查看: 2604|回复: 16
收起左侧

[求助] 机子中毒了 看看我的日志 谢谢

 关闭 [复制链接]
lxlyn
发表于 2011-3-18 11:09:09 | 显示全部楼层 |阅读模式
单位电脑中毒了 帮忙看看日志 System Repair Engineer   谢谢
附件传不上去呢

  1. 2011-03-18,10:05:09
  2. System Repair Engineer 2.8.4.1331
  3. Smallfrogs ([url=http://www.KZTechs.com]http://www.KZTechs.com[/url])
  4. Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  5. 以下内容被选中:
  6.     所有的启动项目(包括注册表、启动文件夹、服务等)
  7.     浏览器加载项
  8.     正在运行的进程(包括进程模块信息)
  9.     文件关联
  10.     Winsock 提供者
  11.     Autorun.inf
  12.     HOSTS 文件
  13.     进程特权扫描
  14.     计划任务
  15.     Windows 安全更新检查
  16.     API HOOK
  17.     隐藏进程

  18. 启动项目
  19. 注册表
  20. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  21.     <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  22.     <wsctf.exe><wsctf.exe>  [N/A]
  23.     <360sd><"C:\Program Files\360\360sd\360sd.exe" /autorun>  [(Verified)Qizhi Software (beijing) Co. Ltd]
  24. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  25.     <load><>  [N/A]
  26.     <run><>  [N/A]
  27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  28.     <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
  29.     <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
  30.     <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
  31.     <C99853><C:\WINDOWS\system32\2890C3\C99853.EXE>  [File is missing]
  32.     <WSVCHO><C:\WINDOWS\system\svhost.exe>  [File is missing]
  33.     <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
  34.     <UserFaultCheck><%systemroot%\system32\dumprep 0 -u>  [File is missing]
  35.     <High Definition Audio Property Page Shortcut><; HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
  36.     <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
  37.     <OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
  38.     <S3Trayp><; S3trayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  39.     <SkDaemond><; C:\Program Files\联想\联想标准键盘驱动\SkDaemond.exe>  []
  40.     <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
  41.     <SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  42.     <VTTimer><; VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  43. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  44.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  45.     <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
  46. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  47.     <AppInit_DLLs><>  [N/A]
  48. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  49.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  51.     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
  52.     <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [File is missing]
  53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  54.     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  55.     <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
  56.     <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
  57.     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
  58. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  59.     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
  60. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  61.     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
  62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  63.     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  65.     <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  67.     <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  68. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  69.     <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
  70. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  71.     <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
  72. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  73.     <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  74. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  75.     <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  76. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  77.     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  78.     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
  79. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  80.     <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
  81. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  82.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
  83. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  84.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\aetsprov]
  86.     <N/A><C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\aetsprov.dll>  [File is missing]
  87. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  88.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  89. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  90.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
  91. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  92.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
  93. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  94.     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
  95. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  96.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
  97. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  98.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
  99. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  100.     <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
  101. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  102.     <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
  103. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  104.     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
  105. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
  106.     <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
  107. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
  108.     <IFEO[360rpt.exe]><ntsd -d>  [N/A]
  109. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
  110.     <IFEO[360safe.exe]><ntsd -d>  [N/A]
  111. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
  112.     <IFEO[360safebox.exe]><ntsd -d>  [N/A]
  113. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
  114.     <IFEO[360tray.exe]><ntsd -d>  [N/A]
  115. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
  116.     <IFEO[agentsvr.exe]><ntsd -d>  [N/A]
  117. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
  118.     <IFEO[apvxdwin.exe]><ntsd -d>  [N/A]
  119. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
  120.     <IFEO[ast.exe]><ntsd -d>  [N/A]
  121. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
  122.     <IFEO[avcenter.exe]><ntsd -d>  [N/A]
  123. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
  124.     <IFEO[avengine.exe]><ntsd -d>  [N/A]
  125. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
  126.     <IFEO[avgnt.exe]><ntsd -d>  [N/A]
  127. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
  128.     <IFEO[avguard.exe]><ntsd -d>  [N/A]
  129. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
  130.     <IFEO[avltmain.exe]><ntsd -d>  [N/A]
  131. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
  132.     <IFEO[avp32.exe]><ntsd -d>  [N/A]
  133. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe]
  134.     <IFEO[avtask.exe]><ntsd -d>  [N/A]
  135. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
  136.     <IFEO[bdagent.exe]><ntsd -d>  [N/A]
  137. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe]
  138.     <IFEO[bdwizreg.exe]><ntsd -d>  [N/A]
  139. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
  140.     <IFEO[boxmod.exe]><ntsd -d>  [N/A]
  141. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
  142.     <IFEO[ccapp.exe]><ntsd -d>  [N/A]
  143. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe]
  144.     <IFEO[ccenter.exe]><ntsd -d>  [N/A]
  145. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
  146.     <IFEO[ccevtmgr.exe]><ntsd -d>  [N/A]
  147. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe]
  148.     <IFEO[ccregvfy.exe]><ntsd -d>  [N/A]
  149. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
  150.     <IFEO[ccsetmgr.exe]><ntsd -d>  [N/A]
  151. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
  152.     <IFEO[cqw32.exe]><ntsd -d>  [N/A]
  153. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
  154.     <IFEO[DrvAnti.exe]><ntsd -d>  [N/A]
  155. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
  156.     <IFEO[egui.exe]><ntsd -d>  [N/A]
  157. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
  158.     <IFEO[ekrn.exe]><ntsd -d>  [N/A]
  159. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
  160.     <IFEO[enc98.EXE]><ntsd -d>  [N/A]
  161. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe]
  162.     <IFEO[extdb.exe]><ntsd -d>  [N/A]
  163. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe]
  164.     <IFEO[frameworkservice.exe]><ntsd -d>  [N/A]
  165. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe]
  166.     <IFEO[frwstub.exe]><ntsd -d>  [N/A]
  167. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe]
  168.     <IFEO[guardfield.exe]><ntsd -d>  [N/A]
  169. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe]
  170.     <IFEO[iparmor.exe]><ntsd -d>  [N/A]
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
  172.     <IFEO[kaccore.exe]><ntsd -d>  [N/A]
  173. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe]
  174.     <IFEO[kasmain.exe]><ntsd -d>  [N/A]
  175. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
  176.     <IFEO[kav32.exe]><ntsd -d>  [N/A]
  177. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
  178.     <IFEO[kavstart.exe]><ntsd -d>  [N/A]
  179. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
  180.     <IFEO[kavsvc.exe]><ntsd -d>  [N/A]
  181. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvcui.exe]
  182.     <IFEO[kavsvcui.exe]><ntsd -d>  [N/A]
  183. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe]
  184.     <IFEO[kislnchr.exe]><ntsd -d>  [N/A]
  185. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
  186.     <IFEO[kissvc.exe]><ntsd -d>  [N/A]
  187. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
  188.     <IFEO[kmailmon.exe]><ntsd -d>  [N/A]
  189. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe]
  190.     <IFEO[knownsvr.exe]><ntsd -d>  [N/A]
  191. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
  192.     <IFEO[kpfw32.exe]><ntsd -d>  [N/A]
  193. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
  194.     <IFEO[kpfwsvc.exe]><ntsd -d>  [N/A]
  195. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe]
  196.     <IFEO[kregex.exe]><ntsd -d>  [N/A]
  197. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe]
  198.     <IFEO[kvfw.exe]><ntsd -d>  [N/A]
  199. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe]
  200.     <IFEO[kvmonxp.exe]><ntsd -d>  [N/A]
  201. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp]
  202.     <IFEO[kvmonxp.kxp]><ntsd -d>  [N/A]
  203. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
  204.     <IFEO[kvol.exe]><ntsd -d>  [N/A]
  205. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
  206.     <IFEO[kvprescan.exe]><ntsd -d>  [N/A]
  207. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe]
  208.     <IFEO[kvsrvxp.exe]><ntsd -d>  [N/A]
  209. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
  210.     <IFEO[kvwsc.exe]><ntsd -d>  [N/A]
  211. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp]
  212.     <IFEO[kvxp.kxp]><ntsd -d>  [N/A]
  213. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
  214.     <IFEO[kwatch.exe]><ntsd -d>  [N/A]
  215. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
  216.     <IFEO[livesrv.exe]><ntsd -d>  [N/A]
  217. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
  218.     <IFEO[mcagent.exe]><ntsd -d>  [N/A]
  219. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe]
  220.     <IFEO[mcdash.exe]><ntsd -d>  [N/A]
  221. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe]
  222.     <IFEO[mcdetect.exe]><ntsd -d>  [N/A]
  223. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
  224.     <IFEO[mcshield.exe]><ntsd -d>  [N/A]
  225. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
  226.     <IFEO[mctskshd.exe]><ntsd -d>  [N/A]
  227. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe]
  228.     <IFEO[mcvsescn.exe]><ntsd -d>  [N/A]
  229. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
  230.     <IFEO[mcvsshld.exe]><ntsd -d>  [N/A]
  231. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
  232.     <IFEO[mghtml.exe]><ntsd -d>  [N/A]
  233. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe]
  234.     <IFEO[naprdmgr.exe]><ntsd -d>  [N/A]
  235. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
  236.     <IFEO[navapsvc.exe]><ntsd -d>  [N/A]
  237. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
  238.     <IFEO[navapw32.exe]><ntsd -d>  [N/A]
  239. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe]
  240.     <IFEO[navw32.exe]><ntsd -d>  [N/A]
  241. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe]
  242.     <IFEO[nmain.exe]><ntsd -d>  [N/A]
  243. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
  244.     <IFEO[nod32.exe]><ntsd -d>  [N/A]
  245. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
  246.     <IFEO[nod32krn.exe]><ntsd -d>  [N/A]
  247. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
  248.     <IFEO[nod32kui.exe]><ntsd -d>  [N/A]
  249. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe]
  250.     <IFEO[npfmntor.exe]><ntsd -d>  [N/A]
  251. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe]
  252.     <IFEO[oasclnt.exe]><ntsd -d>  [N/A]
  253. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe]
  254.     <IFEO[pavsrv51.exe]><ntsd -d>  [N/A]
  255. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe]
  256.     <IFEO[pfw.exe]><ntsd -d>  [N/A]
  257. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe]
  258.     <IFEO[psctrls.exe]><ntsd -d>  [N/A]
  259. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe]
  260.     <IFEO[psimreal.exe]><ntsd -d>  [N/A]
  261. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe]
  262.     <IFEO[psimsvc.exe]><ntsd -d>  [N/A]
  263. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe]
  264.     <IFEO[qqdoctormain.exe]><ntsd -d>  [N/A]
  265. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
  266.     <IFEO[ras.exe]><ntsd -d>  [N/A]
  267. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe]
  268.     <IFEO[ravmon.exe]><ntsd -d>  [N/A]
  269. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe]
  270.     <IFEO[ravmond.exe]><ntsd -d>  [N/A]
  271. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe]
  272.     <IFEO[ravstub.exe]><ntsd -d>  [N/A]
  273. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe]
  274.     <IFEO[ravtask.exe]><ntsd -d>  [N/A]
  275. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
  276.     <IFEO[rfwcfg.exe]><ntsd -d>  [N/A]
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
  278.     <IFEO[rfwmain.exe]><ntsd -d>  [N/A]
  279. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
  280.     <IFEO[rfwproxy.exe]><ntsd -d>  [N/A]
  281. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
  282.     <IFEO[rfwsrv.exe]><ntsd -d>  [N/A]
  283. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe]
  284.     <IFEO[rsagent.exe]><ntsd -d>  [N/A]
  285. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe]
  286.     <IFEO[rsmain.exe]><ntsd -d>  [N/A]
  287. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
  288.     <IFEO[rsnetsvr.exe]><ntsd -d>  [N/A]
  289. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
  290.     <IFEO[rssafety.exe]><ntsd -d>  [N/A]
  291. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe]
  292.     <IFEO[rstray.exe]><ntsd -d>  [N/A]
  293. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe]
  294.     <IFEO[safebank.exe]><ntsd -d>  [N/A]
  295. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
  296.     <IFEO[safeboxtray.exe]><ntsd -d>  [N/A]
  297. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
  298.     <IFEO[scan32.exe]><ntsd -d>  [N/A]
  299. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe]
  300.     <IFEO[scanfrm.exe]><ntsd -d>  [N/A]
  301. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
  302.     <IFEO[sched.exe]><ntsd -d>  [N/A]
  303. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
  304.     <IFEO[seccenter.exe]><ntsd -d>  [N/A]
  305. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe]
  306.     <IFEO[secnotifier.exe]><ntsd -d>  [N/A]
  307. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe]
  308.     <IFEO[SetupLD.exe]><ntsd -d>  [N/A]
  309. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
  310.     <IFEO[shstat.exe]><ntsd -d>  [N/A]
  311. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe]
  312.     <IFEO[smartup.exe]><ntsd -d>  [N/A]
  313. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe]
  314.     <IFEO[sndsrvc.exe]><ntsd -d>  [N/A]
  315. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe]
  316.     <IFEO[spbbcsvc.exe]><ntsd -d>  [N/A]
  317. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
  318.     <IFEO[symlcsvc.exe]><ntsd -d>  [N/A]
  319. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe]
  320.     <IFEO[tbmon.exe]><ntsd -d>  [N/A]
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe]
  322.     <IFEO[uihost.exe]><ntsd -d>  [N/A]
  323. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe]
  324.     <IFEO[ulibcfg.exe]><ntsd -d>  [N/A]
  325. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe]
  326.     <IFEO[updaterui.exe]><ntsd -d>  [N/A]
  327. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe]
  328.     <IFEO[uplive.exe]><ntsd -d>  [N/A]
  329. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe]
  330.     <IFEO[vcr32.exe]><ntsd -d>  [N/A]
  331. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe]
  332.     <IFEO[vcrmon.exe]><ntsd -d>  [N/A]
  333. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
  334.     <IFEO[vptray.exe]><ntsd -d>  [N/A]
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
  336.     <IFEO[vsserv.exe]><ntsd -d>  [N/A]
  337. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
  338.     <IFEO[vstskmgr.exe]><ntsd -d>  [N/A]
  339. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe]
  340.     <IFEO[webproxy.exe]><ntsd -d>  [N/A]
  341. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
  342.     <IFEO[xcommsvr.exe]><ntsd -d>  [N/A]
  343. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe]
  344.     <IFEO[xnlscn.exe]><ntsd -d>  [N/A]
  345. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.]
  346.     <IFEO[修复工具.]><ntsd -d>  [N/A]
  347. [HKEY_CURRENT_USER\Control Panel\Desktop]
  348.     <SCRNSAVE.EXE><C:\WINDOWS\system32\RAVSS.SCR>  [Rising Corp.]
  349. ==================================
  350. 启动文件夹
  351. [   ]
  352.   <C:\Documents and Settings\Owner\「开始」菜单\程序\启动\   .lnk --> C:\WINDOWS\system32\XP-B9C99853.EXE [File is missing]><N>
  353. ==================================
  354. 服务
  355. [360 杀毒实时防护服务 / 360rp][Running/Auto Start]
  356.   <"C:\Program Files\360\360sd\360rp.exe"><360.cn>
  357. [6to4 / 6to4][Stopped/Auto Start]
  358.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\6to4.dll><N/A>
  359. [Application Management / AppMgmt][Stopped/Manual Start]
  360.   <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
  361. [Human Interface Device Access / HidServ][Stopped/Disabled]
  362.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  363. [Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
  364.   <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
  365. [Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  366.   <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
  367. [360 杀毒全盘扫描辅助服务 / scan][Stopped/Manual Start]
  368.   <C:\WINDOWS\System32\svchost.exe -k bdx-->C:\Program Files\360\360sd\Scan.dll><S.C. BitDefender S.R.L>
  369. ==================================
  370. 驱动程序
  371. [360SelfProtection / 360SelfProtection][Running/System Start]
  372.   <system32\drivers\360SelfProtection.sys><360安全中心>
  373. [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  374.   <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
  375. [AE Audio Service / AEAudio][Running/Manual Start]
  376.   <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
  377. [BAPIDRV / BAPIDRV][Running/System Start]
  378.   <\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS><360.cn>
  379. [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  380.   <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
  381. [bdfsfltr / bdfsfltr][Running/System Start]
  382.   <system32\DRIVERS\bdfsfltr.sys><BitDefender S.R.L. Bucharest, ROMANIA>
  383. [NVIDIA Compatible Windows Miniport Driver / cdralw][Stopped/Auto Start]
  384.   <system32\DRIVERS\nvmini.sys><N/A>
  385. [EfiSystemMon / EfiMon][Stopped/System Start]
  386.   <System32\Drivers\Efimon.sys><N/A>
  387. [usb Card Device / ft2kEnum][Running/Manual Start]
  388.   <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
  389. [USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  390.   <system32\DRIVERS\Chip_smc.sys><OEM>
  391. [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  392.   <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
  393. [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  394.   <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
  395. [HookPort / HookPort][Running/Boot Start]
  396.   <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
  397. [HookUrl / HookUrl][Running/Auto Start]
  398.   <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
  399. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  400.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  401. [SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  402.   <system32\DRIVERS\usbic2k.sys><OEM>
  403. [Rising  Rfwbase Driver / RfwBase][Running/System Start]
  404.   <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
  405. [RsFwDrv / RsFwDrv][Running/System Start]
  406.   <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
  407. [S3GIGP / S3GIGP][Running/Manual Start]
  408.   <system32\DRIVERS\S3gIGPm.sys><S3 Graphics Co., Ltd.>
  409. [Secdrv / Secdrv][Stopped/Manual Start]
  410.   <system32\DRIVERS\secdrv.sys><N/A>
  411. [SenFilt Service / SenFiltService][Running/Manual Start]
  412.   <system32\drivers\Senfilt.sys><Sensaura>
  413. [Play Port I/O Driver / sysdrv32][Stopped/Manual Start]
  414.   <\??\C:\WINDOWS\system32\drivers\sysdrv32.sys><N/A>
  415. [usb token Device Driver / token][Stopped/Manual Start]
  416.   <system32\DRIVERS\eps2kt1.sys><>
  417. [videX32 / videX32][Running/Boot Start]
  418.   <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
  419. [WmiSvc / WmiSvc][Stopped/Auto Start]
  420.   <\??\C:\WINDOWS\system32\drivers\WmiSvc.sys><N/A>
  421. [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  422.   <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
  423. ==================================
  424. 浏览器加载项
  425. [联想]
  426.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url=http://www.lenovo.com]http://www.lenovo.com[/url], N/A>
  427. [信息检索(&R)]
  428.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
  429. [Messenger]
  430.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
  431. []
  432.   {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, >
  433. []
  434.   {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
  435. [Active Desktop Mover]
  436.   {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
  437. []
  438.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
  439. [Shockwave Flash Object]
  440.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Flash.OCX, N/A>
  441. []
  442.   {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <, >
  443. []
  444.   {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
  445. [导出到 Microsoft Office Excel(&X)]
  446.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
  447. ==================================
  448. 正在运行的进程
  449. [PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  450. [PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  451. [PID: 728 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  452. [PID: 772 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  453. [PID: 784 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  454. [PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  455. [PID: 1016 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  456. [PID: 1136 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  457. [PID: 1256 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  458. [PID: 1292 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  459. [PID: 1496 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  460.     [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 53, 3723, 0]
  461.     [C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
  462.     [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
  463.     [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
  464.     [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
  465.     [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
  466. [PID: 1544 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  467. [PID: 1680 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
  468.     [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
  469. [PID: 1880 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  470. [PID: 1212 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  471. [PID: 1968 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
  472. [PID: 700 / Owner][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  473.     [C:\Program Files\WinRAR_3.50美化版\rarext.dll]  [N/A, ]
  474. [PID: 1124 / Owner][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  475. [PID: 1248 / Owner][C:\WINDOWS\system32\dumprep.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  476. [PID: 1328 / Owner][C:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  477. [PID: 452 / Owner][C:\WINDOWS\system32\dwwin.exe]  [(Verified) Microsoft Corporation, 10.0.5815]
  478. [PID: 2268 / Owner][C:\Documents and Settings\Owner\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  479. [PID: 2276 / Owner][C:\Documents and Settings\Owner\桌面\SRE73c2a85b.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  480.     [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
  481.     [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
  482.     [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  483. ==================================
  484. 文件关联
  485. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  486. .EXE  OK. ["%1" %*]
  487. .COM  OK. ["%1" %*]
  488. .PIF  OK. ["%1" %*]
  489. .REG  OK. [regedit.exe "%1"]
  490. .BAT  OK. ["%1" %*]
  491. .SCR  OK. ["%1" /S]
  492. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  493. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  494. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  495. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  496. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  497. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  498. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  499. ==================================
  500. Winsock 提供者
  501. N/A
  502. ==================================
  503. Autorun.inf
  504. N/A
  505. ==================================
  506. HOSTS 文件
  507. 127.0.0.1       localhost
  508. ==================================
  509. 进程特权扫描
  510. N/A
  511. ==================================
  512. 计划任务
  513. N/A
  514. ==================================
  515. Windows 安全更新检查
  516. N/A
  517. ==================================
  518. API HOOK
  519. N/A
  520. ==================================
  521. 隐藏进程
  522. N/A
  523. ==================================

复制代码

tawny2008
发表于 2011-3-18 12:01:19 | 显示全部楼层

先删除:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

删除以下文件:  
C:\WINDOWS\system32\6to4.dll
system32\DRIVERS\nvmini.sys
System32\Drivers\Efimon.sys
C:\WINDOWS\system32\drivers\sysdrv32.sys
system32\DRIVERS\eps2kt1.sys
C:\WINDOWS\system32\drivers\WmiSvc.sys


用正常系统文件替换以下文件  
%SystemRoot%\System32\appmgmts.dll
%SystemRoot%\System32\hidserv.dll
system32\DRIVERS\secdrv.sys  

评分

参与人数 2经验 +4 人气 +1 收起 理由
边缘vip + 4 感谢解答
lxlyn + 1 版区有你更精彩: )

查看全部评分

lxlyn
 楼主| 发表于 2011-3-18 12:19:31 | 显示全部楼层
回复 2楼 tawny2008 的帖子

谢谢  
byxxdrls
头像被屏蔽
发表于 2011-3-18 12:27:35 | 显示全部楼层
删除这个残余的病毒快捷方式吧C:\Documents and Settings\Owner\「开始」菜单\程序\启动\   .lnk

评分

参与人数 2经验 +2 人气 +1 收起 理由
边缘vip + 2 感谢解答!
lxlyn + 1 加分鼓励 呵呵 谢谢答复

查看全部评分

ioton
头像被屏蔽
发表于 2011-3-18 13:26:00 | 显示全部楼层
话说楼主还在用XP2呢,微软都不在支持了
  还是升级到XP3或WIN7比较好。。。
lxlyn
 楼主| 发表于 2011-3-18 16:20:47 | 显示全部楼层
回复 5楼 ioton 的帖子

单位电脑  只连内网  不连外网
口条
发表于 2011-3-19 10:51:46 | 显示全部楼层
无数杀软的进程被劫持...........
远在天边
发表于 2011-3-19 12:03:18 | 显示全部楼层
看不懂啊
saibanzhizun
发表于 2011-3-19 14:07:53 | 显示全部楼层
C:\WINDOWS\system32\2890C3\C99853.EXE这个好像是病毒文件
wwdboy
发表于 2011-3-19 14:58:24 | 显示全部楼层
进来学习了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-24 09:01 , Processed in 0.124049 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表