收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 最大恶疾
返回列表 发新帖
查看: 1920|回复: 5
收起左侧

[已解决] 最大恶疾

 关闭 [复制链接]
liaoying112
发表于 2007-7-23 10:35:42 | 显示全部楼层 |阅读模式

  2. 2007-07-23,10:22:08
  3. System Repair Engineer 2.5.16.900
  4. Smallfrogs (http://www.KZTechs.com)
  5. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  6. 以下内容被选中:
  7.     所有的启动项目(包括注册表、启动文件夹、服务等)
  8.     浏览器加载项
  9.     正在运行的进程(包括进程模块信息)
  10.     文件关联
  11.     Winsock 提供者
  12.     Autorun.inf
  13.     HOSTS 文件
  14.     进程特权扫描

  16. 启动项目
  17. 注册表
  18. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  19.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  20. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  21.     <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  22.     <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  23.     <Storm2Set><C:\WINDOWS\system32\rundll32.exe "D:\PROGRA~1\StormII\StormSet.dll",CheckEnv>  [(Verified)Beijing Baofeng Inc.]
  24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  25.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  26.     <Userinit><C:\WINDOWS\SYSTEM32\USERINIT.EXE,>  [(Verified)Microsoft Windows Publisher]
  27.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  28. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  29.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
  30. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  31.     <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
  32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  33.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  35.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  37.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  39.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  41.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  43.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  45.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
  46. [HKEY_CURRENT_USER\Control Panel\Desktop]
  47.     <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [N/A]
  48. ==================================
  49. 启动文件夹
  50. N/A
  51. ==================================
  52. 服务
  53. [MPSVC Service / MPSVCService][Running/Auto Start]
  54.   <C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
  55. [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  56.   <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
  57. ==================================
  58. 驱动程序
  59. [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  60.   <system32\drivers\ac97intc.sys><Intel Corporation>
  61. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  62.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  63. [AliIde / AliIde][Running/Boot Start]
  64.   <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
  65. [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  66.   <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
  67. [CmdIde / CmdIde][Running/Boot Start]
  68.   <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
  69. [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  70.   <system32\DRIVERS\e100b325.sys><Intel Corporation>
  71. [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  72.   <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
  73. [mp110001 / mp110001][Running/Auto Start]
  74.   <system32\drivers\mp110001.sys><MicroPoint Corporation>
  75. [mp110002 / mp110002][Running/Auto Start]
  76.   <system32\drivers\mp110002.sys><Micropoint Corporation>
  77. [mp110003 / mp110003][Running/Boot Start]
  78.   <\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
  79. [mp110004 / mp110004][Running/Auto Start]
  80.   <system32\drivers\mp110004.sys><Micropoint Corporation>
  81. [mp110005 / mp110005][Running/Manual Start]
  82.   <system32\drivers\mp110005.sys><Micropoint Corporation>
  83. [mp110006 / mp110006][Running/System Start]
  84.   <system32\drivers\mp110006.sys><Micropoint Corporation>
  85. [mp110007 / mp110007][Running/System Start]
  86.   <system32\drivers\mp110007.sys><Micropoint Corporation>
  87. [mp110008 / mp110008][Running/Auto Start]
  88.   <system32\drivers\mp110008.sys><Micropoint Corporation>
  89. [mp110009 / mp110009][Running/System Start]
  90.   <system32\drivers\mp110009.sys><Micropoint Corporation>
  91. [mp110010 / mp110010][Running/Boot Start]
  92.   <\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
  93. [mp110011 / mp110011][Running/System Start]
  94.   <system32\drivers\mp110011.sys><Micropoint Corporation>
  95. [mp110012 / mp110012][Stopped/Manual Start]
  96.   <system32\drivers\mp110012.sys><Micropoint Corporation>
  97. [mp110013 / mp110013][Running/Boot Start]
  98.   <\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
  99. [npkcrypt / npkcrypt][Stopped/Manual Start]
  100.   <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
  101. [npkycryp / npkycryp][Stopped/Manual Start]
  102.   <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
  103. [nv / nv][Running/Manual Start]
  104.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  105. [Padus ASPI Shell / pfc][Stopped/Manual Start]
  106.   <system32\drivers\pfc.sys><Padus, Inc.>
  107. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  108.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  109. [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
  110.   <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
  111. [Secdrv / Secdrv][Stopped/Manual Start]
  112.   <system32\DRIVERS\secdrv.sys><N/A>
  113. ==================================
  114. 浏览器加载项
  115. [FGCatchUrl]
  116.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
  117. [FlashGet GetFlash Class]
  118.   {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
  119. [快车]
  120.   {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
  121. [Office Genuine Advantage Validation Tool]
  122.   {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
  123. [MUWebControl Class]
  124.   {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
  125. [AxInputControl Class]
  126.   {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
  127. [HTML Document]
  128.   {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
  129. [FGCatchUrl]
  130.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
  131. [Shell Name Space]
  132.   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
  133. [Microsoft Web 浏览器]
  134.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
  135. [SearchAssistantOC]
  136.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  137. [Shockwave Flash Object]
  138.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  139. [FlashGet GetFlash Class]
  140.   {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
  141. [FGAutoLive]
  142.   {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
  143. [FGCatchUrl]
  144.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
  145. [&使用快车(FlashGet)下载]
  146.   <C:\Program Files\FlashGet\jc_link.htm, N/A>
  147. [&使用快车(FlashGet)下载全部链接]
  148.   <C:\Program Files\FlashGet\jc_all.htm, N/A>
  149. [导出到 Microsoft Office Excel(&X)]
  150.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  151. [添加到QQ表情]
  152.   <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
  153. ==================================
  154. 正在运行的进程
  155. [PID: 620 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  156. [PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  157. [PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  158.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  159.     [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
  160.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  161. [PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  162.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  163. [PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  164.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  165. [PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  166.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  167. [PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  168.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  169. [PID: 1376 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  170.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  171. [PID: 1480 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  172.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  173. [PID: 1588 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  174.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  175. [PID: 1768 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  176.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  177. [PID: 1928 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
  178.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  179. [PID: 424 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  180.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  181. [PID: 1224 / admin][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  182. [PID: 1212 / admin][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  183.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  184.     [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  185.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  186.     [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  187.     [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
  188.     [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
  189.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
  190.     [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
  191. [PID: 2072 / admin][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  192.     [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.8198]
  193.     [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
  194.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  195. [PID: 3232 / admin][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  196. [PID: 4056 / admin][C:\Program Files\Tencent\QQ\QQMusic.exe]  [Tencent, 7, 8, 106, 85]
  197.     [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
  198.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  199.     [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
  200.     [C:\Program Files\Tencent\QQ\QQMusicUI.dll]  [Tencent, 7, 8, 106, 85]
  201.     [C:\Program Files\Tencent\QQ\riched20.dll]  [Microsoft Corporation, 5.31.23.1218]
  202.     [C:\Program Files\Tencent\QQ\QQMusicSkin.dll]  [, 2, 2, 103, 21]
  203.     [C:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
  204.     [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
  205.     [C:\PROGRA~1\Tencent\QQ\VQQPLA~1.OCX]  [Tencent Technology (Shenzhen) Company Limited, 3, 6, 107, 63]
  206.     [C:\PROGRA~1\Tencent\QQ\vqqsdl.dll]  [Tencent Technology (Shenzhen) Company Limited, 3, 6, 107, 63]
  207.     [C:\PROGRA~1\Tencent\QQ\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
  208.     [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
  209.     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  210.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  211.     [C:\WINDOWS\system32\wmpeffects.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
  212.     [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
  213.     [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  214.     [D:\Program Files\StormII\Codec\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
  215. [PID: 2068 / admin][D:\Program Files\KWMUSIC\KwMV.exe]  [N/A, ]
  216.     [D:\Program Files\KWMUSIC\KwLogSvr.dll]  [N/A, ]
  217.     [D:\Program Files\KWMUSIC\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
  218.     [D:\Program Files\KWMUSIC\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  219.     [D:\Program Files\KWMUSIC\lidx.dll]  [N/A, ]
  220. [PID: 3484 / admin][G:\SREngPS\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
  221.     [G:\SREngPS\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
  222.     [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10034]
  223. ==================================
  224. 文件关联
  225. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  226. .EXE  OK. ["%1" %*]
  227. .COM  OK. ["%1" %*]
  228. .PIF  OK. ["%1" %*]
  229. .REG  OK. [regedit.exe "%1"]
  230. .BAT  OK. ["%1" %*]
  231. .SCR  OK. ["%1" /S]
  232. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  233. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  234. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  235. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  236. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  237. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  238. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  239. ==================================
  240. Winsock 提供者
  241. N/A
  242. ==================================
  243. Autorun.inf
  244. N/A
  245. ==================================
  246. HOSTS 文件
  247. 127.0.0.1 localhost
  248. 127.0.0.1 www.krvkr.com
  249. 127.0.0.1 www.scad.cn
  250. 127.0.0.1 www.ironmail.cn
  251. 127.0.0.1 www.ok458888.com
  252. 127.0.0.1 www.gd001.net
  253. 127.0.0.1 www.beecool.net
  254. 127.0.0.1 www.ok458888.com
  255. 127.0.0.1 www.scad.cn
  256. 127.0.0.1 www.iloveck.com
  257. 127.0.0.1 www.wmsjsf.com
  258. 127.0.0.1 www.wangzheqiaodan.com
  259. 127.0.0.1 www.v0day.com
  260. 127.0.0.1 www.i5460.net
  261. 127.0.0.1 www.xxx.com
  262. 127.0.0.1 www.hackeroo.com
  263. 127.0.0.1 www.18dmm.com
  264. 127.0.0.1 www.xxx.com
  265. 127.0.0.1 5y5.us
  266. 127.0.0.1 16a.us
  267. 127.0.0.1 35561.com
  268. ==================================
  269. 进程特权扫描
  270. 特殊特权被允许: SeLoadDriverPrivilege [PID = 4056, C:\PROGRAM FILES\TENCENT\QQ\QQMUSIC.EXE]
  271. 特殊特权被允许: SeLoadDriverPrivilege [PID = 2068, D:\PROGRAM FILES\KWMUSIC\KWMV.EXE]
  272. ==================================
  273. API HOOK
  274. N/A
  275. ==================================
  276. 隐藏进程
  277.     [1188] C:\Program Files\Tencent\QQ\QQ.exe
  278.     [2112] C:\Program Files\Tencent\QQ\TIMPlatform.exe
  279.     [2336] C:\WINDOWS\system32\ctfmon.exe
  280. ==================================
复制代码
回复

举报

liaoying112
 楼主| 发表于 2007-7-23 10:36:02 | 显示全部楼层
帮我分析下
回复

举报

bxhaai
发表于 2007-7-23 10:36:28 | 显示全部楼层
病毒还是什么?
回复

举报

cbz107
发表于 2007-7-23 11:24:56 | 显示全部楼层
http://bbs.kafan.cn/viewthread.php?tid=43152&extra=&page=1

我太懒,没看下去
回复

举报

jlennon
头像被屏蔽
发表于 2007-7-23 13:28:22 | 显示全部楼层
粗略看了下,要重置hosts,有隐藏进程,先用IS,gmer,wsyscheck等删除隐藏进程文件,然后sreng配合修复。
回复

举报

zhangshunzz
头像被屏蔽
发表于 2007-7-23 13:31:24 | 显示全部楼层
有问题吗???
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-26 09:40 , Processed in 0.124039 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表