前天中了威金病毒,用咔吧5清除了中毒的EXE文件,然后机器能正常使用一断时间,然后还是不放心,下载了一个咔吧6.0,然后不知为什么所有exe文件都不能使用,我把超级兔子的后缀名exe改成com之后能使用,清除了一些流氓软件,机器又正常一断时间,最后exe文件基本能运行就是咔吧不能运行。而且SREng.exe也不能直接运行。下面是我改成SREng.com之后扫描出来的。
2006-10-14,20:32:01
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<msnnt><; C:\WINDOWS\winampe.exe> []
<updatereal><; C:\WINDOWS\realupdate.exe other> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<wl><C:\WINDOWS\system32\svvosts.exe> [N/A]
<wm><C:\WINDOWS\system32\grtosts.exe> [N/A]
<zz><C:\WINDOWS\system32\intenet.exe> [N/A]
<wow><C:\WINDOWS\system32\Launcher.exe> [N/A]
<lsz><C:\WINDOWS\system32\message.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><; > [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<index><; > [N/A]
<LetsCool><; > [N/A]
<RichMedia><; C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [N/A]
<wdfmgr32><; C:\WINDOWS\system32\wdfmgr32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><vistaui.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> [N/A]
<{E4C3C044-CE6A-4117-9D18-C1EBEC80D2C9}><C:\WINDOWS\system32\0Sy.DlL> [N/A]
<{D91AFF37-45BF-4D4D-9E02-2D37C5EA6653}><C:\WINDOWS\system32\3Sy.dLL> [N/A]
<{FAD3BC1F-BC1F-AD34-1FAD-C1FD3C1FAD34}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[COM+ Error Report / AtHome]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qfbqoi80.dll><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[GMS服务 / GMS服务系统]
<C:\WINDOWS\GMS2006.exe><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KSD2Service / KSD2Service]
<C:\WINDOWS\system32\WINL0GON.exe><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><NetGroup - Politecnico di Torino>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
<D:\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[TrueVector Internet Monitor / vsmon]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
[Windows Install Helper / WIDETS]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\YPXHML58.DLL,Export 1087><Microsoft Corporation>
==================================
驱动程序
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BRGSp50 NDIS Protocol Driver / BRGSp50]
<System32\Drivers\BRGSp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[d346bus / d346bus]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[npkcrypt / npkcrypt]
<\??\E:\qq\npkcrypt.sys><N/A>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce MCP Networking Adapter Driver / NVENET]
<system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StyleXPHelper / StyleXPHelper]
<\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[vsdatant / vsdatant]
<System32\vsdatant.sys><Zone Labs, LLC>
==================================
浏览器加载项
[sawuidskyszajkz.UserControl1]
{B2900CC6-9736-4AF5-8B98-FFFCBBDD46D8} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <E:\PPLive\SYNACA~1.OCX, Synacast>
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <D:\PPSTRE~1.520\PPStream\POWERL~1.OCX, PPStream.com>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\PPSTRE~1.520\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[]
{FE32DECF-06AD-426E-9F53-3018A366B5AE} <C:\WINDOWS\system32\sys32version.dll, N/A>
==================================
正在运行的进程
[PID: 672][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
[PID: 804][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1248][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1660][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 268][C:\WINDOWS\SYSTEM32\RUNDLL.EXE] [Microsoft Corporation, 5.00.2134.1]
[PID: 1164][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
[C:\WINDOWS\system32\0Sy.DlL] [N/A, N/A]
[C:\WINDOWS\system32\3Sy.dLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll] [N/A, N/A]
[C:\WINDOWS\system32\mywl.dll] [N/A, N/A]
[C:\WINDOWS\system32\myrx.dll] [N/A, N/A]
[C:\WINDOWS\system32\mywow.dll] [N/A, N/A]
[C:\WINDOWS\system32\zt.dll] [N/A, N/A]
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1]
[PID: 1760][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 144][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll] [N/A, N/A]
[C:\WINDOWS\system32\3Sy.dLL] [N/A, N/A]
[C:\WINDOWS\system32\0Sy.DlL] [N/A, N/A]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
[PID: 472][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll] [N/A, N/A]
[C:\WINDOWS\system32\3Sy.dLL] [N/A, N/A]
[C:\WINDOWS\system32\0Sy.DlL] [N/A, N/A]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
[PID: 1448][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe] [, 2, 26, 1, 0]
[C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll] [N/A, 2, 13, 1, 0]
[C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32N55.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.5.18.03]
[C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\SSLEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8a]
[C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\LIBEAY32.dll] [The OpenSSL Project, http://www.openssl.org/, 0.9.8a]
[C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll] [, 2, 26, 1, 0]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll] [N/A, N/A]
[C:\WINDOWS\system32\3Sy.dLL] [N/A, N/A]
[C:\WINDOWS\system32\0Sy.DlL] [N/A, N/A]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
[E:\SREng\SREng.com] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\BC1FAD34.dll] [N/A, N/A]
[C:\WINDOWS\system32\3Sy.dLL] [N/A, N/A]
[C:\WINDOWS\system32\0Sy.DlL] [N/A, N/A]
[C:\WINDOWS\GMS2006Key1.DLL] [N/A, N/A]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================[ 此贴被秋天在2006-10-15 14:10重新编辑 ]