瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 中毒后,先是清空移动硬盘中所有文件夹中的文件,然后移动硬盘也打不开了,
青岛海湾 - 2007-2-22 10:14:00
最近我中了一个非常恶劣的病毒,该病毒只感染移动硬盘,我的两个移动硬盘都中招了,带电源的移动硬盘中毒后,先是显示移动硬盘中的所有文件夹里的内容为空,而且无法删除文件夹,过一段时间后,所有电脑都无法识别该移动硬盘了 不带电源的移动硬盘中了该病毒后,也是先清空了移动硬盘中的文件夹,然后电脑就不识别移动硬盘的所有盘符了,显示为"该文件目录已损坏或找不到该分区路径",现在移动硬盘所有资料都用不了,恳请各位高人帮帮忙忙!!感谢不尽!!!
水树雨下 - 2007-2-22 10:15:00
mizuki.ys168.com下载sreng2,关闭qq,下载软件等一切不必要的程序后扫个日志上来,一次贴不完分段贴,不要修改
逆风轻扬 - 2007-2-22 10:16:00
没遇到过~同情楼主
新版小欧 - 2007-2-22 10:21:00
如果你的资料是重要的,我建议是在另台相对安全的计算机上使用你的移动硬盘试试,使用之前先针对其检测一回,你也可以使用数据恢复软件进行数据恢复.如果在其它计算机上也无法识别,建议在保修期内的话返修.这种系统问题应该多些
青岛海湾 - 2007-2-24 12:16:00
感谢大家!我是先把硬盘格式化再恢复的,我用恢复软件用了两天时间恢复后,但把文件恢复出来的同时,病毒也跟着出来了,结果还是以前那样!
青岛海湾 - 2007-2-24 12:18:00
回一楼:我先下载一下试试看,你帮我分析分析!
logicl - 2007-2-24 13:55:00
没遇到过,,关注.
有毒必问 - 2007-2-24 14:01:00
可以
右键-打开
不要直接双击,着样可以吗?
青岛海湾 - 2007-2-24 15:29:00
我中的不是那种双击触发的病毒,我一直很注意,都是从资源管理器中打开,我中的这种非常厉害,但不感染电脑主机,只破坏USB接口的硬盘
青岛海湾 - 2007-2-24 15:32:00
这是我笔记本上扫描的:
[CODE]

2007-02-24,12:54:24

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe>  [N/A]
    <QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start>  [ Hewlett-Packard Development Company, L.P.]
    <High Definition Audio 属性页快捷方式><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe>  [Hewlett-Packard Development Company, L.P.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <StormCodec_Helper><"d:\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <KvMonXP><D:\KV2005\KVMonXP.kxp /auto>  [JiangMin Ltd.]
    <Acrobat Assistant 8.0><"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe">  [(Verified)Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\年韵20~1.SCR>  [Microsoft Corp.                                                                                                                                                                                                                                              ]

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]><N>
[Adobe Acrobat Synchronizer]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Synchronizer.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [N/A]><N>

==================================
服务
[AddFiltr / AddFiltr][Stopped/Manual Start]
  <"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"><Hewlett-Packard Development Company, L.P.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqwmiex / hpqwmiex][Running/Auto Start]
  <C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\KV2005\KVSrvXP.exe -Service><JiangMin New Tech Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
  <"D:\KV2005\kvwsc.exe"><Jiangmin Co.Ltd>

青岛海湾 - 2007-2-24 15:33:00
驱动程序
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><CNNIC>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
  <system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
  <system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[HBtnKey / HBtnKey][Running/Manual Start]
  <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[KVDriver for NT (KVDP) / KVDP][Running/Manual Start]
  <\??\D:\KV2005\KVDP.sys><Beijing Jiangmin New Sci.&Tec. Co.Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
  <system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[Append to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert link target to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[百度-搜索MP3]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
青岛海湾 - 2007-2-24 15:34:00
正在运行的进程
[PID: 824][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1232][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1720][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 8.0.0.00]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll]  [Adobe Systems Incorporated., 8.0.0.2006102200]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1916][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\KV2005\KvShell.dll]  [JiangMin Lmt, 9, 0, 0, 505]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\lang\Kvxp0804.lng]  [N/A, N/A]
    [D:\KV2005\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 8.0.5.2006102200\0]
    [D:\KV2005\GUIExt.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\Program Files\HighMAT CD Writing Wizard\HMTCD.dll]  [N/A, 1.1.1905.1]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [D:\KV2005\KVWPSet.dll]  [N/A, 9, 0, 0, 504]
[PID: 176][D:\KV2005\KVSrvXP.exe]  [JiangMin New Tech Ltd., 9, 0, 5, 112]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\KVEnhD.dll]  [JiangMin Ltd., 9.0.0.503]
    [D:\KV2005\KvSPI.dll]  [JiangMin New Tech. Ltd., 9, 1, 0, 503]
    [D:\KV2005\KVEnhM.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhC.DLL]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhO.dll]  [JiangMin New Tech Ltd., 9, 0, 0, 504]
    [D:\KV2005\KVEnhS.dll]  [JiangMin New Tech Ltd., 9, 0, 0, 505]
    [D:\KV2005\KVEnhJ.dll]  [JiangMin New Tech. Ltd., 9, 1, 0, 503]
    [D:\KV2005\KVExtCab.dll]  [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
    [D:\KV2005\KVExtEml.dll]  [JiangMin New Tech. Ltd., 9, 0, 0, 503]
    [D:\KV2005\KVExtLZH.dll]  [N/A, N/A]
    [D:\KV2005\KvExtRar.dll]  [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
    [D:\KV2005\KvExtZip.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVExtZ.dll]  [Jiangmin New Tech., 9.1.0.503]
    [D:\KV2005\KVExtGz.dll]  [Jiangmin New Tech., 9, 0, 0, 505]
    [D:\KV2005\KVExtTar.dll]  [Jiangmin New Tech., 9, 0, 0, 1226]
    [D:\KV2005\KVEnhK.dll]  [JiangMin Ltd., 9, 0, 5, 114]
    [D:\KV2005\KvSpiPS.dll]  [JiangMin Ltd., 9.0.0.501]
[PID: 184][D:\KV2005\kvwsc.exe]  [Jiangmin Co.Ltd, 9, 0, 0, 502]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
[PID: 352][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 492][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
[PID: 576][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe]  [ Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
    [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll]  [Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
    [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll]  [Hewlett-Packard Company, 6, 1, 1, 2]
[PID: 600][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 8, 1]
[PID: 608][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 620][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 632][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [D:\KV2005\KVMonXP.kxp]  [JiangMin Ltd., 9, 0, 0, 505]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\lang\Kvxp0804.lng]  [N/A, N/A]
    [D:\KV2005\KVWPSet.dll]  [N/A, 9, 0, 0, 504]
    [D:\KV2005\GUIExt.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KvSpiPS.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\KvOffice.dll]  [JiangMin New Tech., 9.0.0.1213]
    [D:\KV2005\lang\KVOffice0804.lng]  [N/A, N/A]
    [D:\KV2005\VirusUpload.dll]  [N/A, 9.0.0.500]
[PID: 800][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe]  [Adobe Systems Inc., 8.0.0.2006102200]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll]  [Macrovision Europe Ltd., 11.03.005]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll]  [Adobe Systems Inc., 1, 6, 0, 8]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll]  [Adobe Systems Incorporated, 2,0,0,37]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll]  [Adobe Systems Incorporated, 2,0,0,37]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll]  [Adobe Systems Incorporated, 1,0,0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU]  [Adobe Systems Inc., 8.0.0.0]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA]  [Adobe Systems Inc., 8.0.0.0]
[PID: 1064][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe]  [Adobe Systems Incorporated, 8.0.0.0]
[PID: 1888][C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe]  [Macrovision Europe Ltd., 11.03.005]
[PID: 1268][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2060][C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE]  [, 1, 0, 0, 7]
[PID: 2232][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2528][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
青岛海湾 - 2007-2-24 15:37:00
这是我上网的座机上扫描的:
[CODE]

2007-02-24,12:54:24

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe>  [N/A]
    <QlbCtrl><%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start>  [ Hewlett-Packard Development Company, L.P.]
    <High Definition Audio 属性页快捷方式><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe>  [Hewlett-Packard Development Company, L.P.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <StormCodec_Helper><"d:\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <KvMonXP><D:\KV2005\KVMonXP.kxp /auto>  [JiangMin Ltd.]
    <Acrobat Assistant 8.0><"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe">  [(Verified)Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\年韵20~1.SCR>  [Microsoft Corp.                                                                                                                                                                                                                                              ]

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [N/A]><N>
[Adobe Acrobat Synchronizer]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Synchronizer.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [N/A]><N>

==================================
服务
[AddFiltr / AddFiltr][Stopped/Manual Start]
  <"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"><Hewlett-Packard Development Company, L.P.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqwmiex / hpqwmiex][Running/Auto Start]
  <C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\KV2005\KVSrvXP.exe -Service><JiangMin New Tech Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
  <"D:\KV2005\kvwsc.exe"><Jiangmin Co.Ltd>

==================================
驱动程序
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><CNNIC>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[eabfiltr / eabfiltr][Running/System Start]
  <system32\DRIVERS\eabfiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
  <system32\DRIVERS\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[HBtnKey / HBtnKey][Running/Manual Start]
  <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[KVDriver for NT (KVDP) / KVDP][Running/Manual Start]
  <\??\D:\KV2005\KVDP.sys><Beijing Jiangmin New Sci.&Tec. Co.Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
  <system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
青岛海湾 - 2007-2-24 15:40:00
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2005\KvShell.dll, JiangMin Lmt>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[Append to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert link target to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[百度-搜索MP3]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
青岛海湾 - 2007-2-24 15:41:00
正在运行的进程
[PID: 824][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1232][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1720][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 8.0.0.00]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll]  [Adobe Systems Incorporated., 8.0.0.2006102200]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1916][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\KV2005\KvShell.dll]  [JiangMin Lmt, 9, 0, 0, 505]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\lang\Kvxp0804.lng]  [N/A, N/A]
    [D:\KV2005\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 8.0.5.2006102200\0]
    [D:\KV2005\GUIExt.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\Program Files\HighMAT CD Writing Wizard\HMTCD.dll]  [N/A, 1.1.1905.1]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [D:\KV2005\KVWPSet.dll]  [N/A, 9, 0, 0, 504]
[PID: 176][D:\KV2005\KVSrvXP.exe]  [JiangMin New Tech Ltd., 9, 0, 5, 112]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\KVEnhD.dll]  [JiangMin Ltd., 9.0.0.503]
    [D:\KV2005\KvSPI.dll]  [JiangMin New Tech. Ltd., 9, 1, 0, 503]
    [D:\KV2005\KVEnhM.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhC.DLL]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVEnhO.dll]  [JiangMin New Tech Ltd., 9, 0, 0, 504]
    [D:\KV2005\KVEnhS.dll]  [JiangMin New Tech Ltd., 9, 0, 0, 505]
    [D:\KV2005\KVEnhJ.dll]  [JiangMin New Tech. Ltd., 9, 1, 0, 503]
    [D:\KV2005\KVExtCab.dll]  [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
    [D:\KV2005\KVExtEml.dll]  [JiangMin New Tech. Ltd., 9, 0, 0, 503]
    [D:\KV2005\KVExtLZH.dll]  [N/A, N/A]
    [D:\KV2005\KvExtRar.dll]  [Jiangmin New Tech. Co. Ltd., 9.0.0.500]
    [D:\KV2005\KvExtZip.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KVExtZ.dll]  [Jiangmin New Tech., 9.1.0.503]
    [D:\KV2005\KVExtGz.dll]  [Jiangmin New Tech., 9, 0, 0, 505]
    [D:\KV2005\KVExtTar.dll]  [Jiangmin New Tech., 9, 0, 0, 1226]
    [D:\KV2005\KVEnhK.dll]  [JiangMin Ltd., 9, 0, 5, 114]
    [D:\KV2005\KvSpiPS.dll]  [JiangMin Ltd., 9.0.0.501]
[PID: 184][D:\KV2005\kvwsc.exe]  [Jiangmin Co.Ltd, 9, 0, 0, 502]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
[PID: 352][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 492][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
[PID: 576][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe]  [ Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
    [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll]  [Hewlett-Packard Development Company, L.P., 6, 1, 1, 2]
    [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.dll]  [Hewlett-Packard Company, 6, 1, 1, 2]
[PID: 600][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 8, 1]
[PID: 608][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 620][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 632][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [D:\KV2005\KVMonXP.kxp]  [JiangMin Ltd., 9, 0, 0, 505]
    [D:\KV2005\UpdateX.dll]  [JiangMin Ltd., 8, 0, 0, 0]
    [D:\KV2005\lang\Kvxp0804.lng]  [N/A, N/A]
    [D:\KV2005\KVWPSet.dll]  [N/A, 9, 0, 0, 504]
    [D:\KV2005\GUIExt.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2005\KVEnhP.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\KV2005\KvSpiPS.dll]  [JiangMin Ltd., 9.0.0.501]
    [D:\KV2005\KvOffice.dll]  [JiangMin New Tech., 9.0.0.1213]
    [D:\KV2005\lang\KVOffice0804.lng]  [N/A, N/A]
    [D:\KV2005\VirusUpload.dll]  [N/A, 9.0.0.500]
[PID: 800][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe]  [Adobe Systems Inc., 8.0.0.2006102200]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll]  [Macrovision Europe Ltd., 11.03.005]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll]  [Adobe Systems Inc., 1, 6, 0, 8]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll]  [Adobe Systems Incorporated, 2,0,0,37]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll]  [Adobe Systems Incorporated, 2,0,0,37]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll]  [Adobe Systems Incorporated, 1,0,0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU]  [Adobe Systems Inc., 8.0.0.0]
    [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA]  [Adobe Systems Inc., 8.0.0.0]
[PID: 1064][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe]  [Adobe Systems Incorporated, 8.0.0.0]
[PID: 1888][C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe]  [Macrovision Europe Ltd., 11.03.005]
[PID: 1268][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2060][C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE]  [, 1, 0, 0, 7]
[PID: 2232][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2528][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
1
查看完整版本: 中毒后,先是清空移动硬盘中所有文件夹中的文件,然后移动硬盘也打不开了,