[CODE]

2007-03-12,16:38:52

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <SoundMix><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\trtbc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptimg.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[Indexing Data / MOBILL][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\KFEAS.DLL,Export 1087><N/A>
[SQLServer Supports / sqlservech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[Provisioning Transaction Service / ttt_14][Stopped/Auto Start]
  <C:\WINDOWS\system32\win.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Windows Media Connect Service / WmdmPmSp][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
[WMI Performance Adapter / WmiApSrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\wbem\wmiapsrv.exe><Microsoft Corporation>

==================================
驱动程序
[ADProt / ADProt][Running/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[adpu64 / adpu64][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\adpu64.sys><N/A>
[ast / ast][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[BIOS / BIOS][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\BIOS.sys><BIOSTAR Group>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[fdyqmml / fdyqmml][Running/Boot Start]
  <\SystemRoot\system32\drivers\fdyqmml.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gwiopm / gwiopm][Stopped/Manual Start]
  <\??\D:\y优化大师\gwiopm.sys><N/A>
[hidproc / hidproc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
[https / https][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\https.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[KSKNIGHT / KSKNIGHT][Stopped/Manual Start]
  <\??\E:\上古传说\KSKNIGHT.SYS><Kingsoft>
[lahlxui / lahlxui][Running/Boot Start]
  <\SystemRoot\system32\drivers\lahlxui.sys><>
[lanfs / lanfs][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\lanfs.sys><N/A>
[lenfpgjj / lenfpgjj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lenfpgjj.sys><N/A>
[ndcia / ndcia][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ndcia.sys><Microsoft Corporation>
[nnkbpbd / nnkbpbd][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\nnkbpbd.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\qq\npkycryp.sys><N/A>
[PANTECH GSM Handset USB Device driver (WDM) / pan_bus][Stopped/Manual Start]
  <system32\DRIVERS\pan_bus.sys><MCCI>
[PANTECH GSM Handset EMMI Drivers (WDM) / pan_emmi][Stopped/Manual Start]
  <system32\DRIVERS\pan_emmi.sys><MCCI>
[PANTECH GSM Handset Filter / pan_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\pan_mdfl.sys><MCCI>
[PANTECH GSM Handset Drivers / pan_mdm][Stopped/Manual Start]
  <system32\DRIVERS\pan_mdm.sys><MCCI>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Samsung Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start]
  <system32\DRIVERS\ssm_bus.sys><MCCI>
[Samsung Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdfl.sys><MCCI>
[Samsung Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdm.sys><MCCI>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Virtual CD-ROM Device Driver / vcdrom][Stopped/System Start]
  <\??\I:\MSVCD\VCDROM.SYS><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================

浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\x迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[]
  {948a0409-bacd-491f-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\491fntos.dll, N/A>
[]
  {ff00ae0d-822b-4feb-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\4febcfsb.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\x迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[bacd]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\491fntos.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {049585F6-38ED-4377-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4377ntos.dll, N/A>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\x迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
  {2CD42F33-8140-4DCE-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4dcecfsb.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\x迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[]
  {938B0533-EBDC-4CB9-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4cb9cfsb.dll, N/A>
[]
  {948A0409-BACD-491F-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\491fntos.dll, N/A>
[]
  {A6D4753F-17A3-4AF0-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4af0cfsb.dll, N/A>
[]
  {AFBEE8C0-1846-4A82-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4a82ntos.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
  {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSCLT.DLL, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[bacd]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\491fntos.dll, N/A>
[]
  {FF00AE0D-822B-4FEB-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4febcfsb.dll, N/A>
[&使用迅雷下载]
  <D:\x迅雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\x迅雷\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>

正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 732][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 880][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ntxml.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 1184][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 1516][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\sqlservech.dll]  [Microsoft Corporation, 6.6.3791.1832]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 1480][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
[PID: 3500][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
    [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 10.00.00.3802]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\trtbc.dll]  [, 5, 3, 1, 120]
[PID: 4008][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbnaxp.dll]  [Microsoft Corporation, 5.1.1800.2813]
[PID: 3904][D:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 42]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2596][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 2012][C:\DOCUME~1\开轩\LOCALS~1\Temp\Rar$EX00.422\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\HideHook.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

HOSTS 文件
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnic.com.cn
127.0.0.1www.ccnnlc.com
127.0.0.1www.ccnnlc.com.cn
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
{后面还有很多......}

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF800BB25)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF800BD67)
LoadLibraryExW (危险等级: ,  被下面模块所HOOK: )
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF800BC49)
入口点错误：FreeLibrary (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x5F00002D)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF800BE8F)

==================================
隐藏进程
N/A

==================================


[/CODE]

下面这些有问题,修复后删除相应文件
1. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<SoundMix><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St> []
2. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\trtbc.dll> []
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [N/A]
4. [Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
5. [Provisioning Transaction Service / ttt_14][Stopped/Auto Start]
<C:\WINDOWS\system32\win.exe><N/A>
6. [WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation
7. [Windows Media Connect Service / WmdmPmSp][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
8. [adpu64 / adpu64][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\adpu64.sys><N/A>
9. [ast / ast][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ast.sys><N/A
10. [npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\qq\npkycryp.sys><N/A>

11. [lenfpgjj / lenfpgjj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lenfpgjj.sys><N/A>
12. [lanfs / lanfs][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><N/A>
13. [lahlxui / lahlxui][Running/Boot Start]
<\SystemRoot\system32\drivers\lahlxui.sys><>
14. [https / https][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\https.sys><N/A>
15. [hidproc / hidproc][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
下面两个看下是不是你的东西,如不是也干掉
[fdyqmml / fdyqmml][Running/Boot Start]
<\SystemRoot\system32\drivers\fdyqmml.sys><N/A>
[nnkbpbd / nnkbpbd][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nnkbpbd.sys><N/A>
修复后重启到安全模式删除文件

自己看"正在运行的进程"里有什么不对的,不是你的就删除

HOSTS 文件
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.com.cn
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1ad.pvka.com.cn
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.net
127.0.0.1huajundown.net
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnic.com.cn
127.0.0.1www.ccnnlc.com
127.0.0.1www.ccnnlc.com.cn
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
{后面还有很多......}
都删除了(只留127.0.0.1      localhost)
请空临时文件夹后就查不多了

大哥,怎么修复这些?

1. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<SoundMix><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St> []
2. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\trtbc.dll> []
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [N/A]
4. [Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
5. [Provisioning Transaction Service / ttt_14][Stopped/Auto Start]
<C:\WINDOWS\system32\win.exe><N/A>
6. [WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation
7. [Windows Media Connect Service / WmdmPmSp][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
8. [adpu64 / adpu64][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\adpu64.sys><N/A>
9. [ast / ast][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ast.sys><N/A
10. [npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\qq\npkycryp.sys><N/A>

11. [lenfpgjj / lenfpgjj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lenfpgjj.sys><N/A>
12. [lanfs / lanfs][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\lanfs.sys><N/A>
13. [lahlxui / lahlxui][Running/Boot Start]
<\SystemRoot\system32\drivers\lahlxui.sys><>
14. [https / https][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\https.sys><N/A>
15. [hidproc / hidproc][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
下面两个看下是不是你的东西,如不是也干掉
[fdyqmml / fdyqmml][Running/Boot Start]
<\SystemRoot\system32\drivers\fdyqmml.sys><N/A>
[nnkbpbd / nnkbpbd][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nnkbpbd.sys><N/A>
修复后重启到安全模式删除文件

你扫描用的那东西

你扫描用的那东西

我没找到修复注册表的选项啊,麻烦你给截个图看看.谢谢