跪求,!今天中了病毒杀毒软件全部不打不开了。 bbs.ikaka.com

大家帮忙下 - 2009-6-9 12:54:00

我在安全模式下瑞星杀毒360全部打不开，我下了顽强360木马杀手也不行。

大家帮帮我啊，这个是我哥哥的电脑，弄烂了我不好说的啊。

跪求大家解决帮忙！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

夲號ヱ被ジ盜 - 2009-6-9 12:54:00

http://www.kztechs.com/sreng/download.html
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,
保存日志(LOG格式)
PS：如主程序SREng**.exe无法运行,
导致无法扫描日志将主程序改名为
我爱小狮子.bat或我爱小狮子.scr

大家帮忙下 - 2009-6-9 13:02:00

[CODE]

2009-06-09,13:03:00

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<PPS Accelerator><; > [N/A]
<Explorer><C:\WINDOWS\system32\drivers\TXP1atform.exe> []
<PPLiveVA><; > [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Nero AG]
<RavTray><"E:\瑞星杀毒\Rising\Rav\RsTray.exe" -system> []
<360Safetray><E:\360杀毒\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<RFWTray><"E:\瑞星防火墙\Rising\RFW\RsTray.exe" -system> []
<nwiz><nwiz.exe /install> []
<Grid Service><"C:\Program Files\GridService\peer.exe" -n Grid> [FS2YOU]
<Super Rabbit SafeEdit><E:\超级兔子\MagicSet\SRFC.EXE /Load> []
<updater><C:\WINDOWS\system32\updater.exe> [File is missing]
<IMJPMIG8.1><; > [N/A]
<PHIME2002A><; > [N/A]
<PHIME2002ASync><; > [N/A]
<StormCodec_Helper><; > [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<ming9bstart><C:\WINDOWS\system\ming9b090423.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon,> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{FCA4D3BE-C6C7-4F4D-9CBD-CB2666647ACA}><C:\WINDOWS\system32\EN7hzSreCat8.dll> []
<{028A997C-4262-4107-BD46-2ABBC6143E8C}><C:\WINDOWS\system32\efc0c52cc1.dll> []
<{6101B532-3E30-49FB-8594-F9B22338FF4A}><C:\WINDOWS\system32\DcXb7abe.dll> []
<{3816D07B-D6F9-403B-B7D7-EDE52959341B}><C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll> []
<{A23CA53C-731F-4033-92E8-C1DFB4E71D34}><C:\WINDOWS\system32\JBn2ypqY23vWX.dll> []
<{76B9BA7A-81D0-4979-8598-8471F2AB5186}><C:\WINDOWS\system32\76B9BA7A.dll> []
<{54DA5754-2475-4B55-8DFA-D0327C8F4A9E}><C:\WINDOWS\system32\hhnt2pBK.dll> []
<{A0C86020-5935-4B87-B20E-0B656D450264}><C:\WINDOWS\system32\A0C86020.dll> []
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll> []
<{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll> []
<{02845FCC-2BF4-4191-888D-18030FAA2074}><C:\WINDOWS\system32\UnsrA8Hec.dll> []
<{37C5D66A-8B1B-4545-8112-3751194F6A4A}><C:\WINDOWS\system32\taNjsFa2tT2Dh.dll> []
<{737858A9-9AEA-4838-9B49-54DA731F7F37}><C:\WINDOWS\system32\BMsg6pdMD4ht.dll> []
<{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll> []
<{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><C:\WINDOWS\system32\E4814792.dll> []
<{93EC6B33-16B4-4110-BBC1-8B4A20E321C5}><C:\WINDOWS\system32\uXrgQ8ZEp.dll> []
<{93DA1E7D-7C46-4F90-8674-EC90511FCA72}><C:\WINDOWS\system32\CDuAUVkGy9.dll> []
<{AF235511-A3CA-4AF6-BA10-C2D229B8A01B}><C:\WINDOWS\system32\t44y9a553NQ.dll> []
<{C722AD57-35DA-4460-8353-328372F32AB2}><C:\WINDOWS\system32\ufQCU5.dll> []
<{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll> []
<{11B10F7F-FB23-466D-BDC3-9591CF02EC17}><C:\WINDOWS\fonts\uXUsF2RrQy.fon> []
<{3D490B56-425C-4B8F-889E-0E391AD54DE8}><C:\WINDOWS\system32\wrGwvaDRB6M.dll> []
<{F653395D-C9C7-4026-ADD1-E88DD96BD650}><C:\WINDOWS\fonts\rsR933gQXyUh.fon> []
<{0D267113-499A-4EEF-998D-C45731C1B313}><C:\WINDOWS\system32\VnTU2WAqUcZA6.dll> []
<{51FC2309-B81E-4542-A0F1-E9A51297F2F4}><C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon> []
<{4679E74B-E5EE-458F-B613-2324AA1C817E}><C:\WINDOWS\system32\mR7Sg4vSx5TR.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360down.exe]
<IFEO[360down.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
<IFEO[360hotfix.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
<IFEO[360safe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
<IFEO[360safebox.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360upp.exe]
<IFEO[360upp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
<IFEO[agentsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
<IFEO[apvxdwin.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
<IFEO[ast.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
<IFEO[avcenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
<IFEO[avengine.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
<IFEO[avgnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
<IFEO[avguard.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
<IFEO[avltmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
<IFEO[avp32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe]
<IFEO[avtask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
<IFEO[bdagent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe]
<IFEO[bdwizreg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
<IFEO[boxmod.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
<IFEO[ccapp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe]

大家帮忙下 - 2009-6-9 13:03:00

<IFEO[ccenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
<IFEO[ccevtmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe]
<IFEO[ccregvfy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
<IFEO[ccsetmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
<IFEO[cqw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
<IFEO[ekrn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
<IFEO[enc98.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe]
<IFEO[extdb.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe]
<IFEO[frameworkservice.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe]
<IFEO[frwstub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe]
<IFEO[guardfield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe]
<IFEO[iparmor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
<IFEO[kaccore.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe]
<IFEO[kasmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
<IFEO[kav32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
<IFEO[kavstart.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
<IFEO[kavsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvcui.exe]
<IFEO[kavsvcui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe]
<IFEO[kislnchr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
<IFEO[kissvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
<IFEO[kmailmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe]
<IFEO[knownsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
<IFEO[kpfw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
<IFEO[kpfwsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe]
<IFEO[kregex.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe]
<IFEO[kvfw.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe]
<IFEO[kvmonxp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp]
<IFEO[kvmonxp.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
<IFEO[kvol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
<IFEO[kvprescan.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe]
<IFEO[kvsrvxp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp]
<IFEO[kvxp.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
<IFEO[kwatch.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
<IFEO[livesrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\makereport.exe]
<IFEO[makereport.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
<IFEO[mcagent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe]
<IFEO[mcdash.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe]
<IFEO[mcdetect.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
<IFEO[mcshield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
<IFEO[mctskshd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe]
<IFEO[mcvsescn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
<IFEO[mcvsshld.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
<IFEO[mghtml.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe]
<IFEO[naprdmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
<IFEO[navapsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
<IFEO[navapw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe]
<IFEO[navw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe]
<IFEO[nmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
<IFEO[nod32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe]
<IFEO[npfmntor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe]
<IFEO[oasclnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe]
<IFEO[pavsrv51.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe]
<IFEO[pfw.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe]
<IFEO[psctrls.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe]
<IFEO[psimreal.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe]
<IFEO[psimsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe]
<IFEO[qqdoctormain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
<IFEO[ras.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe]
<IFEO[ravmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe]
<IFEO[ravmond.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe]
<IFEO[ravstub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe]
<IFEO[ravtask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
<IFEO[rfwcfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
<IFEO[rfwmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
<IFEO[rfwproxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe]
<IFEO[rsagent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe]
<IFEO[rsmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
<IFEO[rsnetsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
<IFEO[rssafety.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe]
<IFEO[rstray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe]
<IFEO[safebank.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
<IFEO[safeboxtray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe]
<IFEO[scanfrm.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
<IFEO[sched.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
<IFEO[seccenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe]
<IFEO[secnotifier.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe]
<IFEO[SetupLD.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
<IFEO[shstat.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe]
<IFEO[smartup.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe]
<IFEO[sndsrvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe]
<IFEO[spbbcsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
<IFEO[symlcsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe]
<IFEO[tbmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmp6.exe]
<IFEO[tmp6.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe]
<IFEO[uihost.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe]
<IFEO[ulibcfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe]
<IFEO[updaterui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe]
<IFEO[uplive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe]
<IFEO[vcr32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe]
<IFEO[vcrmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
<IFEO[vptray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
<IFEO[vsserv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
<IFEO[vstskmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe ]
<IFEO[vstskmgr.exe ]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe]
<IFEO[webproxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
<IFEO[xcommsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe]
<IFEO[xnlscn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe]
<IFEO[修复工具.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe>貉wX韰]
<IFEO[修复工具.exe>貉wX韰]><ntsd -d> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<E:\影音风暴\Storm2009_531\stormliv.exe /asservice><北京暴风网际科技有限公司>
[ClipBook / ClipSrv][Stopped/Auto Start]
<C:\WINDOWS\java\classes\CLIPORV.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Microsoft Device Logical / porting][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k "porting"-->C:\WINDOWS\system32\4ce0a.dll><Microsoft Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<E:\瑞星杀毒\Rising\Rav\CCENTER.EXE><N/A>
[Rising RavTask Manager / RavTask][Stopped/Auto Start]
<"E:\瑞星杀毒\Rising\Rav\RavTask.exe" RavTask><N/A>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
<E:\瑞星防火墙\Rising\RFW\CCENTER.EXE><N/A>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<E:\瑞星防火墙\Rising\RFW\rfwsrv.exe><N/A>
[Rising RfwTask Manager / RfwTask][Stopped/Auto Start]
<"E:\瑞星防火墙\Rising\RFW\RavTask.exe" RfwTask><N/A>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<E:\瑞星杀毒\Rising\Rav\ScanFrm.exe><N/A>

大家帮忙下 - 2009-6-9 13:03:00

驱动程序
[360FkAdv / 360FkAdv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\360FkAdv.sys><N/A>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AlcwWmDrv / AlcwWmDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\AlcwWmDrv.sys><N/A>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[iebe / iebe][Running/Boot Start]
<\SystemRoot\system32\drivers\zgvlh.sys><N/A>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
<system32\DRIVERS\k750bus.sys><N/A>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
<system32\DRIVERS\k750mdfl.sys><N/A>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
<system32\DRIVERS\k750mdm.sys><N/A>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
<system32\DRIVERS\k750mgmt.sys><N/A>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
<system32\DRIVERS\k750obex.sys><N/A>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[klan / klan][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\klan.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pcidump / pcidump][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\pcidump.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qq2 / qq2][Stopped/Manual Start]
<\??\C:\Program Files\Internet Explorer\002.tmp><N/A>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
<system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
<\??\E:\瑞星防火墙\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
<\??\E:\瑞星防火墙\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Running/System Start]
<system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[SafeMon1 / SafeMon1][Running/System Start]
<\??\C:\WINDOWS\e20fc07d.dat><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[WmRegProDrv / WmRegProDrv][Stopped/Manual Start]
<System32\Drivers\WmRegProDrv.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360杀毒\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷5\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360杀毒\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[&U使用纳米机器人下载并收藏]
<E:\GG\NamiRobot\Data\du.html, N/A>

==================================
正在运行的进程
[PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\java\classes\CLIPORV.DLL] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[PID: 1284 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[PID: 1484 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[c:\windows\system32\appmgmts.dll] [N/A, ]
[C:\WINDOWS\System32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[PID: 1592 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1740 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[PID: 184 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[PID: 416 / Administrator][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\system32\QCNt.dll] [N/A, ]
[C:\WINDOWS\java\classes\CLIPORV.DLL] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8391]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8391]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[PID: 780 / Administrator][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp.tmp] [N/A, ]
[PID: 352 / Administrator][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 2, 0, 12]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[PID: 1428 / Administrator][C:\Program Files\GridService\peer.exe] [FS2YOU, 2, 1, 10, 8366]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[PID: 1504 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[PID: 1012 / Administrator][E:\PPS\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 171]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[e:\PPS\PPStream\1.1.0.2663\vodnet.dll] [PPStream Inc., 1, 0, 11, 209]
[e:\PPS\PPStream\1.1.0.2663\vodres.dll] [PPStream Inc., 1, 0, 11, 209]
[e:\PPS\PPStream\1.1.0.2663\ppssg.dll] [PPStream Inc., 1, 0, 11, 192]
[e:\PPS\PPStream\1.1.0.2663\fds.dll] [PPStream Inc., 1, 0, 0, 101]
[PID: 1948 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]

大家帮忙下 - 2009-6-9 13:05:00

[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[PID: 3756 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2376 / SYSTEM][E:\影音风暴\Storm2009_531\stormliv.exe] [北京暴风网际科技有限公司, 3, 9, 5, 22]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[E:\影音风暴\Storm2009_531\bfoptdll.dll] [北京暴风网际科技有限公司, 3, 8, 7, 16]
[E:\影音风暴\Storm2009_531\box\BoxLog.dll] [北京暴风网际科技有限公司, 3, 9, 2, 19]
[PID: 3500 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.109.1]
[C:\Program Files\Common Files\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.109.1]
[C:\Program Files\Common Files\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.109.1]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[PID: 4004 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8391]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1956 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\4ce0a.dll] [Microsoft Corporation, 1, 0, 0, 1]
[PID: 2284 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[PID: 272 / Administrator][D:\ctfmen.exe] [Microsoft Corporation, 5.01.0026]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8988]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[PID: 1120 / Administrator][C:\WINDOWS\system32\drivers\TXP1atform.exe] [N/A, ]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[PID: 1896 / Administrator][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[PID: 2616 / Administrator][C:\Program Files\GridService\peeradapter.exe] [FS2YOU, 2, 1, 10, 8366]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[PID: 392 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[E:\迅雷5\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\360杀毒\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1010]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.3492 (xpsp_sp2_gdr.081212-1610)]
[C:\WINDOWS\system\VchE7.tmp] [N/A, ]
[C:\WINDOWS\system\Vch1.tmp] [N/A, ]
[C:\WINDOWS\system\Vch3.tmp] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216]
[E:\瑞星杀毒\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[E:\迅雷5\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[PID: 6060 / Administrator][E:\迅雷5\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.9.662]
[E:\迅雷5\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\迅雷5\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 10, 73]
[E:\迅雷5\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 4, 2, 333]
[E:\迅雷5\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[E:\迅雷5\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 3, 2, 32]
[E:\迅雷5\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\迅雷5\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[E:\迅雷5\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 12]

byxxdrls - 2009-6-9 13:06:00

木马群，建议先用金山急救箱解决。http://bbs.duba.net/thread-21989211-1-1.html

大家帮忙下 - 2009-6-9 13:06:00

[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[PID: 6060 / Administrator][E:\迅雷5\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.9.662]
[E:\迅雷5\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\迅雷5\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 10, 73]
[E:\迅雷5\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 4, 2, 333]
[E:\迅雷5\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[E:\迅雷5\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 3, 2, 32]
[E:\迅雷5\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\迅雷5\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[E:\迅雷5\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
[E:\迅雷5\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30]
[E:\迅雷5\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 27]
[E:\迅雷5\Program\zlib1.dll] [, 1.2.3]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[E:\迅雷5\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 59]
[E:\迅雷5\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
[E:\迅雷5\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 42]
[E:\迅雷5\Program\ptl.dll] [Thunder Networking Technologies,LTD, 3, 2, 2, 55]
[E:\迅雷5\Program\dl_peer_id.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 4]
[E:\迅雷5\Program\xl_stat.dll] [, 1, 0, 2, 7]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[E:\迅雷5\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.3492 (xpsp_sp2_gdr.081212-1610)]
[C:\WINDOWS\system\VchE7.tmp] [N/A, ]
[C:\WINDOWS\system\Vch1.tmp] [N/A, ]
[C:\WINDOWS\system\Vch3.tmp] [N/A, ]
[E:\瑞星杀毒\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74]
[E:\迅雷5\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1,1,2,13]
[E:\迅雷5\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,48]
[E:\迅雷5\Program\xldc.dll] [Thunder Networking Technologies,LTD, 4, 0, 2, 28]
[E:\迅雷5\Program\stream.dll] [ShenZhen Thunder Networking Technologies,Ltd., 2, 1, 2, 1046]
[E:\迅雷5\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1,1,2,18]
[E:\迅雷5\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,31]
[E:\迅雷5\Program\media_data.dll] [, 1, 0, 2, 7]
[E:\迅雷5\Program\sl.dll] [Thunder Networking Technologies,LTD, 1.0.2.2]
[E:\迅雷5\Program\p2sp_pd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[E:\迅雷5\Components\InMedia\iEmbedShell.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125]
[E:\迅雷5\Components\InMedia\iEmbed22.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125]
[E:\迅雷5\Components\InMedia\XLIPC.DLL] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[E:\迅雷5\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[E:\迅雷5\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 6, 0, 104]
[E:\迅雷5\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[E:\迅雷5\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\迅雷5\Program\XLNetU.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
[E:\迅雷5\Program\imdt.dll] [Thunder Networking Technologies,LTD, 1.2.0.21]
[E:\迅雷5\Components\Security\ThunderSafe.dll] [Xunlei Networking Technologies,LTD, 2, 1, 8, 106]
[E:\迅雷5\Components\Security\ConfigManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
[E:\迅雷5\Components\Security\SafeManager.dll] [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
[E:\迅雷5\Components\Security\SafeStatistic.dll] [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]
[E:\迅雷5\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 2, 19, 106]
[E:\迅雷5\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
[E:\迅雷5\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
[E:\迅雷5\Plugins\NetGame\XLNetGame.dll] [, 1, 0, 0, 2]
[E:\迅雷5\Components\XLSoftBase\DrThunderHost.dll] [深圳市迅雷网络技术有限公司, 1.0.0.17]
[E:\迅雷5\Components\XLSoftBase\DrKernel.dll] [深圳市迅雷网络技术有限公司, 1.0.0.8]
[E:\迅雷5\Components\XLSoftBase\DrSoftIdentifier.dll] [深圳市迅雷网络技术有限公司, 1.0.0.10]
[E:\迅雷5\Components\XLSoftBase\DrUpdate.dll] [深圳市迅雷网络技术有限公司, 1.1.0.8]
[E:\迅雷5\Program\xldcsubtask.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
[E:\迅雷5\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 26]
[E:\迅雷5\Components\InMedia\MediaAddin19.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 1, 7, 82]
[E:\迅雷5\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 3, 0, 2, 131]
[E:\迅雷5\Components\Tips\XLSkin.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[E:\迅雷5\Program\emule_id.dll] [, 1, 0, 2, 12]
[E:\迅雷5\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 4, 0, 0, 38]
[E:\迅雷5\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
[E:\迅雷5\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 30]
[E:\迅雷5\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[E:\迅雷5\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
[E:\迅雷5\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[E:\迅雷5\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 20]
[PID: 5016 / Administrator][F:\不好\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[PID: 5984 / Administrator][F:\不好\sreng2\SREf678ddc3.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[F:\不好\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\EN7hzSreCat8.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 352, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 352, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1428, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1428, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4004, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 272, D:\CTFMEN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 272, D:\CTFMEN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1120, C:\WINDOWS\SYSTEM32\DRIVERS\TXP1ATFORM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1120, C:\WINDOWS\SYSTEM32\DRIVERS\TXP1ATFORM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2616, C:\PROGRAM FILES\GRIDSERVICE\PEERADAPTER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2616, C:\PROGRAM FILES\GRIDSERVICE\PEERADAPTER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5016, F:\不好\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5016, F:\不好\SRENG2\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

帅哥阿福 - 2009-6-9 13:10:00

COMRes.dll文件被修改，从其他同版本操作系统上，复制此文件，覆盖到本机
下载文件批量提取工具提取下面文件
http://bbs.ikaka.com/attachment.aspx?attachmentid=486266
C:\WINDOWS\system32\drivers\TXP1atform.exe
C:\WINDOWS\system\ming9b090423.exe
C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon
C:\WINDOWS\system32\EN7hzSreCat8.dll
C:\WINDOWS\system32\efc0c52cc1.dll
C:\WINDOWS\system32\DcXb7abe.dll
C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll
C:\WINDOWS\system32\JBn2ypqY23vWX.dll
C:\WINDOWS\system32\76B9BA7A.dll
C:\WINDOWS\system32\hhnt2pBK.dll
C:\WINDOWS\system32\A0C86020.dll
C:\WINDOWS\system32\08223B03.dl
C:\WINDOWS\system32\704C3595.dl
C:\WINDOWS\system32\UnsrA8Hec.dll
C:\WINDOWS\system32\taNjsFa2tT2Dh.dll
C:\WINDOWS\system32\BMsg6pdMD4ht.dll
C:\WINDOWS\system32\dhDhwS7fFW.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\uXrgQ8ZEp.dl
C:\WINDOWS\system32\CDuAUVkGy9.dll
C:\WINDOWS\system32\t44y9a553NQ.dll
C:\WINDOWS\system32\ufQCU5.dll
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\fonts\uXUsF2RrQy.fon
C:\WINDOWS\system32\wrGwvaDRB6M.dll
C:\WINDOWS\fonts\rsR933gQXyUh.fon
C:\WINDOWS\system32\VnTU2WAqUcZA6.dll
C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon
C:\WINDOWS\system32\mR7Sg4vSx5TR.dl
system32\drivers\zgvlh.sys
C:\WINDOWS\system32\drivers\klan.sys
C:\Program Files\Internet Explorer\002.tmp
C:\WINDOWS\e20fc07d.dat
C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\java\classes\CLIPORV.DLL
C:\WINDOWS\system32\EN7hzSreCat8.dll
[C:\WINDOWS\system32\efc0c52cc1.dll] [N/A, ]
[C:\WINDOWS\system32\DcXb7abe.dll] [N/A, ]
[C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll] [N/A, ]
[C:\WINDOWS\system32\JBn2ypqY23vWX.dll] [N/A, ]
[C:\WINDOWS\system32\76B9BA7A.dll] [N/A, ]
[C:\WINDOWS\system32\hhnt2pBK.dll] [N/A, ]
[C:\WINDOWS\system32\A0C86020.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\UnsrA8Hec.dll] [N/A, ]
[C:\WINDOWS\system32\taNjsFa2tT2Dh.dll] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\system32\E4814792.dll] [N/A, ]
[C:\WINDOWS\system32\uXrgQ8ZEp.dll] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\t44y9a553NQ.dll] [N/A, ]
[C:\WINDOWS\system32\ufQCU5.dll] [N/A, ]
[C:\WINDOWS\system32\122B901E.dll] [N/A, ]
[C:\WINDOWS\fonts\uXUsF2RrQy.fon] [N/A, ]
[C:\WINDOWS\system32\wrGwvaDRB6M.dll] [N/A, ]
[C:\WINDOWS\fonts\rsR933gQXyUh.fon] [N/A, ]
[C:\WINDOWS\system32\VnTU2WAqUcZA6.dll] [N/A, ]
[C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon] [N/A, ]
[C:\WINDOWS\system32\mR7Sg4vSx5TR.dll] [N/A, ]
[c:\windows\system32\appmgmts.dll] [N/A, ]

上传病毒样本到可疑文件交流区，地址为：http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx

删除注册表键值HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

夲號ヱ被ジ盜 - 2009-6-9 13:12:00

MS有感染型:kaka11:
你下载后运行
都有一定的危险
系统文件被破坏
【先运行第一个，再重启运行第二个】
http://cu003.www.duba.net/duba/tools/dubatools/install.exe
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
先下载，然后断网
第一个是自动的
第二个用法：全NEXT安装
然后全打钩点Scan

momodi1 - 2009-6-9 13:17:00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 是不是映像劫持把所有的杀毒的都给劫持了。删除此项杀毒应该OK

夲號ヱ被ジ盜 - 2009-6-9 13:22:00

手动：XDelBox删除：（复制进去）附件有说明
C:\WINDOWS\8system32\drivers\TXP1atform.exe【Win32.BMW可疑】

C:\WINDOWS\8system32\drivers\TXP1atform.exe
C:\WINDOWS\system\ming9b090423.exe
E:\瑞星杀毒\Rising\Rav\RsTray.exe
E:\瑞星防火墙\Rising\RFW\RsTray.exe
C:\Program Files\GridService\peer.exe
E:\超级兔子\MagicSet\SRFC.EXE
C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon
C:\WINDOWS\system32\EN7hzSreCat8.dll
C:\WINDOWS\system32\efc0c52cc1.dll
C:\WINDOWS\system32\DcXb7abe.dll
C:\WINDOWS\system32\b4QcUJ5wmqh8wJCk.dll
C:\WINDOWS\system32\JBn2ypqY23vWX.dll
C:\WINDOWS\system32\76B9BA7A.dll
C:\WINDOWS\system32\hhnt2pBK.dll
C:\WINDOWS\system32\A0C86020.dll
C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\704C3595.dll
C:\WINDOWS\system32\UnsrA8Hec.dll
C:\WINDOWS\system32\taNjsFa2tT2Dh.dll
C:\WINDOWS\system32\BMsg6pdMD4ht.dll
C:\WINDOWS\system32\dhDhwS7fFW.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\uXrgQ8ZEp.dll
C:\WINDOWS\system32\CDuAUVkGy9.dll
C:\WINDOWS\system32\t44y9a553NQ.dll
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\fonts\uXUsF2RrQy.fon
C:\WINDOWS\system32\wrGwvaDRB6M.dll
C:\WINDOWS\fonts\rsR933gQXyUh.fon
C:\WINDOWS\system32\VnTU2WAqUcZA6.dll
C:\WINDOWS\fonts\z9gNwvuVDpyQqHSu.fon
C:\WINDOWS\system32\mR7Sg4vSx5TR.dll
E:\瑞星杀毒\Rising\Rav\CCENTER.EXE
E:\瑞星杀毒\Rising\Rav\RavTask.exe
E:\瑞星防火墙\Rising\RFW\CCENTER.EXE
E:\瑞星防火墙\Rising\RFW\rfwsrv.exe
E:\瑞星防火墙\Rising\RFW\RavTask.exe
E:\瑞星杀毒\Rising\Rav\ScanFrm.exe
C:\wINDOWS\system32\DRIVERS\k750bus.sys
C:\wINDOWS\system32\DRIVERS\k750mdfl.sys
C:\wINDOWS\system32\DRIVERS\k750mdm.sys
C:\wINDOWS\system32\DRIVERS\k750mgmt.sys
C:\wINDOWS\system32\DRIVERS\k750obex.sys
C:\WINDOWS\system32\drivers\klan.sys
C:\Program Files\Internet Explorer\002.tmp
C:\WINDOWS\e20fc07d.dat
C:\WINDOWS\system32\TesDrvPt.sys
C:\WINDOWS\system32\TesSafe.sys
用资源管理器先将C:\windows\system32\Comres.dll改名【什么都行】
然后用资源管理器到C:\windows\system32\dllcache找到Comres.dll
覆盖到C:\windows\system32\
异常
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Infected) Microsoft Corporation]
这个被感染
你应该找个正常的替换
也是用资源管理器覆盖到C:\windows\system32\

附件: userinit.rar

附件: XDelBox.rar

夲號ヱ被ジ盜 - 2009-6-9 13:24:00

引用:

原帖由 momodi1 于 2009-6-9 13:17:00 发表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 是不是映像劫持把所有的杀毒的都给劫持了。删除此项杀毒应该OK

OK不了
真杀的话
这些怎么办：
Userinit.exe【想让LZ进不去系统？】
Comres.dll【晕死】

大家帮忙下 - 2009-6-9 13:28:00

我快疯了，我到底改怎么办啊，我哥回来我就死了。

夲號ヱ被ジ盜 - 2009-6-9 13:30:00

不是给你回了？
手动删除不会看这个
不保证杀了后系统能正常稳定运行
MS有感染型

有显示infected的
你下载后运行
都有一定的危险
系统文件被破坏
【先运行第一个，再重启运行第二个】
http://cu003.www.duba.net/duba/tools/dubatools/install.exe
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
先下载，然后断网
第一个是自动的
第二个用法：全NEXT安装
然后全打钩点Scan

大家帮忙下 - 2009-6-9 15:18:00

夲號ヱ被ジ盜谢谢你了哈，
我杀了394个木马，我在把日志发上来你帮我查哈有毒行不行？

大家帮忙下 - 2009-6-9 18:02:00

系统全面崩溃.

瑞星卡卡安全论坛