.exe]  [N/A, N/A]
    [C:\PROGRA~1\EzButton\PtIOUTL.dll]  [Dritek System Inc., 12, 23, 0, 2005]
    [C:\PROGRA~1\EzButton\MixerUtl.dll]  [Dritek System Inc., 1.00]
[PID: 2060][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2476][C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe]  [Cyberlink, 5.00.1627]
    [C:\Program Files\CyberLink\Power2Go\LTDIS13N.dll]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LTKRN13N.dll]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LTFIL13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\XTP8610Libu.dll]  [Codejock Software, 8, 6, 1, 0]
    [C:\Program Files\CyberLink\Power2Go\P2GRC.dll]  [N/A, 1, 0, 0, 1]
    [C:\Program Files\CyberLink\Power2Go\EvoParser.dll]  [Cyberlink Corp., 1.00.1130]
    [C:\Program Files\CyberLink\Power2Go\MediaCache.dll]  [Cyberlink, 2.00.1304]
    [C:\Program Files\Cyberlink\Shared files\RichVideops.dll]  [N/A, N/A]
    [C:\Program Files\CyberLink\Power2Go\CBS.dll]  [Cyberlink, 7.7.0417  ]
    [C:\Program Files\CyberLink\Power2Go\HwCtrlMgr.dll]  [CyberLink Corp., 7.07.0417]
    [C:\Program Files\CyberLink\Power2Go\LFFAX13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LFCMP13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LFTIF13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LFBMP13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\Program Files\CyberLink\Power2Go\LFPNG13N.DLL]  [LEAD Technologies, Inc., 13.0.0.074]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RealMediaSplitter.ax]  [Gabest, 1, 0, 1, 1]
[PID: 3036][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
    [D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [D:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx]  [Macromedia, Inc., 6,0,88,0]
    [D:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\IGRS EasyShare\IgrsAnywhere.dll]  [联想集团有限公司, 1, 0, 2, 65]
    [D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
    [D:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 0, 15]
    [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll]  [ , 3, 2, 0, 63]
    [D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 1, 0, 4]
    [D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 1, 0, 4]
    [D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2536][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2748][D:\TDDOWNLOAD\新建文件夹\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA  错误: LoadLibraryA
RVA  错误: LoadLibraryExA
RVA  错误: LoadLibraryExW
RVA  错误: LoadLibraryW

==================================


[/CODE]
gototop
 
spiritfire
头像
锋芒艾服狮
  • 帖子:1266
  • 注册: 2006-10-22
  • 来自:
发表于: 2007-03-22 19:45 | 短消息 资料
字号: 4楼

[Microsoft Update Service / iSPONER][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\UHQBO.DLL,Export 1087><Microsoft Corporation>

[jukb / jukby][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\jukby.sys><N/A>

[msqmx / msqmx][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
SREng删除以上服务项,重启电脑删除如下文件!
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\UHQBO.DLL
C:\WINDOWS\System32\DRIVERS\jukby.sys(备份后删除)
C:\WINDOWS\system32\drivers\msqmx.sys
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT