瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】如何彻底查杀 systime.exe?

12   1  /  2  页   跳转

【求助】如何彻底查杀 systime.exe?

收藏
唐克
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2003-10-20
  • 来自:
发表于: 2007-04-05 15:35 | 只看楼主 短消息 资料
字号: 1楼

【求助】如何彻底查杀 systime.exe?

最近系统中了个Systime.exe的混蛋程序,好像是优盘传的。就是优盘接上去之后弹出运行程序的对话框。

我用以前坛子里的办法就是:
1、查找C:\的Systime.exe文件并删除;
2、在注册表里面查找 systime.exe,并删除。

这个办法不能解决问题啊。。。因为我常在几台电脑见用优盘拷贝文件,所以请教大家,这个混蛋程序该怎么在几天电脑中全部彻底查杀?

这个是我百度出来的关于systime.exe的信息。
===================================
systime.exe
systime - systime.exe - 进程信息
进程文件: systime 或者 systime.exe
进程名称: CoolWebSearch Parasite
 
描述:
systime.exe是CoolWebSearch间谍软件相关程序。它会篡改你的主页设置。

出品者: 未知N/A
属于: CoolWebSearch Parasite

系统进程: 否
后台程序: 是
使用网络: 否
硬件相关: 否
常见错误: 未知N/A
内存使用: 未知N/A 
安全等级 (0-5): 4
间谍软件: 是
Adware: 是
病毒: 是
木马: 否
最后编辑2007-04-15 09:28:41
分享到:
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-05 15:39 | 短消息 资料
字号: 2楼

下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
gototop
 
唐克
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2003-10-20
  • 来自:
发表于: 2007-04-05 16:19 | 只看楼主 短消息 资料
字号: 3楼

Hi Newcenturymoon,

已经发mail给你了,请查收。

谢谢!
gototop
 
唐克
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2003-10-20
  • 来自:
发表于: 2007-04-06 11:30 | 只看楼主 短消息 资料
字号: 4楼

兄弟姐妹同志们帮忙啊。。。
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-06 11:34 | 短消息 资料
字号: 5楼

引用:
【唐克的贴子】Hi Newcenturymoon,

已经发mail给你了,请查收。

谢谢!
………………

额 还没收到
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-06 11:34 | 短消息 资料
字号: 6楼

引用:
【newcenturymoon的贴子】下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
………………
gototop
 
唐克
头像
初生襁褓狮
  • 帖子:22
  • 注册: 2003-10-20
  • 来自:
发表于: 2007-04-11 18:04 | 只看楼主 短消息 资料
字号: 7楼

【回复“newcenturymoon”的帖子】

已经再次发送邮件。。。请查收。。。
谢谢!!!
gototop
 
snoway925
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-14
  • 来自:
发表于: 2007-04-14 19:16 | 短消息 资料
字号: 8楼


正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1284][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
[PID: 1628][D:\Program Files\KVFW\KvfwMcl.exe]  [Jiangmin Corp, 9, 0, 6, 410]
    [D:\Program Files\KVFW\KvfwUtl.dll]  [Jiangmin Corp, 9, 0, 6, 512]
    [D:\Program Files\KVFW\Lang\KVFW0804.lng]  [, 9, 0, 5, 1031]
    [D:\Program Files\KVFW\GuiExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\Program Files\KVFW\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
    [D:\Program Files\KVFW\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1636][D:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 3, 5, 263]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [D:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [D:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [D:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1660][D:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1668][D:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE]  [Kingsoft Corporation, 2006, 11, 22, 14]
    [D:\Program Files\Kingsoft\KSysCleaner\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Kingsoft\KSysCleaner\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Kingsoft\KSysCleaner\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1676][D:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 2, 2, 687]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [D:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [D:\KAV2007\FiltList.dll]  [N/A, ]
    [D:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1700][D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1712][D:\WINDOWS\system32\systime.exe]  [N/A, ]
[PID: 1824][D:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [D:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [D:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [D:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [D:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 7, 112]
    [D:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1952][D:\KAV2007\KAV32.EXE]  [Kingsoft Corporation, 2007, 2, 5, 111]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\KAV2007\KAV32Res.dll]  [Kingsoft Corporation, 2007, 2, 2, 106]
    [D:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [D:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 7, 112]
    [D:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [D:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [D:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [D:\KAV2007\DBAgent.DLL]  [Kingsoft Corporation, 2005, 10, 27, 9]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KAEMemEx.dll]  [, 2006, 10, 17, 16]
    [D:\KAV2007\KAEMalDt.dll]  [, 2006, 12, 7, 20]
    [D:\KAV2007\KAERemov.dll]  [, 2007, 2, 5, 26]
    [D:\KAV2007\KVNToCN.dll]  [Kingsoft Corporation, 2006, 8, 11, 12]
    [D:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
[PID: 540][D:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 3, 7, 1]
    [D:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [D:\Program Files\ChinaNet\DialModule.dll]  [, 2005, 1, 18, 1]
    [D:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [D:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 3, 7, 1]
    [D:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [D:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 2, 17, 1]
    [D:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [D:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2004, 12, 30, 0]
    [D:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [D:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 3, 3, 1]
    [D:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 3, 7, 2]
    [D:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [D:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2004, 11, 25, 0]
    [D:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [D:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [D:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [D:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [D:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [D:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [D:\PROGRA~1\ChinaNet\VNetLog.ocx]  [, 2005, 10, 9, 1]
    [D:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [D:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [D:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [, 2005, 3, 9, 1]
    [D:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2004, 11, 23, 1]
    [D:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [D:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2004, 11, 25, 1]
    [D:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 1, 0, 0, 1]
    [D:\KAV2007\Flash.OCX]  [Macromedia, Inc., 7,0,19,0]
    [D:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [D:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
[PID: 1104][D:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
    [d:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
gototop
 
snoway925
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-14
  • 来自:
发表于: 2007-04-14 19:17 | 短消息 资料
字号: 9楼

[E:\Program Files\网络软件\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [d:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2004, 2, 21, 1]
    [d:\PROGRA~1\chinanet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [D:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\KAV2007\KAVAFish.dll]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [E:\Program Files\网络软件\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [D:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 2, 4, 61]
    [D:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [D:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 3, 7, 112]
    [D:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\KAV2007\Flash.OCX]  [Macromedia, Inc., 7,0,19,0]
    [D:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 3280][E:\Program Files\系统软件\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]
[PID: 1472][D:\DOCUME~1\snoway\LOCALS~1\Temp\Rar$EX00.007\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2006, 12, 21, 241]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: D:\KAV2007\KASocket.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
snoway925
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-14
  • 来自:
发表于: 2007-04-14 19:18 | 短消息 资料
字号: 10楼

[CODE]

2007-04-14,18:47:41

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KASStart><"D:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE" -Startup>  [Kingsoft Corporation]
    <KavPFW><"D:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <swg><D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IEXPLORER><rem D:\WINDOWS\feifei-2.exe>  [N/A]
    <Jiangmin KVFW><D:\Program Files\KVFW\KvfwMcl.exe -silent>  [Jiangmin Corp]
    <KavStart><"D:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <IMSCMig><D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><D:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><D:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [(Verified)"beijing yahoo consulting and service co., ltd."]

==================================
启动文件夹
N/A

==================================
服务
[Indexing Services / CiSvrc][Stopped/Auto Start]
  <D:\WINDOWS\system32\NeroCheck.exe><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"D:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[KVWSC / KVWSC][Stopped/Disabled]
  <"D:\Program Files\KVFW\KVwsc.exe"><Jiangmin Co.Ltd>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <D:\KAV2007\KWatch.EXE><Kingsoft Corporation>

==================================
驱动程序
[Network Fire Hydrant / HdFw_slot][Running/Auto Start]
  <\??\D:\Program Files\KVFW\hdfw.sys><北京江民新科技术有限公司>
[hzlidqwd / hzlidqwd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hzlidqwd.sys><Yahoo! China Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\D:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\网络软件\tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\Program Files\网络软件\tencent\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>

==================================
浏览器加载项
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\Program Files\网络软件\FlashGet\jccatch.dll, www.flashget.com>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <D:\KAV2007\KAVAFish.dll, Kingsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <E:\Program Files\网络软件\FlashGet\getflash.dll, www.flashget.com>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\网络软件\QQ.EXE, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\Program Files\网络软件\FlashGet\FlashGet.exe, FlashGet.com>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\Program Files\网络缛软砑件\FlashGet\fgiebar.dll, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <D:\WINDOWS\opuc.dll, Microsoft Corporation>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <D:\WINDOWS\system32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\Program Files\网络软件\FlashGet\jccatch.dll, www.flashget.com>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <D:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <D:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <D:\KAV2007\KAVAFish.dll, Kingsoft Corporation>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <D:\PROGRA~1\KOS\KOSClean.OCX, 金山软件股份有限公司>
[Windows Media Player]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT