瑞星卡卡安全论坛
青岛海湾 - 2007-2-22 10:14:00
最近我中了一个非常恶劣的病毒,该病毒只感染移动硬盘,我的两个移动硬盘都中招了,带电源的移动硬盘中毒后,先是显示移动硬盘中的所有文件夹里的内容为空,而且无法删除文件夹,过一段时间后,所有电脑都无法识别该移动硬盘了 不带电源的移动硬盘中了该病毒后,也是先清空了移动硬盘中的文件夹,然后电脑就不识别移动硬盘的所有盘符了,显示为"该文件目录已损坏或找不到该分区路径",现在移动硬盘所有资料都用不了,恳请各位高人帮帮忙忙!!感谢不尽!!!
水树雨下 - 2007-2-22 10:15:00
mizuki.ys168.com下载sreng2,关闭qq,下载软件等一切不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
逆风轻扬 - 2007-2-22 10:16:00
没遇到过~同情楼主
新版小欧 - 2007-2-22 10:21:00
如果你的资料是重要的,我建议是在另台相对安全的计算机上使用你的移动硬盘试试,使用之前先针对其检测一回,你也可以使用数据恢复软件进行数据恢复.如果在其它计算机上也无法识别,建议在保修期内的话返修.这种系统问题应该多些
青岛海湾 - 2007-2-24 12:16:00
感谢大家!我是先把硬盘格式化再恢复的,我用恢复软件用了两天时间恢复后,但把文件恢复出来的同时,病毒也跟着出来了,结果还是以前那样!
青岛海湾 - 2007-2-24 12:18:00
回一楼:我先下载一下试试看,你帮我分析分析!
logicl - 2007-2-24 13:55:00
没遇到过,,关注.
有毒必问 - 2007-2-24 14:01:00
可以
右键-打开
不要直接双击,着样可以吗?
青岛海湾 - 2007-2-24 15:29:00
我中的不是那种双击触发的病毒,我一直很注意,都是从资源管理器中打开,我中的这种非常厉害,但不感染电脑主机,只破坏USB接口的硬盘
青岛海湾 - 2007-2-24 15:32:00
这是我笔记本上扫描的:
[CODE]
2007-02-24,12:54:24
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> [N/A]
<QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start> [ Hewlett-Packard Development Company, L.P.]
<High Definition Audio 属性页快捷方式><HDAShCut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Development Company, L.P.]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<Persistence><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Intel Corporation]
<StormCodec_Helper><"d:\Storm Codec\StormSet.exe" /S /opti> [N/A]
<KvMonXP><D:\KV2005\KVMonXP.kxp /auto> [JiangMin Ltd.]
<Acrobat Assistant 8.0><"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"> [(Verified)Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Intel Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\年韵20~1.SCR> [Microsoft Corp. ]
==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]><N>
[Adobe Acrobat Synchronizer]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Synchronizer.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [N/A]><N>
==================================
服务
[AddFiltr / AddFiltr][Stopped/Manual Start]
<"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"><Hewlett-Packard Development Company, L.P.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqwmiex / hpqwmiex][Running/Auto Start]
<C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<D:\KV2005\KVSrvXP.exe -Service><JiangMin New Tech Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
<"D:\KV2005\kvwsc.exe"><Jiangmin Co.Ltd>
青岛海湾 - 2007-2-24 15:33:00
驱动程序
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><CNNIC>
[cdntran / cdntran][Running/Auto Start]
<system32\drivers\cdntran.sys><CNNIC>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
<system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
<system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[HBtnKey / HBtnKey][Running/Manual Start]
<system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
<system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
<system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[KVDriver for NT (KVDP) / KVDP][Running/Manual Start]
<\??\D:\KV2005\KVDP.sys><Beijing Jiangmin New Sci.&Tec. Co.Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
<system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\DRIVERS\UIUSYS.SYS><N/A>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[Append to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert link target to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[百度-搜索MP3]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
==================================
正在运行的进程
青岛海湾 - 2007-2-24 15:34:00
正在运行的进程
[PID: 824][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1232][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1720][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 8.0.0.00]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll] [Adobe Systems Incorporated., 8.0.0.2006102200]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1916][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\WinRAR\rarext.dll] [N/A, N/A]
[D:\KV2005\KvShell.dll] [JiangMin Lmt, 9, 0, 0, 505]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\lang\Kvxp0804.lng] [N/A, N/A]
[D:\KV2005\APIImpl.dll] [JiangMin Ltd., 9.0.0.500]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 8.0.5.2006102200\0]
[D:\KV2005\GUIExt.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\lang\GUIExt0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[C:\Program Files\HighMAT CD Writing Wizard\HMTCD.dll] [N/A, 1.1.1905.1]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[D:\KV2005\KVWPSet.dll] [N/A, 9, 0, 0, 504]
[PID: 176][D:\KV2005\KVSrvXP.exe] [JiangMin New Tech Ltd., 9, 0, 5, 112]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\KVEnhD.dll] [JiangMin Ltd., 9.0.0.503]
[D:\KV2005\KvSPI.dll] [JiangMin New Tech. Ltd., 9, 1, 0, 503]
[D:\KV2005\KVEnhM.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhC.DLL] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhO.dll] [JiangMin New Tech Ltd., 9, 0, 0, 504]
[D:\KV2005\KVEnhS.dll] [JiangMin New Tech Ltd., 9, 0, 0, 505]
[D:\KV2005\KVEnhJ.dll] [JiangMin New Tech. Ltd., 9, 1, 0, 503]
[D:\KV2005\KVExtCab.dll] [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
[D:\KV2005\KVExtEml.dll] [JiangMin New Tech. Ltd., 9, 0, 0, 503]
[D:\KV2005\KVExtLZH.dll] [N/A, N/A]
[D:\KV2005\KvExtRar.dll] [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
[D:\KV2005\KvExtZip.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVExtZ.dll] [Jiangmin New Tech., 9.1.0.503]
[D:\KV2005\KVExtGz.dll] [Jiangmin New Tech., 9, 0, 0, 505]
[D:\KV2005\KVExtTar.dll] [Jiangmin New Tech., 9, 0, 0, 1226]
[D:\KV2005\KVEnhK.dll] [JiangMin Ltd., 9, 0, 5, 114]
[D:\KV2005\KvSpiPS.dll] [JiangMin Ltd., 9.0.0.501]
[PID: 184][D:\KV2005\kvwsc.exe] [Jiangmin Co.Ltd, 9, 0, 0, 502]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[PID: 352][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 492][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
[PID: 576][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe] [ Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
[C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll] [Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
[C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll] [Hewlett-Packard Company, 6, 1, 1, 2]
[PID: 600][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 8, 1]
[PID: 608][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4670]
[PID: 620][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[PID: 632][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[D:\KV2005\KVMonXP.kxp] [JiangMin Ltd., 9, 0, 0, 505]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\lang\Kvxp0804.lng] [N/A, N/A]
[D:\KV2005\KVWPSet.dll] [N/A, 9, 0, 0, 504]
[D:\KV2005\GUIExt.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\lang\GUIExt0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KvSpiPS.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\KvOffice.dll] [JiangMin New Tech., 9.0.0.1213]
[D:\KV2005\lang\KVOffice0804.lng] [N/A, N/A]
[D:\KV2005\VirusUpload.dll] [N/A, 9.0.0.500]
[PID: 800][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe] [Adobe Systems Inc., 8.0.0.2006102200]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll] [Macrovision Europe Ltd., 11.03.005]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll] [Adobe Systems Inc., 1, 6, 0, 8]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll] [Adobe Systems Incorporated, 1,0,0]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU] [Adobe Systems Inc., 8.0.0.0]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA] [Adobe Systems Inc., 8.0.0.0]
[PID: 1064][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe] [Adobe Systems Incorporated, 8.0.0.0]
[PID: 1888][C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe] [Macrovision Europe Ltd., 11.03.005]
[PID: 1268][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2060][C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE] [, 1, 0, 0, 7]
[PID: 2232][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2528][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/CODE]
青岛海湾 - 2007-2-24 15:37:00
这是我上网的座机上扫描的:
[CODE]
2007-02-24,12:54:24
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> [N/A]
<QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start> [ Hewlett-Packard Development Company, L.P.]
<High Definition Audio 属性页快捷方式><HDAShCut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Development Company, L.P.]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<Persistence><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Intel Corporation]
<StormCodec_Helper><"d:\Storm Codec\StormSet.exe" /S /opti> [N/A]
<KvMonXP><D:\KV2005\KVMonXP.kxp /auto> [JiangMin Ltd.]
<Acrobat Assistant 8.0><"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"> [(Verified)Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Intel Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\年韵20~1.SCR> [Microsoft Corp. ]
==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]><N>
[Adobe Acrobat Synchronizer]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Synchronizer.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [N/A]><N>
==================================
服务
[AddFiltr / AddFiltr][Stopped/Manual Start]
<"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"><Hewlett-Packard Development Company, L.P.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqwmiex / hpqwmiex][Running/Auto Start]
<C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<D:\KV2005\KVSrvXP.exe -Service><JiangMin New Tech Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
<"D:\KV2005\kvwsc.exe"><Jiangmin Co.Ltd>
==================================
驱动程序
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><CNNIC>
[cdntran / cdntran][Running/Auto Start]
<system32\drivers\cdntran.sys><CNNIC>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
<system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
<system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[HBtnKey / HBtnKey][Running/Manual Start]
<system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
<system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
<system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[KVDriver for NT (KVDP) / KVDP][Running/Manual Start]
<\??\D:\KV2005\KVDP.sys><Beijing Jiangmin New Sci.&Tec. Co.Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
<system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\DRIVERS\UIUSYS.SYS><N/A>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
==================================
浏览器加载项
青岛海湾 - 2007-2-24 15:40:00
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[Append to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert link target to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[百度-搜索MP3]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
==================================
正在运行的进程
青岛海湾 - 2007-2-24 15:41:00
正在运行的进程
[PID: 824][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1232][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1720][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 8.0.0.00]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll] [Adobe Systems Incorporated., 8.0.0.2006102200]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1916][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\WinRAR\rarext.dll] [N/A, N/A]
[D:\KV2005\KvShell.dll] [JiangMin Lmt, 9, 0, 0, 505]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\lang\Kvxp0804.lng] [N/A, N/A]
[D:\KV2005\APIImpl.dll] [JiangMin Ltd., 9.0.0.500]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 8.0.5.2006102200\0]
[D:\KV2005\GUIExt.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\lang\GUIExt0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[C:\Program Files\HighMAT CD Writing Wizard\HMTCD.dll] [N/A, 1.1.1905.1]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[D:\KV2005\KVWPSet.dll] [N/A, 9, 0, 0, 504]
[PID: 176][D:\KV2005\KVSrvXP.exe] [JiangMin New Tech Ltd., 9, 0, 5, 112]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\KVEnhD.dll] [JiangMin Ltd., 9.0.0.503]
[D:\KV2005\KvSPI.dll] [JiangMin New Tech. Ltd., 9, 1, 0, 503]
[D:\KV2005\KVEnhM.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhC.DLL] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVEnhO.dll] [JiangMin New Tech Ltd., 9, 0, 0, 504]
[D:\KV2005\KVEnhS.dll] [JiangMin New Tech Ltd., 9, 0, 0, 505]
[D:\KV2005\KVEnhJ.dll] [JiangMin New Tech. Ltd., 9, 1, 0, 503]
[D:\KV2005\KVExtCab.dll] [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
[D:\KV2005\KVExtEml.dll] [JiangMin New Tech. Ltd., 9, 0, 0, 503]
[D:\KV2005\KVExtLZH.dll] [N/A, N/A]
[D:\KV2005\KvExtRar.dll] [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
[D:\KV2005\KvExtZip.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KVExtZ.dll] [Jiangmin New Tech., 9.1.0.503]
[D:\KV2005\KVExtGz.dll] [Jiangmin New Tech., 9, 0, 0, 505]
[D:\KV2005\KVExtTar.dll] [Jiangmin New Tech., 9, 0, 0, 1226]
[D:\KV2005\KVEnhK.dll] [JiangMin Ltd., 9, 0, 5, 114]
[D:\KV2005\KvSpiPS.dll] [JiangMin Ltd., 9.0.0.501]
[PID: 184][D:\KV2005\kvwsc.exe] [Jiangmin Co.Ltd, 9, 0, 0, 502]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[PID: 352][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 492][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
[PID: 576][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe] [ Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
[C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll] [Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
[C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll] [Hewlett-Packard Company, 6, 1, 1, 2]
[PID: 600][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] [Hewlett-Packard Development Company, L.P., 2, 0, 8, 1]
[PID: 608][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4670]
[PID: 620][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670]
[PID: 632][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4670]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670]
[D:\KV2005\KVMonXP.kxp] [JiangMin Ltd., 9, 0, 0, 505]
[D:\KV2005\UpdateX.dll] [JiangMin Ltd., 8, 0, 0, 0]
[D:\KV2005\lang\Kvxp0804.lng] [N/A, N/A]
[D:\KV2005\KVWPSet.dll] [N/A, 9, 0, 0, 504]
[D:\KV2005\GUIExt.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\lang\GUIExt0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[D:\KV2005\KVEnhP.dll] [JiangMin Ltd., 9.0.0.500]
[D:\KV2005\KvSpiPS.dll] [JiangMin Ltd., 9.0.0.501]
[D:\KV2005\KvOffice.dll] [JiangMin New Tech., 9.0.0.1213]
[D:\KV2005\lang\KVOffice0804.lng] [N/A, N/A]
[D:\KV2005\VirusUpload.dll] [N/A, 9.0.0.500]
[PID: 800][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe] [Adobe Systems Inc., 8.0.0.2006102200]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll] [Macrovision Europe Ltd., 11.03.005]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll] [Adobe Systems Inc., 1, 6, 0, 8]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll] [Adobe Systems Incorporated, 1,0,0]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU] [Adobe Systems Inc., 8.0.0.0]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA] [Adobe Systems Inc., 8.0.0.0]
[PID: 1064][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe] [Adobe Systems Incorporated, 8.0.0.0]
[PID: 1888][C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe] [Macrovision Europe Ltd., 11.03.005]
[PID: 1268][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2060][C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE] [, 1, 0, 0, 7]
[PID: 2232][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2528][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/CODE]
1
© 2000 - 2024 Rising Corp. Ltd.