格式化完了还有 什么360都不行 杀毒软件装了能自动卸 要不就是破坏安装文件 已经格式化N次了,小弟哭死.要不系统装好了就崩溃.有时候连GHOST程序也破坏.安装其他软件也出问题.严重时候上网都不行.看症状和磁碟机很象.可是没有找到类似生成的文件.头一次遇到这样问题. 还有在线查毒也不能用.

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

===============================================================================
刚借了新硬盘,低级格式化重装,正版光盘瑞星,还是老样子,杀毒软件无法安装,防火墙安装后无法启动.系统越来越慢,然后蓝屏,重起后系统文件丢失,无法进入.

然后换了根以前的老条子。问题全部解决.

也不知道是不是条子兼容不好,个人条件能力有限无法验证.不是看了下,条子是2004.2月买的.一直在使用.以前没有出现过类似现象,不知道为什么现在发疯/而且遇到的种种症状和中毒一样.尤其是象磁碟机和橙色八月.

                      提醒大家遇到问题多想想.

2008-01-30,02:29:43

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(bgswitch)(C:\WINDOWS\system32\bgswitch.exe) []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher]
(SoundMan)(SOUNDMAN.EXE) [(Verified)Microsoft Windows Publisher]
(runeip)("C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup) [Beijing Rising Technology Co., Ltd.]
(360Safetray)(C:\Program Files\360safe\safemon\360tray.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(KKDelay)(C:\Program Files\Rising\AntiSpyware\RunOnce.exe) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A})(C:\WINDOWS\system32\shlhook.dll) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [N/A]




--------------------------------------------------------------------------------



启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Help and Support / helpsvc][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll)(N/A)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)

驱动程序

[2310_00 / 2310_00][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\2310_00.sys)(HighPoint Technologies, Inc.)
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3WAREDRV.SYS)(N/A)
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3waregsm.sys)(N/A)
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3WDRV100.SYS)(N/A)
[A320RAID / A320RAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\a320raid.sys)(Adaptec, Inc.)
[AAC / AAC][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aac.sys)(Adaptec, Inc.)
[AACSAS / AACSAS][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aacsas.sys)(Adaptec, Inc.)
[AAR81XX / AAR81XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aar81xx.sys)(Adaptec, Inc.)
[AARSI3X / AARSI3X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aarsi3x.sys)(Adaptec, Inc.)
[ADP94XX / ADP94XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\adp94xx.sys)(Adaptec, Inc.)
[adpu160m / adpu160m][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\adpu160m.sys)(Microsoft Corporation)
[ADPU320 / ADPU320][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\adpu320.sys)(Adaptec, Inc.)
[AEC6210 / AEC6210][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6210.sys)(ACARD Technology Corp.)
[AEC6260 / AEC6260][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6260.sys)(ACARD Technology Corp.)
[AEC6280 / AEC6280][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6280.sys)(ACARD Technology Corp.)
[AEC67160 / AEC67160][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec67160.sys)(ACARD Technology Corp.)
[AEC67162 / AEC67162][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec67162.sys)(ACARD Technology Corp.)
[AEC671X / AEC671X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\AEC671X.sys)(ACARD Technology Corp.)
[AEC6880 / AEC6880][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\AEC6880.sys)(ACARD Technology Corp.)
[AEC6897 / AEC6897][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6897.sys)(ACARD Technology Corp.)
[AEC68X5 / AEC68X5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec68x5.sys)(ACARD Technology Corp.)
[aic78u2 / aic78u2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aic78u2.sys)(Microsoft Corporation)
[aic78xx / aic78xx][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aic78xx.sys)(Microsoft Corporation)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\arcm_x86.sys)(ARECA Technology Corporation)
[asc / asc][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\asc.sys)(Advanced System Products, Inc.)
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\bchtsw32.sys)(Broadcom Corporation)
[buslogic / buslogic][Stopped/Boot Start]
(\SystemRoot\System32\bird\buslogic.sys)(Microsoft Corporation)
[CDA1000 / CDA1000][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cda1000.sys)(Adaptec, Inc.)
[CmdIde / CmdIde][Running/Boot Start]
(\SystemRoot\System32\BIRD\cmdide.sys)(CMD Technology, Inc.)
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cpqarry2.sys)(Compaq Computer Corporation)
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cpqcissm.sys)(Hewlett-Packard Company)
[CSB6IDE / CSB6IDE][Running/Boot Start]
(\SystemRoot\System32\BIRD\csb6ide.sys)(ServerWorks Corporation)
[dac2w2k / dac2w2k][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dac2w2k.sys)(Mylex Corporation)
[DMX3191 / DMX3191][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\DMX3191.sys)(Microsoft Corporation)
[DMX3194 / DMX3194][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dmx3194.sys)(Microsoft Corporation)
[dpti2o / dpti2o][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dpti2o.sys)(Microsoft Corporation)
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dptscsi.sys)(Distributed Processing Technology Corp.)
[FASTSX / FASTSX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fastsx.sys)(Promise Technology, Inc.)
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fasttrak.sys)(Promise Technology, Inc.)
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fasttx2k.sys)(Promise Technology, Inc.)
[fd16_700 / fd16_700][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fd16_700.sys)(Microsoft Corporation)
[fireport / fireport][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fireport.sys)(Microsoft Corporation)
[flashpnt / flashpnt][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\flashpnt.sys)(Mylex,Corp.)
[FT8300 / FT8300][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ft8300.sys)(Promise Technology, Inc.)
[FTSATA2 / FTSATA2][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\ftsata2.sys)(N/A)
[GD31244 / GD31244][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\gd31244.sys)(Intel Corporation)
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpcisss2.sys)(Hewlett-Packard Company)
[HPT371 / HPT371][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\HPT371.sys)(HighPoint Technologies, Inc.)
[HPT374 / HPT374][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpt374.sys)(HighPoint Technologies, Inc.)
[HPT3XX / HPT3XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpt3xx.sys)(HighPoint Technologies, Inc.)
[IASTOR / IASTOR][Running/Boot Start]
(\SystemRoot\System32\BIRD\iaStor.sys)(Intel Corporation)
[IFT2000 / IFT2000][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ift2000.sys)(Infortrend Technology, Inc.)
[ini910u / ini910u][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ini910u.sys)(Microsoft Corporation)
[INIA100 / INIA100][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\INIA100.sys)(Initio corp.)
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ipsraidn.sys)(IBM Corporation)
[ITERAID / ITERAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\iteraid.sys)(Integrated Technology Express, Inc.)
[JRAID / JRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\JRAID.SYS)(JMicron Technology Corp.)
[M5228 / M5228][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5228.sys)(ALi Corporation.)
[M5281 / M5281][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5281.sys)(ALi Corporation)
[M5287 / M5287][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5287.sys)(ULi Electronics Inc.)
[M5288 / M5288][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5288.sys)(ULi Electronics Inc.)
[M5289 / M5289][Stopped/Boot Start]

(\SystemRoot\System32\BIRD\m5289.sys)(ULi Electronics Inc.)
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\MegaIDE.sys)(LSI Logic Corporation.)
[mraid35x / mraid35x][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\mraid35x.sys)(LSI Logic Corporation)
[NFRD960 / NFRD960][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\nfrd960.sys)(IBM Corporation)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[NVATABUS / NVATABUS][Running/Boot Start]
(\SystemRoot\System32\BIRD\NVATABUS.SYS)(NVIDIA Corporation)
[NVRAID / NVRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\NVRAID.SYS)(NVIDIA Corporation)
[perc2 / perc2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\perc2.sys)(Adaptec, Inc.)
[PNP649R / PNP649R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp649r.sys)(CMD Technology, Inc.)
[PNP680 / PNP680][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp680.sys)(Silicon Image, Inc.)
[PNP680R / PNP680R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp680r.sys)(Silicon Image, Inc)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[ql1080 / ql1080][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql1080.sys)(QLogic Corporation)
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql10wnt.sys)(Microsoft Corporation)
[ql12160 / ql12160][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql12160.sys)(QLogic Corporation)
[ql1280 / ql1280][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql1280.sys)(QLogic Corporation)
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\raidsrc.sys)(Intel/ICP)
[RR232X / RR232X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\rr232x.sys)(HighPoint Technologies, Inc.)
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising Technology Co., Ltd.)
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
(system32\DRIVERS\Rtlnicxp.sys)(Realtek Semiconductor Corporation)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[S150SX8 / S150SX8][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\S150sx8.sys)(Promise Technology, Inc.)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
[SI3112 / SI3112][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3112.sys)(Silicon Image, Inc.)
[SI3112R / SI3112R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3112r.sys)(Silicon Image, Inc)
[SI3114 / SI3114][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3114.sys)(Silicon Image, Inc.)
[SI3114R / SI3114R][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3114R.sys)(Silicon Image, Inc)
[SI3114R5 / SI3114R5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Si3114r5.sys)(Silicon Image, Inc)
[SI3124 / SI3124][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3124.sys)(Silicon Image, Inc.)
[SI3124R / SI3124R][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3124R.sys)(Silicon Image, Inc)
[SI3124R5 / SI3124R5][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys)(Silicon Image, Inc)
[SI3132 / SI3132][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3132.sys)(Silicon Image, Inc.)
[SI3132R5 / SI3132R5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Si3132r5.sys)(Silicon Image, Inc)
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\sisagp.sys)(Silicon Integrated Systems Corporation)
[SISRAID / SISRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid.sys)(Silicon Integrated Systems)
[SISRAID2 / SISRAID2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid2.sys)(Silicon Integrated Systems Corp)
[SISRAID4 / SISRAID4][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid4.sys)(Silicon Integrated Systems)
[SPTRAK / SPTRAK][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sptrak.sys)(Promise Technology, Inc.)
[ST8350 / ST8350][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\st8350.sys)(Promise Technology, Inc.)
[symc810 / symc810][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symc810.sys)(Symbios Logic Inc.)
[symc8xx / symc8xx][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symc8xx.sys)(LSI Logic)
[SYMMPI / SYMMPI][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symmpi.sys)(LSI Logic)
[sym_hi / sym_hi][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sym_hi.sys)(LSI Logic)
[sym_u3 / sym_u3][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sym_u3.sys)(LSI Logic)
[TRM3X5 / TRM3X5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\trm3x5.sys)(Tekram Technology Co., Ltd.)
[ULSATA / ULSATA][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ulsata.sys)(Promise Technology, Inc.)
[ULSATA2 / ULSATA2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ulsata2.sys)(Promise Technology, Inc.)
[ULTIMA / ULTIMA][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Ultima.sys)(Aralion INC.)
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\UltimaRX.sys)(Aralion INC.)
[ultra / ultra][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ultra.sys)(Promise Technology, Inc.)
[VIA AGP Filter / viaagp1][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\viaagp1.sys)(VIA Technologies, Inc.)
[ViaIde / ViaIde][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\viaidexp.sys)(VIA Technologies, Inc.)
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\viamraid.sys)(VIA Technologies inc,.ltd)
[W2KADV / W2KADV][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\w2kadv.sys)(ConnectCom Solutions, Inc.)
[WD7296A / WD7296A][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\wd7296a.sys)(Western Digital Corporation)

浏览器加载项

[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, 奇虎网)
[JUJU猫]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (http://www.jujumao.com, N/A)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (C:\Program Files\Tencent\QQ\QQ.EXE, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[KVFileUpdate Class]
{CA234A53-E68D-44D5-A07C-481C051D0C7B} (C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd)
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.)
[KvCoVirus Class]
{518D171D-CF41-4EA0-B0E0-ECBA5AA84126} (C:\WINDOWS\KVDownScan\WebScan\virusbox.dll, Jiangmin Co.Ltd)
[KvOLScan Control]
{6E0D0002-DC95-4405-8F9E-9FB1EA80AEDE} (C:\WINDOWS\KVDOWN~1\WebScan\kvKill.ocx, Jiangmin Co.)
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} (C:\Program Files\360safe\live.dll, 360safe.com)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, 奇虎网)
[KVFileUpdate Class]
{CA234A53-E68D-44D5-A07C-481C051D0C7B} (C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.)
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\QQ\SendMMS.htm, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 416 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 900 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1196 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1344 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 1508 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.34]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1536 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1676 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 740 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1228 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost
; 1*********以下内容为360安全卫士为免疫机器狗木马病毒所添加******************
127.0.0.1 yu.8s7.net
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.177dvd.cn
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
; *********结束******************



--------------------------------------------------------------------------------



进程特权扫描

N/A



--------------------------------------------------------------------------------



API HOOK

GetVersion (危险等级: 一般, 被下面模块所HOOK: )
GetVersionExW (危险等级: 一般, 被下面模块所HOOK: )
DeleteFileW (危险等级: 高, 被下面模块所HOOK: )
FindFirstFileExW (危险等级: 高, 被下面模块所HOOK: )
TerminateThread (危险等级: 高, 被下面模块所HOOK: )
FindFirstChangeNotificationW (危险等级: 高, 被下面模块所HOOK: )
GetCurrentProcess (危险等级: 一般, 被下面模块所HOOK: )
GetCurrentProcessId (危险等级: 一般, 被下面模块所HOOK: )
GetCurrentThread (危险等级: 一般, 被下面模块所HOOK: )
GetCurrentThreadId (危险等级: 一般, 被下面模块所HOOK: )
GetFileSizeEx (危险等级: 一般, 被下面模块所HOOK: )
GetFileInformationByHandle (危险等级: 一般, 被下面模块所HOOK: )
GetFileAttributesW (危险等级: 一般, 被下面模块所HOOK: )
OpenProcess (危险等级: 高, 被下面模块所HOOK: )
OpenThread (危险等级: 高, 被下面模块所HOOK: )



--------------------------------------------------------------------------------



隐藏进程

N/A



--------------------------------------------------------------------------------

各种杀毒软件下载后安装文件都被破坏,连迅雷都不行.这次是重装后症状最轻的了。除了杀毒不能装,别的还好.上面的文件都更新过了.

我就想不明白，为什么你的驱动都装在SYSTEM32下的BIRD里？？？

我也不知道啊 装了系统就这样啊。有办法解决吗？

怀疑日志扫描异常，重扫个日志以附件形式发来。