pprotect.sys bbs.ikaka.com

我中病毒 - 2006-7-25 15:00:00

将日志传上
Logfile of HijackThis v1.99.1
Scan saved at 11:05:22, on 2006-7-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\KVNET\KVSrvXP.exe
C:\KVNET\KVMonXP.kxp
C:\WINDOWS\system32\ctfmon.exe
d:\rfw\RfwMain.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\KVNET\TrojDie.kxp
C:\KVNET\KRegEx.exe
D:\program files\Mozilla Firefox\firefox.exe
G:\实用软件\杀毒、系统\HijackThis1.99.1\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KVNET\KvShell_1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KVNET\KvShell_1.dll
O4 - HKLM\..\Run: [KvMonXP] C:\KVNET\KVMonXP.kxp /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - C:\KVNET\KVSrvXP.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\rfw\rfwsrv.exe

baohe - 2006-7-25 15:03:00

【回复“我中病毒”的帖子】
不知道你这个图是否是IS的SSDT。
如果是，不少安全软件的项目在这里都可显示为红色，并非病毒/木马。
下图是我的SSM和卡巴斯基在SSDT列表中的项目

附件: 1558472006725145523.jpg

我中病毒 - 2006-7-25 15:12:00

哦,是IS的SSDT
可是我的机器打开第一个页面后,再点击其他的就上不去了,有时刷新一下就有可以了,这是为什么呀.我在网上查了一下说是什么驱动病毒,只有原理的讲解,没有去除的方法.

我中病毒 - 2006-7-25 15:14:00

在请您给看看上面的日志有问题吗

baohe - 2006-7-25 15:20:00

引用:

【我中病毒的贴子】在请您给看看上面的日志有问题吗
...........................

如果怀疑有驱动级木马，请用autoruns扫日志贴上来。
HJ扫不到驱动项。

mopery - 2006-7-25 15:49:00

你装俩个杀软建议卸载掉一个..

我中病毒 - 2006-7-25 15:59:00

一个是杀毒的,一个是防火墙

我中病毒 - 2006-7-25 16:01:00

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

+ rdpclipRDP Clip MonitorMicrosoft Corporationc:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ KvMonXPKVmonxpJiangMin Ltd.c:\kvnet\kvmonxp.kxp

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCTF LoaderMicrosoft Corporationc:\windows\system32\ctfmon.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ Class Install HandlerOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ deflateOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ gzipOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ lzdhtmlOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ text/webviewhtmlWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ text/xmlMicrosoft Office XML MIME FilterMicrosoft Corporationc:\program files\common files\microsoft shared\office11\msoxmlmf.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ aboutMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ cdlOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ dvdActiveX control for streaming videoMicrosoft Corporationc:\windows\system32\msvidctl.dll

+ fileOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ ftpOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ gopherOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ httpOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ httpsOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\windows\system32\itss.dll

+ javascriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ localOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ mailtoMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ mhtmlMicrosoft Internet Messaging APIMicrosoft Corporationc:\windows\system32\inetcomm.dll

+ mkOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ ms-itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\windows\system32\itss.dll

+ resMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ sysimageMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ tvActiveX control for streaming videoMicrosoft Corporationc:\windows\system32\msvidctl.dll

+ vbscriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll

+ wiaWIA Scripting LayerMicrosoft Corporationc:\windows\system32\wiascr.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0文件未找到: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Internet ExplorerWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6文件未找到: d:\Program Files\Outlook Express\setup50.exe

+ Microsoft Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\windows\inf\unregmp2.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Outlook ExpressWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Themes SetupMicrosoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ Windows Messenger 4.7ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ 通讯簿 6文件未找到: d:\Program Files\Outlook Express\setup50.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurnWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ PostBootReminderWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\windows\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget%Photo Printing WizardMicrosoft Corporationc:\windows\system32\photowiz.dll

+ .CAB file viewerCabinet File Viewer Shell ExtensionMicrosoft Corporationc:\windows\system32\cabview.dll

+ ActiveX 高速缓存文件夹Object Control ViewerMicrosoft Corporationc:\windows\system32\occache.dll

+ Audio Media Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ Auto Update Property Sheet ExtensionAutomatic Updates Control PanelMicrosoft Corporationc:\windows\system32\wuaucpl.cpl

+ Avi Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ BandProxyShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ CDF Extension Copy HookShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Channel MenuChannel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll

+ Channel PropertiesChannel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll

+ Code Download AgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ Compatibility PageCompatibility Tab Shell Extension DLLMicrosoft Corporationc:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Right Drag HandlerCompressed (zipped) FoldersMicrosoft Corporationc:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo TargetCompressed (zipped) FoldersMicrosoft Corporationc:\windows\system32\zipfldr.dll

+ ConnectionAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ Crypto PKO ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\windows\system32\cryptext.dll

+ Crypto Sign ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\windows\system32\cryptext.dll

+ Darwin App PublisherShell Application ManagerMicrosoft Corporationc:\windows\system32\appwiz.cpl

+ DfsShellDistributed File System shell extensionMicrosoft Corporationc:\windows\system32\dfsshlex.dll

+ Directory Context Menu VerbsDirectory Service Common UIMicrosoft Corporationc:\windows\system32\dsuiext.dll

+ Directory Object FindDirectory Service FindMicrosoft Corporationc:\windows\system32\dsquery.dll

+ Directory Property UIDirectory Service Common UIMicrosoft Corporationc:\windows\system32\dsuiext.dll

+ Directory Query UIDirectory Service FindMicrosoft Corporationc:\windows\system32\dsquery.dll

+ Directory Start/Search FindDirectory Service FindMicrosoft Corporationc:\windows\system32\dsquery.dll

+ Disk Copy ExtensionWindows DiskCopyMicrosoft Corporationc:\windows\system32\diskcopy.dll

+ Disk Quota UIWindows Shell Disk Quota UI DLLMicrosoft Corporationc:\windows\system32\dskquoui.dll

+ Display Adapter CPL ExtensionAdvanced display adapter propertiesMicrosoft Corporationc:\windows\system32\deskadp.dll

+ Display Monitor CPL ExtensionAdvanced display monitor propertiesMicrosoft Corporationc:\windows\system32\deskmon.dll

+ Display Panning CPL Extension文件未找到: deskpan.dll

我中病毒 - 2006-7-25 16:02:00

+ Display TroubleShoot CPL ExtensionAdvanced display performance propertiesMicrosoft Corporationc:\windows\system32\deskperf.dll

+ DS Security PageDirectory Service Security UIMicrosoft Corporationc:\windows\system32\dssec.dll

+ Extensions Manager FolderExtensions ManagerMicrosoft Corporationc:\windows\system32\extmgr.dll

+ Favorites BandShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ FTP Folders WebviewMicrosoft Internet Explorer FTP Folder Shell ExtensionMicrosoft Corporationc:\windows\system32\msieftp.dll

+ GDI+ 文件缩略图解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ HTML 缩略图的解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ ICC 配置文件Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll

+ ICM 打印机管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll

+ ICM 监视器管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll

+ ICM 扫描仪管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\windows\system32\icmui.dll

+ IE4 套件初始屏幕Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Installed Apps EnumeratorShell Application ManagerMicrosoft Corporationc:\windows\system32\appwiz.cpl

+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Internet Name SpaceShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ InternetShortcutShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ ISFBand OCShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ KodakShellExtensionShell Extension Resource DLLEastman Kodak Companyc:\program files\common files\kodak\ifscore\kodakshx.dll

+ Microsoft Agent Character Property Sheet HandlerMicrosoft Agent Property Sheet HandlerMicrosoft Corporationc:\windows\msagent\agentpsh.dll

+ Microsoft AutoCompleteShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Microsoft Browser ArchitectureShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Microsoft BrowserBandShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Microsoft DocProp Inplace Calendar ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time ControlMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell ExtMicrosoft DocProp Shell ExtMicrosoft Corporationc:\windows\system32\docprop2.dll

+ Microsoft Internet 工具栏Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationd:\microsoft office\office11\msohev.dll

+ Microsoft Url History 服务Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Microsoft Url 搜索挂接Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Microsoft 多个自动完成列表容器Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Microsoft 历史自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Microsoft 外壳文件夹自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Midi Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ MMC Icon HandlerMMC Shell Extension DLLMicrosoft Corporationc:\windows\system32\mmcshext.dll

+ MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Multimedia File Property SheetControl Panel Drivers AppletMicrosoft Corporationc:\windows\system32\mmsys.cpl

+ MyDocs Copy HookMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll

+ MyDocs Drop TargetMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll

+ MyDocs PropertiesMy Documents Folder UIMicrosoft Corporationc:\windows\system32\mydocs.dll

+ NTFS Security PageSecurity Shell ExtensionMicrosoft Corporationc:\windows\system32\rshx32.dll

+ Offline Files Folder OptionsClient Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll

+ Offline Files MenuClient Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll

+ OLE Docfile Property PageOLE DocFile Property PageMicrosoft Corporationc:\windows\system32\docprop.dll

+ PlusPack CPL ExtensionWindows Theme APIMicrosoft Corporationc:\windows\system32\themeui.dll

+ Portable Media Devices便携媒体设备命令行解释器扩展Microsoft Corporationc:\windows\system32\audiodev.dll

+ Portable Media Devices Menu便携媒体设备命令行解释器扩展Microsoft Corporationc:\windows\system32\audiodev.dll

+ PostAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ Printers Security PageSecurity Shell ExtensionMicrosoft Corporationc:\windows\system32\rshx32.dll

+ Remote Sessions CPL ExtensionRemote Sessions CPL ExtensionMicrosoft Corporationc:\windows\system32\remotepg.dll

+ Search Assistant OCShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Sendmail serviceSend MailMicrosoft Corporationc:\windows\system32\sendmail.dll

+ Sendmail serviceSend MailMicrosoft Corporationc:\windows\system32\sendmail.dll

+ Set Program Access and DefaultsShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Shell Application ManagerShell Application ManagerMicrosoft Corporationc:\windows\system32\appwiz.cpl

+ Shell Automation Inproc ServiceShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Shell Band Site MenuShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Shell DocObject ViewerShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objectsNetwork object shell UIMicrosoft Corporationc:\windows\system32\ntlanui2.dll

+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\windows\system32\ntshrui.dll

+ Shell extensions for sharingShell extensions for sharingMicrosoft Corporationc:\windows\system32\ntshrui.dll

+ Shell Image Data FactoryWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image Property HandlerWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image VerbsWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell properties for a DS objectDirectory Service FindMicrosoft Corporationc:\windows\system32\dsquery.dll

+ Shell Scrap DataHandlerShell scrap object handlerMicrosoft Corporationc:\windows\system32\shscrap.dll

+ Shell Search BandShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Subscription MgrWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ Tasks Folder Icon HandlerTask Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll

+ Tasks Folder Shell ExtensionTask Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll

+ TrayAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ TridentImageExtractorShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ Video Media Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ Video Thumbnail ExtractorMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ Wav Properties HandlerMedia File Property Extractor Shell ExtensionMicrosoft Corporationc:\windows\system32\shmedia.dll

+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll

+ Web Printer Shell ExtensionPrint UI DLLMicrosoft Corporationc:\windows\system32\printui.dll

+ Web 搜索Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ WebCheck SyncMgr HandlerWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ WebCheckChannelAgentWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ WebCheckWebCrawlerWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu HandlerWindows Media Player LauncherMicrosoft Corporationc:\windows\system32\wmpshell.dll

+ Windows Script Host 的 Shell extensionsMicrosoft (r) Shell Extension for Windows Script HostMicrosoft Corporationc:\windows\system32\wshext.dll

+ WinRAR shell extensiond:\winrar3.5\rarext.dll

我中病毒 - 2006-7-25 16:03:00

帮助和支持Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 帮助和支持Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 补充的外壳文件夹Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 补充的外壳文件夹 2Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 窗格中的搜索Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 地址 EditBoxShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 地址(&A)Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 电子邮件Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 跟踪弹出栏Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 公文包Windows BriefcaseMicrosoft Corporationc:\windows\system32\syncui.dll

+ 管理工具Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 获取 Passport 向导Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll

+ 可访问的Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 历史记录Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 频道句柄对象Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll

+ 频道快捷方式Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll

+ 频道文件Channel Definition File ViewerMicrosoft Corporationc:\windows\system32\cdfview.dll

+ 全局文件夹设置Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 任务计划Task Scheduler interface DLLMicrosoft Corporationc:\windows\system32\mstask.dll

+ 任务栏和「开始」菜单Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll

+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll

+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll

+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll

+ 扫描仪和照相机Imaging Devices Shell Folder UIMicrosoft Corporationc:\windows\system32\wiashext.dll

+ 搜索Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 搜索区Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 通过 Web 订购照片Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll

+ 脱机文件夹Client Side Caching UIMicrosoft Corporationc:\windows\system32\cscui.dll

+ 外壳 DeskBarShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 外壳 DeskBarAppShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 外壳 Rebar BandSiteShell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 外壳出版向导对象Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll

+ 网络出版向导Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll

+ 网络连接Network Connections ShellMicrosoft Corporationc:\windows\system32\netshell.dll

+ 网络连接Network Connections ShellMicrosoft Corporationc:\windows\system32\netshell.dll

+ 下载状态Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 压缩(zipped)文件夹Compressed (zipped) FoldersMicrosoft Corporationc:\windows\system32\zipfldr.dll

+ 以前的版本Previous Versions property pageMicrosoft Corporationc:\windows\system32\twext.dll

+ 以前的版本属性页Previous Versions property pageMicrosoft Corporationc:\windows\system32\twext.dll

+ 用户(&P)...Find PeopleMicrosoft Corporationc:\program files\outlook express\wabfind.dll

+ 用户帮助Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 用户帐户Map Network Drives/Network Places WizardMicrosoft Corporationc:\windows\system32\netplwiz.dll

+ 预订文件夹Web Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

+ 运行...Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 摘要信息缩略图处理程序(DOCFILES)Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ 注册数目路选项实用程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 自定义 MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 字体Windows Font FolderMicrosoft Corporationc:\windows\system32\fontext.dll

+ 字体Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

+ 浏览器栏Shell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.d:\acrobat 7.0\activex\pdfshell.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedd:\acrobat 7.0\activex\acroiehelper.dll

+ BrowseHelper ClassShell PluginJiangMin Lmtc:\kvnet\kvshell_1.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\flashget\fgiebar.dll

+ VirusDoctorShell PluginJiangMin Lmtc:\kvnet\kvshell_1.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\flashget\flashget.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrvGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ BrowserGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ CryptSvcGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ DcomLaunchGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ DhcpGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ dmserverGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ DnscacheGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ ERSvcGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ EventlogServices and Controller appMicrosoft Corporationc:\windows\system32\services.exe

+ helpsvcGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ KVSrvXPKVSrvXPJiangMin New Tech Ltd.c:\kvnet\kvsrvxp.exe

我中病毒 - 2006-7-25 16:04:00

+ lanmanserverGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ lanmanworkstationGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ LmHostsGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ PlugPlayServices and Controller appMicrosoft Corporationc:\windows\system32\services.exe

+ PolicyAgentLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe

+ ProtectedStorageLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe

+ RemoteRegistryGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ RfwServiceRising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.d:\rfw\rfwsrv.exe

+ RpcSsGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ SamSsLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe

+ ScheduleGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ seclogonGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ SENSGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ SharedAccessGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ ShellHWDetectionGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ SpoolerSpooler SubSystem AppMicrosoft Corporationc:\windows\system32\spoolsv.exe

+ srserviceGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ stisvcGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ ThemesGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ TrkWksGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ UMWdfWindows User Mode Driver ManagerMicrosoft Corporationc:\windows\system32\wdfmgr.exe

+ W32TimeGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ WebClientGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ winmgmtGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ wscsvcGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ WZCSVCGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPIACPI Driver for NTMicrosoft Corporationc:\windows\system32\drivers\acpi.sys

+ aecMicrosoft Acoustic Echo CancellerMicrosoft Corporationc:\windows\system32\drivers\aec.sys

+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\windows\system32\drivers\afd.sys

+ ALCXWDMAvance AC'97 Audio Driver (WDM)Avance Logic, Inc.c:\windows\system32\drivers\alcxwdm.sys

+ AsyncMacMS Remote Access serial network driverMicrosoft Corporationc:\windows\system32\drivers\asyncmac.sys

+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\windows\system32\drivers\atapi.sys

+ AtmarpcIP/ATM Arp ClientMicrosoft Corporationc:\windows\system32\drivers\atmarpc.sys

+ audstubAudStub DriverMicrosoft Corporationc:\windows\system32\drivers\audstub.sys

+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys

+ CCDECODEWDM Closed Caption VBI CodecMicrosoft Corporationc:\windows\system32\drivers\ccdecode.sys

+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\windows\system32\drivers\cdrom.sys

+ Cdsys文件未找到: C:\WINDOWS\system32\cdcd.sys

+ DcCamKodak Digital Camera DriverEastman Kodak Companyc:\windows\system32\drivers\dccam.sys

+ DcFpointKodak Digital Camera FP DriverEastman Kodak Companyc:\windows\system32\drivers\dcfpoint.sys

+ DCFS2KKodak DC File System Driver (NT)Eastman Kodak Companyc:\windows\system32\drivers\dcfs2k.sys

+ DcLpsKodak Digital Camera LPS DriverEastman Kodak Companyc:\windows\system32\drivers\dclps.sys

+ DcPTPKodak Digital Camera PTP DriverEastman Kodak Companyc:\windows\system32\drivers\dcptp.sys

+ DiskPnP Disk DriverMicrosoft Corporationc:\windows\system32\drivers\disk.sys

+ dmioNT Disk Manager I/O DriverMicrosoft Corp., Veritas Softwarec:\windows\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverMicrosoft Corp., Veritas Software.c:\windows\system32\drivers\dmload.sys

+ DMusicMicrosoft Kernel DLS SynthesizerMicrosoft Corporationc:\windows\system32\drivers\dmusic.sys

+ drmkaudMicrosoft Kernel DRM Audio Descrambler FilterMicrosoft Corporationc:\windows\system32\drivers\drmkaud.sys

+ ExportitKodak DC File System driverEastman Kodak Companyc:\windows\system32\drivers\exportit.sys

+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\windows\system32\drivers\fdc.sys

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys

+ FlpydiskFloppy DriverMicrosoft Corporationc:\windows\system32\drivers\flpydisk.sys

+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\windows\system32\drivers\fsvga.sys

+ FtdiskFT Disk DriverMicrosoft Corporationc:\windows\system32\drivers\ftdisk.sys

+ GpcMS General Packet ClassifierMicrosoft Corporationc:\windows\system32\drivers\msgpc.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.d:\rfw\hookurl.sys

+ HTTPHTTP Protocol StackMicrosoft Corporationc:\windows\system32\drivers\http.sys

+ i8042prti8042 Port DriverMicrosoft Corporationc:\windows\system32\drivers\i8042prt.sys

+ ImapiIMAPI Kernel DriverMicrosoft Corporationc:\windows\system32\drivers\imapi.sys

+ Ip6FwIPv6 Windows Firewall DriverMicrosoft Corporationc:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriverIP FILTER DRIVERMicrosoft Corporationc:\windows\system32\drivers\ipfltdrv.sys

+ IpInIpIP in IP Encapsulation DriverMicrosoft Corporationc:\windows\system32\drivers\ipinip.sys

+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\windows\system32\drivers\ipnat.sys

+ IPSecIPSec DriverMicrosoft Corporationc:\windows\system32\drivers\ipsec.sys

+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\windows\system32\drivers\irenum.sys

+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\windows\system32\drivers\isapnp.sys

+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\windows\system32\drivers\kbdclass.sys

+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\windows\system32\drivers\kmixer.sys

+ KRegExTrojan and Registry MonitorJiangmin Co.c:\windows\system32\drivers\kregex.sys

+ KVDP_1KV2005 device driver for WinNTBeijing Jiangmin New Sci.&Tec. Co.Ltd.c:\kvnet\kvdp_1.sys

+ MouclassMouse Class DriverMicrosoft Corporationc:\windows\system32\drivers\mouclass.sys

+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.d:\rfw\mprocrs.sys

+ MSKSSRVMS KS ServerMicrosoft Corporationc:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\windows\system32\drivers\mspclock.sys

+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\windows\system32\drivers\mspqm.sys

+ mssmbiosSystem Management BIOS DriverMicrosoft Corporationc:\windows\system32\drivers\mssmbios.sys

+ MSTEEWDM Tee/Communication Transform Filter Microsoft Corporationc:\windows\system32\drivers\mstee.sys

+ NABTSFECWDM NABTS/FEC VBI CodecMicrosoft Corporationc:\windows\system32\drivers\nabtsfec.sys

+ NdisIPMicrosoft IP DriverMicrosoft Corporationc:\windows\system32\drivers\ndisip.sys

+ NdisTapiNDIS 3.0 connection wrapper driverMicrosoft Corporationc:\windows\system32\drivers\ndistapi.sys

+ NdisuioNDIS User mode I/O DriverMicrosoft Corporationc:\windows\system32\drivers\ndisuio.sys

+ NdisWanMS PPP Framing Driver (Strong Encryption)Microsoft Corporationc:\windows\system32\drivers\ndiswan.sys

+ NetBTMBT Transport driverMicrosoft Corporationc:\windows\system32\drivers\netbt.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\qq2006\npkcrypt.sys

+ NwlnkFltNWLINK2 Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwdNWLINK2 Forwarder DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkfwd.sys

+ ParportParallel Port DriverMicrosoft Corporationc:\windows\system32\drivers\parport.sys

+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\windows\system32\drivers\pci.sys

+ PptpMiniportPeer-to-Peer Tunneling ProtocolMicrosoft Corporationc:\windows\system32\drivers\raspptp.sys

+ ProcessorProcessor Device DriverMicrosoft Corporationc:\windows\system32\drivers\processr.sys

+ PSchedMS QoS Packet SchedulerMicrosoft Corporationc:\windows\system32\drivers\psched.sys

+ PtilinkParallel Technologies DirectParallel IO LibraryParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys

+ RasAcdRAS Automatic Connection DriverMicrosoft Corporationc:\windows\system32\drivers\rasacd.sys

+ Rasl2tpRAS L2TP mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\rasl2tp.sys

+ RasPppoeRAS PPPoE mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\raspppoe.sys

+ RasptiPTI DirectParallel(R) mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\raspti.sys

+ RDPCDDRDP MiniportMicrosoft Corporationc:\windows\system32\drivers\rdpcdd.sys

+ rdpdrMicrosoft RDP Device redirectorMicrosoft Corporationc:\windows\system32\drivers\rdpdr.sys

+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\windows\system32\drivers\redbook.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.d:\rfw\rsfwdrv.sys

+ S3SavageNBS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\windows\system32\drivers\s3gnbm.sys

+ Secdrvc:\windows\system32\drivers\secdrv.sys

我中病毒 - 2006-7-25 16:05:00

+ serenumSerial Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\serenum.sys

+ SerialSerial Device DriverMicrosoft Corporationc:\windows\system32\drivers\serial.sys

+ SLIPMicrosoft Slip Deframing Filter MinidriverMicrosoft Corporationc:\windows\system32\drivers\slip.sys

+ splitterMicrosoft Kernel Audio SplitterMicrosoft Corporationc:\windows\system32\drivers\splitter.sys

+ streamipMicrosoft IP Test DriverMicrosoft Corporationc:\windows\system32\drivers\streamip.sys

+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\windows\system32\drivers\swenum.sys

+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\windows\system32\drivers\swmidi.sys

+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\windows\system32\drivers\sysaudio.sys

+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\tcpip.sys

+ TermDDTerminal Server DriverMicrosoft Corporationc:\windows\system32\drivers\termdd.sys

+ UpdateUpdate DriverMicrosoft Corporationc:\windows\system32\drivers\update.sys

+ usbehciEHCI eUSB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbehci.sys

+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\windows\system32\drivers\usbhub.sys

+ usbprintUSB Printer driverMicrosoft Corporationc:\windows\system32\drivers\usbprint.sys

+ usbscanUSB Scanner DriverMicrosoft Corporationc:\windows\system32\drivers\usbscan.sys

+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\windows\system32\drivers\usbstor.sys

+ usbuhciUHCI USB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbuhci.sys

+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\windows\system32\drivers\vga.sys

+ viaagpVIA NT AGP FilterMicrosoft Corporationc:\windows\system32\drivers\viaagp.sys

+ ViaIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\windows\system32\drivers\viaide.sys

+ VIAudioVIA AC'97 Enhanced Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\viaudio.sys

+ WanarpMS Remote Access and Routing ARP DriverMicrosoft Corporationc:\windows\system32\drivers\wanarp.sys

+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\windows\system32\drivers\wdmaud.sys

+ WSTCODECWDM WST Codec DriverMicrosoft Corporationc:\windows\system32\drivers\wstcodec.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\windows\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

+ logonui.exeWindows Logon UIMicrosoft Corporationc:\windows\system32\logonui.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chainCrypto API32Microsoft Corporationc:\windows\system32\crypt32.dll

+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\windows\system32\cryptnet.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll

+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\windows\system32\sclgntfy.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

我中病毒 - 2006-7-25 16:05:00

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\logon.scrLogon Screen SaverMicrosoft Corporationc:\windows\system32\logon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B760C7C-B545-4E41-B04A-D59102CC7A66}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B760C7C-B545-4E41-B04A-D59102CC7A66}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EFF0780-594F-4F98-A150-1C0358FF165E}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EFF0780-594F-4F98-A150-1C0358FF165E}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7ABBD39-7843-422F-8562-52D2099365BF}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C7ABBD39-7843-422F-8562-52D2099365BF}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBA924D4-D825-4E32-A1B0-A4B2A9904539}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FBA924D4-D825-4E32-A1B0-A4B2A9904539}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]KVWspXPJiangMin Ltd.c:\windows\system32\kvwspxp.dll

+ MSAFD Tcpip [TCP/IP]KVWspXPJiangMin Ltd.c:\windows\system32\kvwspxp.dll

+ MSAFD Tcpip [UDP/IP]KVWspXPJiangMin Ltd.c:\windows\system32\kvwspxp.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll

+ EPSON V5 2KMonitorEPSON Bidirectional MonitorSEIKO EPSON CORPORATIONc:\windows\system32\ebpmon2.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll

+ Microsoft Document Imaging Writer MonitorMicrosoft? Document ImagingMicrosoft Corporationc:\windows\system32\mdimon.dll

+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll

+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

+ scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\windows\system32\scecli.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

+ kerberosKerberos Security PackageMicrosoft Corporationc:\windows\system32\kerberos.dll

+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll

+ schannelTLS / SSL Security ProviderMicrosoft Corporationc:\windows\system32\schannel.dll

+ wdigestMicrosoft Digest AccessMicrosoft Corporationc:\windows\system32\wdigest.dll

瑞星卡卡安全论坛