瑞星卡卡安全论坛

[CODE]

2007-05-15,13:01:10

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CnxDslTaskBar><"C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe">  [Conexant Systems Inc.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <KavStart><"C:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <DAEMON Tools-2052><"D:\工具\d-tools\daemon.exe"  -lang 2052>  [DAEMON'S HOME]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r>  [Gemplus]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <TkBellExe><"D:\工具\KMplayer\Real Player\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <WebThunder><"D:\工具\xunleixin\WebThunder.exe">  [(Verified)深圳市迅雷网络技术有限公司]
    <tlgefkh><C:\Program Files\GlobalSCAPE\tlgefkh.exe>  [N/A]
    <poco><; F:\poco\Poco2006.exe>  [N/A]
    <360Safetray><D:\工具\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[yihich]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\yihich.lnk --> C:\Program Files\Internet Explorer\yihichg.exe [N/A]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator.4CE9F3A06C89466\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\工具\tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator.4CE9F3A06C89466\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\工具\tencent\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[PCTEL Speaker Phone / Pctspk][Running/Auto Start]
  <C:\WINDOWS\system32\pctspk.exe><PCtel, Inc.>
[SmartLinkService / SLService][Running/Auto Start]
  <slserv.exe><>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Conexant AccessRunner USB ADSL WAN Adapter Filter Driver / CnxEtP][Stopped/Manual Start]
  <system32\DRIVERS\CnxEtP.sys><Conexant>
[Conexant AccessRunner USB ADSL Interface Device Driver / CnxEtU][Stopped/Manual Start]
  <system32\DRIVERS\CnxEtU.sys><Conexant>
[Conexant AccessRunner USB ADSL WAN Adapter Driver / CnxTgN][Stopped/Manual Start]
  <system32\DRIVERS\CnxTgN.sys><Conexant Systems Inc.>
[cphm / cphmz][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cphmz.sys><N/A>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
  <system32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <system32\DRIVERS\Mtlstrm.sys><>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\工具\tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\工具\tencent\qq\npkcusb.sys><INCA Internet Co., Ltd.>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <system32\DRIVERS\NtMtlFax.sys><>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PCTEL Serial Device Driver for INTEL / Ptserli][Stopped/Manual Start]
  <system32\DRIVERS\ptserli.sys><PCTEL, INC.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[rzoregnh / rzoregnh][Running/System Start]
  <system32\drivers\rzoregnh.sys><Windows System Internal>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
  <system32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal][Stopped/Manual Start]
  <system32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup][Running/Manual Start]
  <system32\DRIVERS\SlWdmSup.sys><Vireo Software>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[XP Vmodem / Vmodem][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vmodem.sys><PCTEL, INC.>
[XP Vpctcom / Vpctcom][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[XP Vvoice / Vvoice][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vvoice.sys><PCtel, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[上传到QQ网络硬盘]
  <D:\工具\tencent\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <D:\工具\xunleixin\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\工具\xunleixin\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\工具\tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\工具\tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\工具\tencent\qq\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2006\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 508][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\KAV2006\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2006\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 4, 12, 116]
[PID: 1308][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1356][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\KAV2006\KPfwSvc.EXE]  [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 1576][C:\WINDOWS\system32\pctspk.exe]  [PCtel, Inc., 4.00]
[PID: 1708][C:\WINDOWS\system32\slserv.exe]  [ , 2.80.00(24Apr2000)]
[PID: 1984][C:\Program Files\Windows Media Player\WMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 192][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\fnygi.dll]  [N/A, N/A]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\工具\xunleixin\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2285]
[PID: 736][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe]  [Conexant Systems Inc., 2.099.085.000]
    [C:\Program Files\Conexant\AccessRunner ADSL\CnxDslWz.dll]  [Conexant Systems Inc., 2.099.085.000]
    [C:\WINDOWS\system32\CnxHwIo.dll]  [Conexant Systems Inc., 2.099.085.000]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 384][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2285]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 500][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2285]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 212][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.02]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 908][C:\KAV2006\KAVStart.exe]  [Kingsoft Corporation, 2007, 5, 9, 272]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2006\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\KAV2006\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 924][D:\工具\d-tools\daemon.exe]  [DAEMON'S HOME, 3.47.0.0]
    [C:\WINDOWS\daemon.dll]  [N/A, 3.47.0.0]
    [D:\工具\d-tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [D:\工具\d-tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.02.0.0]
    [D:\工具\d-tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.01.0.0]
    [D:\工具\d-tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [D:\工具\d-tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.02.0.0]
    [D:\工具\d-tools\Plugins\Images\bw5mount.dll]  [N/A, 1.0.2.0]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1392][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 10, 100, 1146]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 1428][D:\工具\KMplayer\Real Player\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 312][D:\工具\xunleixin\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 7, 2, 107]
    [D:\工具\xunleixin\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [D:\工具\xunleixin\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\工具\xunleixin\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\工具\xunleixin\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [D:\工具\xunleixin\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [D:\工具\xunleixin\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\工具\xunleixin\iEmbedShell.dll]  [　, 1, 0, 0, 17]
    [D:\工具\xunleixin\iEmbed09.dll]  [　, 3, 3, 0, 78]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 1456][C:\Program Files\GlobalSCAPE\tlgefkh.exe]  [N/A, N/A]
[PID: 1620][D:\工具\360safe\safemon\360tray.exe]  [奇虎网, 1, 0, 1, 1004]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [D:\工具\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 3001]
    [D:\工具\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 5, 1000]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1660][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
 

[D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 1972][C:\KAV2006\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2006\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2006\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 4, 12, 116]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 2176][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
[PID: 3404][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [D:\工具\BitComet\BitCometBar\BitCometBar0.6.dll]  [N/A, 0.6]
    [D:\工具\xunleixin\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\KAV2006\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
    [C:\Documents and Settings\Administrator.4CE9F3A06C89466\My Documents\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3944][D:\工具\sreng2_zip~\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\工具\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1003]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [Sogou.com Inc., 3, 0, 0, 0]
    [C:\Documents and Settings\Administrator.4CE9F3A06C89466\My Documents\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：LoadLibraryExW
入口点错误：CreateProcessA
入口点错误：CreateProcessW

==================================


[/CODE]

运行SRE
启动项目 注册表 删除
<swg><

启动项目 服务 WIN32服务 勾选"隐藏已认证微软"
选中
[Google Updater Service / gusvc]
[cphm / cphmz]
删除服务 设置 否

重起机器狂按F8 进入安全模式 删除下列文件
双击我的电脑－－单击“工具”－“文件夹选项”菜单项－“单击查看”选项卡，取消“
隐藏受保护的操作系统文件”前的对勾，在隐藏文件及文件夹中“显示所有文件和文件夹”
选项，然后单击确定按钮。
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWSSystem32\DRIVERS\cphmz.sys(KILLBOX删除)
C:\WINDOWS\system32\fnygi.dll(KILBOX删除)