2006-10-13,08:54:16

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
(SoundMAXPnP)(C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe) [Analog Devices, Inc.]
(SoundMAX)("C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray) [Analog Devices, Inc.]
(IgfxTray)(C:\WINDOWS\system32\igfxtray.exe) [Intel Corporation]
(HotKeysCmds)(C:\WINDOWS\system32\hkcmd.exe) [Intel Corporation]
(StormCodec_Helper)("C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) [N/A]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(DAEMON Tools-1033)("C:\Program Files\D-Tools\daemon.exe" -lang 1033) [DAEMON'S HOME]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(SoundMam)(; C:\WINDOWS\system32\SVOHOST.exe) [N/A]
(Vcrmon)(C:\Program Files\Virus Chaser\Vcrmon.exe) [New Technology Wave Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(webwork)(C:\WINDOWS\webwork\webwork.dll) [MSWebwork Cop.]

启动文件夹

[Adobe Gamma Loader]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --) C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.])(N)



--------------------------------------------------------------------------------



服务

[Application Checker for Windows / appcheck]
(C:\WINDOWS\system32\appcheck.exe)(N/A)
[Windows Application Checker / checkapp]
(C:\WINDOWS\system32\checkapp.exe)(N/A)
[DHCP Client / Dhcp]
(C:\WINDOWS\system32\svchost.exe -k netsvcs--)%SystemRoot%\System32\dhcpcsvc.dll)(Microsoft Corporation)
[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[JMediaService / JMediaService]
(C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service)(Microsoft Corporation)
[Server / lanmanserver]
(C:\WINDOWS\system32\svchost.exe -k netsvcs--)%SystemRoot%\System32\srvsvc.dll)(Microsoft Corporation)
[Windows Installer / MSIServer]
(C:\WINDOWS\system32\msiexec.exe /V)(Microsoft Corporation)
[Network Connections / Netman]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\netman.dll)(Microsoft Corporation)
[Remote Access Connection Manager / RasMan]
(C:\WINDOWS\system32\svchost.exe -k netsvcs--)%SystemRoot%\System32\rasmans.dll)(Microsoft Corporation)
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
(C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe)(Analog Devices, Inc.)
[Print Spooler / Spooler]
(C:\WINDOWS\system32\spoolsv.exe)(Microsoft Corporation)
[StdService / StdService]
(C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service)(Microsoft Corporation)
[Telephony / TapiSrv]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\tapisrv.dll)(Microsoft Corporation)
[WebClient / WebClient]
(C:\WINDOWS\system32\svchost.exe -k LocalService--)%SystemRoot%\System32\webclnt.dll)(Microsoft Corporation)

驱动程序

[3kmirror / 3kmirror]
(system32\DRIVERS\3kmirror.sys)(3000soft.net)
[Microsoft Kernel Acoustic Echo Canceller / aec]
(system32\drivers\aec.sys)(Microsoft Corporation)
[Albus / Albus]
(\SystemRoot\system32\drivers\Albus.SYS)(N/A)
[CnsMinKP / CnsMinKP]
(\SystemRoot\system32\drivers\CnsMinKP.sys)(Copyright (C) 3721 Corporation.)
[ETTouch Driver / ETTouch]
(C:\WINDOWS\SYSTEM32\DRIVERS\ETTouch.SYS)(N/A)
[hardlock / hardlock]
(\??\C:\WINDOWS\system32\drivers\hardlock.sys)(Aladdin Knowledge Systems)
[Haspnt / Haspnt]
(\??\C:\WINDOWS\system32\drivers\Haspnt.sys)(Aladdin Knowledge Systems)
[HOSTNT / HOSTNT]
(\??\C:\WINDOWS\system32\drivers\hostnt.sys)(N/A)
[HTTP / HTTP]
(System32\Drivers\HTTP.sys)(Microsoft Corporation)
[ialm / ialm]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[IP Network Address Translator / IpNat]
(system32\DRIVERS\ipnat.sys)(Microsoft Corporation)
[MHDRV / MHDRV]
(\??\C:\WINDOWS\system32\drivers\mhdrv.sys)(Rainbow China Co,.Ltd)
[MidiSyn / MidiSyn]
(system32\drivers\MidiSyn.sys)(Analog Devices Inc)
[MRxSmb / MRxSmb]
(system32\DRIVERS\mrxsmb.sys)(Microsoft Corporation)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RCMHDOG / RCMHDOG]
(\??\C:\WINDOWS\system32\drivers\rcmhdog.sys)(Rainbow China Co.,Ltd)
[Rdbss / Rdbss]
(system32\DRIVERS\rdbss.sys)(Microsoft Corporation)
[RDPWD / RDPWD]
(C:\WINDOWS\SYSTEM32\DRIVERS\RDPWD.SYS)(Microsoft Corporation)
[ROCKEYNT / ROCKEYNT]
(\??\C:\WINDOWS\system32\drivers\Rockeynt.sys)(FeiTian Tech Co.,Ltd)
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023]
(system32\DRIVERS\Rtlnic51.sys)(Realtek Semiconductor Corporation)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(Macrovision Europe Ltd)
[senfilt / senfilt]
(system32\drivers\senfilt.sys)(Sensaura)
[Sentinel / Sentinel]
(\SystemRoot\System32\Drivers\SENTINEL.SYS)(N/A)
[smwdm / smwdm]
(system32\drivers\smwdm.sys)(Analog Devices, Inc.)
[Srv / Srv]
(system32\DRIVERS\srv.sys)(Microsoft Corporation)
[st3wolf / st3wolf]
(system32\DRIVERS\st3wolf.sys)()
[stwlfbus / stwlfbus]
(\SystemRoot\system32\DRIVERS\stwlfbus.sys)()
[TCP/IP Protocol Driver / Tcpip]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)

浏览器加载项

[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, )
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} (C:\WINDOWS\SYSTEM32\stdup.dll, MStdup Co Ltd.)
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[易趣购物]
{DE607144-AC19-424e-865A-5D70ABDF119A} (http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, )
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} (C:\PROGRA~1\MMSASS~1\mmsass~1.dll, )
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} (C:\WINDOWS\SYSTEM32\stdup.dll, MStdup Co Ltd.)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.)
[ )) 彩信发送 ((]
(res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A)
[))彩信发送((]
(res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A)
[上传到QQ网络硬盘]
(I:\lunwen\QQ\AddToNetDisk.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(I:\lunwen\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(I:\lunwen\QQ\AddEmotion.htm, N/A)
[添加到雅虎订阅(&Y)]
(res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A)
[用QQ彩信发送该图片]
(I:\lunwen\QQ\SendMMS.htm, N/A)
[雅虎搜索]
(res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A)

正在运行的进程

[PID: 464][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1380][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\webwork\webwork.nls] [MSWebwork Cop., 1, 0, 0, 1]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 1, 1, 3, 1035]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] [Yahoo!, 2, 1, 8, 1048]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [, 1, 2, 7, 1006]
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] [, 1, 2, 0, 6]
[C:\PROGRA~1\MMSASS~1\albus.dll] [Albus, 1, 0, 0, 2]
[C:\WINDOWS\SYSTEM32\stdup.dll] [MStdup Co Ltd., 3, 2, 2, 3]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3943]
[PID: 1520][C:\WINDOWS\system32\appcheck.exe] [N/A, N/A]
[PID: 1532][C:\WINDOWS\system32\checkapp.exe] [N/A, N/A]
[PID: 1548][C:\Program Files\3000soft\Red Spider\RSagent.exe] [N/A, N/A]
[C:\Program Files\3000soft\Red Spider\RSCLASS.dll] [N/A, N/A]
[C:\Program Files\3000soft\Red Spider\REDCOMM.dll] [3000soft.net, 2, 8, 0, 1051]
[C:\WINDOWS\system32\zlib1.dll] [N/A, 1.2.3]
[C:\WINDOWS\system32\REDHOOKS.dll] [3000soft.net, 2, 8, 0, 1051]
[PID: 1592][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] [, 1, 2, 0, 6]
[PID: 1680][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1792][C:\Program Files\3000soft\Red Spider\EPOINTER.EXE] [N/A, N/A]
[C:\Program Files\3000soft\Red Spider\REDCOMM.dll] [3000soft.net, 2, 8, 0, 1051]
[C:\WINDOWS\system32\zlib1.dll] [N/A, 1.2.3]
[C:\Program Files\3000soft\Red Spider\RSCLASS.dll] [N/A, N/A]
[PID: 408][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 112][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 1, 57]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 0, 460]
[PID: 1252][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 0, 0, 18]
[PID: 1352][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.3943]
[PID: 1360][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3943]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3943]
[PID: 1280][C:\Program Files\D-Tools\daemon.exe] [DAEMON'S HOME, 3.33.0.0]
[C:\WINDOWS\daemon.dll] [ , 3.33.0.0]
[C:\Program Files\D-Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[PID: 1424][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[PID: 1412][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1748][C:\Program Files\Virus Chaser\Vcrmon.exe] [New Technology Wave Inc., 5, 0, 0, 101]
[PID: 932][C:\Program Files\Virus Chaser\SpiderNT.exe] [New Technology Wave Inc., 5, 0, 1, 104]
[PID: 1740][C:\Program Files\Virus Chaser\Spiderui.exe] [New Technology Wave Inc., 5, 0, 1, 104]
[PID: 1992][C:\DOCUME~1\23\LOCALS~1\Temp\Rar$EX00.469\sreng2\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[PID: 1568][C:\Program Files\Virus Chaser\Vcr32.exe] [New Technology Wave Inc., 5, 0, 1, 102]
[PID: 508][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 1, 1, 3, 1035]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll] [Yahoo., 1, 0, 2, 1002]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] [Yahoo!, 2, 1, 8, 1048]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [, 1, 2, 7, 1006]
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] [, 1, 2, 0, 6]
[C:\PROGRA~1\MMSASS~1\albus.dll] [Albus, 1, 0, 0, 2]
[C:\WINDOWS\SYSTEM32\stdup.dll] [MStdup Co Ltd., 3, 2, 2, 3]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

贴这帖子也辛苦,呵呵,谢谢高手帮忙啊,在线等=------------------

打开sreng 启动项注册表 删除如下项目
C:\WINDOWS\system32\SVOHOST.exe
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
开始 运行 输入 services.msc 找到 Application Checker for Windows / appcheck
Windows Application Checker / checkapp双击 停止并且将启动类型改为 已禁用
开始 运行 输入regedit 分别展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services（X代表任意，比如1，2 ，3……）

查找 Application Checker for Windows / appcheck
Windows Application Checker / checkapp目录，查到的清删除整个目录
重启计算机进入安全模式
显示所有文件并且显示隐藏的系统文件
删除如下文件
[PID: 1520][C:\WINDOWS\system32\appcheck.exe]
[PID: 1532][C:\WINDOWS\system32\checkapp.exe]
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\system32\zlib1.dll
下载超级兔子清理流氓软件