9、11楼天马流星拳所说方法原已用过无效,其实现在同样可以打开注册表编辑器。
现把除不能关掉的杀毒软件外(NOD32、trojanHunter)都关了,重新扫描,结果如下:
2006-10-27,14:23:37
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(E:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(nod32kui)("E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE) [Eset ]
(THGuard)("E:\Program Files\TrojanHunter\THGuard.exe") [Mischel Internet Security]
(IMSCMig)(E:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(E:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(%SystemRoot%\system32\logonui.exe) [(Verified)Microsoft Corporation]
--------------------------------------------------------------------------------
启动文件夹
[绿鹰PC万能精灵]
(E:\Documents and Settings\All Users\「开始」菜单\程序\启动\绿鹰PC万能精灵.lnk --) E:\PROGRA~1\绿鹰PC~1\system.exe [绿鹰网络])(N)
--------------------------------------------------------------------------------
服务
[Human Interface Device Access / HidServ]
(E:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[NOD32 Kernel Service / NOD32krn]
("E:\Program Files\Eset\nod32krn.exe")(Eset)
--------------------------------------------------------------------------------
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
(system32\drivers\ALCXSENS.SYS)(Sensaura)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[AMON / AMON]
(\??\E:\WINDOWS\system32\drivers\amon.sys)(Eset)
[ialm / ialm]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[IP in IP Tunnel Driver / IpInIp]
(system32\DRIVERS\ipinip.sys)(N/A)
[npkcrypt / npkcrypt]
(\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
--------------------------------------------------------------------------------
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (E:\Program Files\Thunder5.2.0.207\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (E:\Program Files\FLASHGET1.81\SubDirectory\jccatch.dll, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (E:\Program Files\FLASHGET1.81\SubDirectory\FLASHGET.EXE, N/A)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (E:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (E:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[使用BitComet下载全部链接]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddAllLink.htm, N/A)
[使用BitComet下载链接(&B)]
(res://E:\Program Files\BitComet\BitCometBeta.exe/AddLink.htm, N/A)
[使用网际快车下载]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(E:\Program Files\FLASHGET1.81\SubDirectory\jc_all.htm, N/A)
[使用迅雷下载]
(E:\Program Files\Thunder5.2.0.207\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(E:\Program Files\Thunder5.2.0.207\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)
--------------------------------------------------------------------------------
正在运行的进程
[PID: 312][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 360][\??\E:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 384][\??\E:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 428][E:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 440][E:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 616][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 676][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 716][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 752][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 800][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 944][E:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 968][E:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1124][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1164][E:\Program Files\Eset\nod32krn.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32krr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\ps_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1216][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1500][E:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\WINDOWS\system32\ldf252.dll] [N/A, N/A]
[E:\WINDOWS\system32\lwf214p.dll] [LuraTech GmbH, 2, 0, 11, 14]
[PID: 1736][E:\Program Files\Eset\nod32kui.exe] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\nod32rui.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\Eset\pu_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_emon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_imon.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_mirr.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_mirr.dll] [N/A, N/A]
[E:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pu_upd.dll] [Eset , 2, 51, 26 ]
[E:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 1764][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1776][E:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 216][E:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[PID: 1480][E:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1644][E:\Program Files\TrojanHunter\THGuard.exe] [Mischel Internet Security, 4.5.0.275]
[E:\Program Files\TrojanHunter\unrar.dll] [N/A, N/A]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
[E:\Program Files\TrojanHunter\UNZDLL.DLL] [, 1.7.0.4]
[PID: 1812][D:\1238\1\杀毒\SREng2-v2.2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[E:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 3.23.015]
--------------------------------------------------------------------------------
文件关联
.TXT Error. [Notepad.exe %1]
.EXE Error. [%1 %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["E:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
--------------------------------------------------------------------------------
Winsock 提供者
N/A
--------------------------------------------------------------------------------
Autorun.inf
N/A
--------------------------------------------------------------------------------
HOSTS 文件
127.0.0.1 localhost
-------------------------------------------------------------------------------- |
