中这个中了勒索病毒怎么办了怎么办,
点击联系发帖人
时间:2016-08-14 10:30
server2008中病毒了怎么办
[问题点数:40分]
server2008中病毒了怎么办
[问题点数:40分]
不显示删除回复
显示所有回复
显示星级回复
显示得分回复
只显示楼主
2014年6月 Linux/Unix社区大版内专家分月排行榜第二2014年1月 Linux/Unix社区大版内专家分月排行榜第二2013年11月 Linux/Unix社区大版内专家分月排行榜第二2010年6月 Windows专区大版内专家分月排行榜第二2010年4月 Windows专区大版内专家分月排行榜第二2010年3月 Windows专区大版内专家分月排行榜第二2009年12月 Windows专区大版内专家分月排行榜第二2009年11月 Windows专区大版内专家分月排行榜第二2008年7月 Windows专区大版内专家分月排行榜第二2008年1月 Windows专区大版内专家分月排行榜第二2007年12月 Windows专区大版内专家分月排行榜第二2007年11月 Windows专区大版内专家分月排行榜第二2007年10月 Windows专区大版内专家分月排行榜第二2007年6月 Windows专区大版内专家分月排行榜第二
2014年7月 Linux/Unix社区大版内专家分月排行榜第三2014年4月 Linux/Unix社区大版内专家分月排行榜第三2013年1月 Linux/Unix社区大版内专家分月排行榜第三2010年5月 Windows专区大版内专家分月排行榜第三2009年9月 Windows专区大版内专家分月排行榜第三2009年8月 Windows专区大版内专家分月排行榜第三2008年8月 Windows专区大版内专家分月排行榜第三2008年6月 Windows专区大版内专家分月排行榜第三2007年9月 Windows专区大版内专家分月排行榜第三2007年7月 Windows专区大版内专家分月排行榜第三2007年4月 Windows专区大版内专家分月排行榜第三
2010年8月 硬件使用大版内专家分月排行榜第二
2010年7月 Windows专区大版内专家分月排行榜第三2009年1月 Windows专区大版内专家分月排行榜第三2008年12月 Windows专区大版内专家分月排行榜第三2006年8月 扩充话题大版内专家分月排行榜第三
2013年12月 站务专区大版内专家分月排行榜第一2013年8月 站务专区大版内专家分月排行榜第一2013年7月 站务专区大版内专家分月排行榜第一2013年6月 站务专区大版内专家分月排行榜第一2013年4月 社区支持大版内专家分月排行榜第一
2013年5月 社区支持大版内专家分月排行榜第二
匿名用户不能发表回复!|
每天回帖即可获得10分可用分!小技巧:
你还可以输入10000个字符
(Ctrl+Enter)
请遵守CSDN,不得违反国家法律法规。
转载文章请注明出自“CSDN(www.csdn.net)”。如是商业用途请联系原作者。手机中了这个病毒怎么办?_百度知道
手机中了这个病毒怎么办?
jpg" esrc="http.baidu.hiphotos.baidu.
来自团队:
其他类似问题
为您推荐:
其他2条回答
一,卸载这个病毒软件,下载杀毒软件,若没用,第二
请下载百度卫士,百度卫士,能给你解决问题。
你试着看能不能用?。
您可能关注的推广
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁热线电话:400-999-7658
您的位置 ->
-> 在线帮助
中了文件夹exe病毒该怎么办?
文件夹exe病毒让我们使用U盘和手机存储卡等等时产生了很多问题,也影响到了电脑的使用,病毒会把原文件隐藏起来,生成同名的病毒文件,经过不断地复制传播,危害巨大。
文件夹exe病毒的特症:
文件夹exe病毒有很多,本文以“SXS2.exe”病毒、“重要资料.exe”病毒和“新建文件夹_12”病毒为例撰写。 正常的原文件如下图所示:
中了病毒后,以上原文件属性被强制隐藏,文件夹形式更改为:
下载U盘杀毒专家(USBkiller),进行全盘扫描,体验轻松杀毒的感觉。官方下载地址:
U盘杀毒专家(USBkiller)清除文件夹exe病毒的步骤
1.打开U盘杀毒专家(USBkiller),图示如下:
2.自行选择需要扫描的对象,一共有内存、本地硬盘和移动存储三个供您选择的对象,不选某一项则用左键点击将方框里面的“√”去掉,图示如下:
如上图所示,选择需要扫描的项目后,点击“开始扫描”按钮,U盘杀毒专家(USBkiller)就会进行扫描。
3.U盘杀毒专家自动找到文件夹exe病毒清除,并在结果栏显示病毒的相关信息,如下图所示:
U盘杀毒专家不仅可以清除文件夹exe病毒,还能进行U盘免疫,另外,它还提供一些U盘辅助功能,比如U盘解锁功能及进程管理等。 想了解更多关于U盘杀毒专家的信息,请登录
为何选择U盘杀毒专家
全面查杀+主动防御=安全
专杀主流软件不能解决的U盘病毒
努力查杀任何一个新出现的U盘病毒
提供完善售后技术服务
清新界面,简单的步骤适合每个用户
针对不用需求,制定不同版本查看: 3360|回复: 20
中了这个病毒怎么办
xietingfeng
本帖最后由 xietingfeng 于
14:24 编辑
& & 中这毒后只要不运行360一切好像安然无恙,此毒主要修改注册表,运行360后就会导致所有软件无法打开,连杀毒软件服务都会自动停止,要说明的是360与杀毒软件都有保护措施的,请教各位大虾该怎样修复?不要跟我说重装之类的,附上样本供参考
(27.87 KB, 下载次数: 84)
14:56 上传
点击文件名下载附件
58781.png (43.93 KB, 下载次数: 3)
14:23 上传
先扫描sreng日志上传,禁止杀软可能由于IFEO劫持,可以修复的(我们看过日志后给指导),
然后尝试金山急救箱+windows清理助手扫描修复。
NPE +cureIT +急救箱
头像被屏蔽
这个病毒虽然写驱动了,但似乎又不存在。
另外它添加了一个伪输入法,当然是病毒啦。还有映像劫持,但似乎没发现有楼主这种现象。
楼主还是上传SRENG日志吧。
360网盾扫出来了.....
一运行当场被和谐......
你用360急救箱试试
ddd.exe为自己添加隐藏属性(用XT才看到它,并去除了它的隐藏属性)
用自身以替换的方式拷贝到:c:\windows\system32\ceoidq.pif
生成动态链接库&&C:\windows\system32\8383406.LOG
已加密,读不懂。删除之
然后就开始加载各种dll了~~~
还有,不可以在这里发样本的,要去样本区发,然后给个链接到这里。
本帖最后由 sadfish5 于
21:49 编辑
哎呀,,网络卡了,发了连帖,呵呵~~
| Submission Summary:Submission details:
Submission received: 2 December :24Processing time: 7 min 14 secSubmitted sample:
File MD5: 0x31DF3C2D09DBAFBA823134File SHA-1: 0xAA123ADAF89D22AAD0E832C25ADFE0DFilesize: 31,878 bytesAlias:
Trojan.KillAV!rem [PCTools] [Symantec]Trojan-Downloader.Win32.Geral.yya [Kaspersky Lab]Trojan.Win32.Bodime [Ikarus]
Summary of the findings:
What's been foundSeverity LevelContains characteristics of an identified security risk.
Technical Details:
Possible Security RiskAttention! The following threat categories were identified:
Threat CategoryDescriptionA program that downloads files to the local computer that may represent security riskA malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
File System ModificationsThe following files were created in the system:
#Filename(s)File SizeFile HashAlias1%ProgramFiles%\Common Files\realteck\ceoidq.pif
[file and pathname of the sample #1] 31,878 bytesMD5: 0x31DF3C2D09DBAFBA823134
SHA-1: 0xAA123ADAF89D22AAD0E832C25ADFE0DTrojan.KillAV!rem [PCTools]
[Symantec]
Trojan-Downloader.Win32.Geral.yya [Kaspersky Lab]
Trojan.Win32.Bodime [Ikarus]2%System%\108421.LOG 0 bytesMD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEFAFD80709(not available)
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following directory was created:
%ProgramFiles%\Common Files\realteck
Registry ModificationsThe following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804]
Ime File = &108421.LOG&Layout Text = &chinese(simple)&Layout File = &kbdus.dll&
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804]
Ime File = &108421.LOG&Layout Text = &chinese(simple)&Layout File = &kbdus.dll&
[HKEY_CURRENT_USER\Keyboard Layout\Preload]
2 = &E0200804&
The following Registry Value was modified:
[HKEY_CURRENT_USER\Keyboard Layout\Preload]
Other detailsAnalysis of the file resources indicate the following possible country of origin:
All content (&Information&) contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies (&ThreatExpert&) and may not be copied without the express permission of ThreatExpert.
The Information is provided on an &as is& basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 . All rights reserved.
xietingfeng
感谢各位的热心,感谢楼上的关心,我用虚拟机试的,目的是测试杀软的防御,还有了解下解决方法,言归正传,用Sreng扫描了下,日志如下——
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ShStatEXE&&&F:\Program Files\Mcafee\SHSTAT.EXE& /STANDALONE&&&[(Verified)McAfee, Inc.]
& & &VMware User Process&&&C:\Program Files\VMware\VMware Tools\VMwareUser.exe&&&&[(Verified)VMware, Inc.]
& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&&&[File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
& & &WPDShServiceObj&&C:\WINDOWS\system32\WPDShServiceObj.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&F:\Program Files\卡巴斯基\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
& & &WinlogonNotify: TPSvc&&TPSvc.dll&&&[(Verified)ThinPrint GmbH]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
& & &WinlogonNotify: VMUpgradeAtShutdown&&VMUpgradeAtShutdownWXP.dll&&&[(Verified)VMware, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.EXE]
& & &IFEO[360rp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
& & &IFEO[360rpt.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
& & &IFEO[360safe.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE]
& & &IFEO[360safebox.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.EXE]
& & &IFEO[360sd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sdrun.EXE]
& & &IFEO[360sdrun.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360setupscan.EXE]
& & &IFEO[360setupscan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.EXE]
& & &IFEO[360speedld.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE]
& & &IFEO[360tray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
& & &IFEO[ANTIARP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arpfw.EXE]
& & &IFEO[arpfw.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE]
& & &IFEO[ArSwp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE]
& & &IFEO[Ast.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.EXE]
& & &IFEO[AutoRun.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.EXE]
& & &IFEO[avfwsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.EXE]
& & &IFEO[avgnt.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.EXE]
& & &IFEO[avguard.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE]
& & &IFEO[AvMonitor.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.EXE]
& & &IFEO[avnotify.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.EXE]
& & &IFEO[avp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.EXE]
& & &IFEO[avwebgrd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BacsTray.EXE]
& & &IFEO[BacsTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikearpmain.EXE]
& & &IFEO[beikearpmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikearpsvc.EXE]
& & &IFEO[beikearpsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikescan.EXE]
& & &IFEO[beikescan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.EXE]
& & &IFEO[ccEvtMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DumpUper.EXE]
& & &IFEO[DumpUper.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE]
& & &IFEO[egui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE]
& & &IFEO[ekrn.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\essact.EXE]
& & &IFEO[essact.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
& & &IFEO[Frameworkservice.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
& & &IFEO[GFUpd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
& & &IFEO[GuardField.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.EXE]
& & &IFEO[guardgui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE]
& & &IFEO[HijackThis.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE]
& & &IFEO[IceSword.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE]
& & &IFEO[Iparmor.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.EXE]
& & &IFEO[kaccore.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KANSGUI.EXE]
& & &IFEO[KANSGUI.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KANSvr.EXE]
& & &IFEO[KANSvr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
& & &IFEO[KASARP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.EXE]
& & &IFEO[kasmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastray.EXE]
& & &IFEO[kastray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.EXE]
& & &IFEO[kav.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE]
& & &IFEO[kav32.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
& & &IFEO[KAVPFW.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE]
& & &IFEO[kavstart.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.EXE]
& & &IFEO[kissvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KpfwSvc.EXE]
& & &IFEO[KpfwSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE]
& & &IFEO[KRegEx.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.EXE]
& & &IFEO[krepair.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.EXE]
& & &IFEO[krnl360svc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafe.EXE]
& & &IFEO[KSafe.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.EXE]
& & &IFEO[KSafeSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.EXE]
& & &IFEO[KSafeTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe]
& & &IFEO[kswebshield.exe]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kudiskmon.EXE]
& & &IFEO[kudiskmon.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.EXE]
& & &IFEO[KVMonXP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP]
& & &IFEO[KVMonxp.KXP]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE]
& & &IFEO[KVSrvXP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE]
& & &IFEO[KVWSC.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE]
& & &IFEO[kwatch.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.EXE]
& & &IFEO[kxedefend.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.EXE]
& & &IFEO[kxesapp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.EXE]
& & &IFEO[kxescore.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.EXE]
& & &IFEO[kxeserv.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.EXE]
& & &IFEO[kxetray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.EXE]
& & &IFEO[mcshield.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE]
& & &IFEO[Mmsk.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.EXE]
& & &IFEO[naPrdMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE]
& & &IFEO[Navapsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.EXE]
& & &IFEO[nod32kui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
& & &IFEO[PFW.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe]
& & &IFEO[QQDoctorRtp.exe]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCLeakScan.EXE]
& & &IFEO[QQPCLeakScan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.EXE]
& & &IFEO[QQPCMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE]
& & &IFEO[QQPCRTP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.EXE]
& & &IFEO[QQPCTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE]
& & &IFEO[RAV.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE]
& & &IFEO[RavMon.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE]
& & &IFEO[RavMonD.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.EXE]
& & &IFEO[Ravservice.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE]
& & &IFEO[RavStub.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE]
& & &IFEO[RavTask.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE]
& & &IFEO[RAVTRAY.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE]
& & &IFEO[Regedit.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE]
& & &IFEO[rfwmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE]
& & &IFEO[rfwProxy.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE]
& & &IFEO[rfwsrv.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE]
& & &IFEO[Rfwstub.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE]
& & &IFEO[RsAgent.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE]
& & &IFEO[Rsaupd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE]
& & &IFEO[RsMain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMgrSvc.EXE]
& & &IFEO[RsMgrSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.EXE]
& & &IFEO[RSTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE]
& & &IFEO[Runiep.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.EXE]
& & &IFEO[safeboxtray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE]
& & &IFEO[ScanFrm.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.EXE]
& & &IFEO[sched.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE]
& & &IFEO[SREngLdr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.EXE]
& & &IFEO[SuperKiller.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE]
& & &IFEO[TrojanDetector.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.EXE]
& & &IFEO[Trojanwall.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP]
& & &IFEO[TrojDie.KXP]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSVulFWMan.EXE]
& & &IFEO[TSVulFWMan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.EXE]
& & &IFEO[Twister.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.EXE]
& & &IFEO[upsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
& & &IFEO[VPC32.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
& & &IFEO[VPTRAY.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.EXE]
& & &IFEO[VsTskMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
& & &IFEO[WOPTILITIES.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZhuDongFangYu.EXE]
& & &IFEO[ZhuDongFangYu.EXE]&&ntsd -d&&&[N/A]
==================================
启动文件夹
==================================
[avp / avp][Stopped/Manual Start]
&&&&F:\Program Files\卡巴斯基\avp.exe& -r&&Kaspersky Lab&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[McAfee Engine Service / McAfeeEngineService][Running/Auto Start]
&&&&F:\Program Files\Mcafee\EngineServer.exe&&&McAfee, Inc.&
[McAfee Framework 服务 / McAfeeFramework][Running/Auto Start]
&&&&F:\Program Files\Common Framework\FrameworkService.exe& /ServiceStart&&McAfee, Inc.&
[McAfee McShield / McShield][Stopped/Auto Start]
&&&&F:\Program Files\Mcafee\Mcshield.exe&&&McAfee, Inc.&
[McAfee Task Manager / McTaskManager][Running/Auto Start]
&&&&F:\Program Files\Mcafee\VsTskMgr.exe&&&McAfee, Inc.&
[McAfee Validation Trust Protection Service / mfevtp][Running/Auto Start]
&&&C:\WINDOWS\system32\mfevtps.exe&&McAfee, Inc.&
[VMware Tools Service / VMTools][Running/Auto Start]
&&&&C:\Program Files\VMware\VMware Tools\vmtoolsd.exe&&&VMware, Inc.&
[VMware 升级助手 / VMUpgradeHelper][Stopped/Disabled]
&&&&C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe& /service&&VMware, Inc.&
[VMware 物理磁盘助手服务 / VMware Physical Disk Helper Service][Stopped/Manual Start]
&&&&C:\Program Files\VMware\VMware Tools\vmacthlp.exe&&&VMware, Inc.&
[主动防御 / ZhuDongFangYu][Stopped/Disabled]
&&&&D:\安全\绿色360safe\deepscan\zhudongfangyu.exe&&&(File is missing)&
==================================
[360netmon / 360netmon][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\360netmon.sys&&&
[360SelfProtection / 360SelfProtection][Running/System Start]
&&&system32\drivers\360SelfProtection.sys&&360安全中心&
[BAPIDRV / BAPIDRV][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS&&&
[EfiSystemMon / EfiMon][Running/System Start]
&&&System32\Drivers\Efimon.sys&&奇虎网&
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
&&&system32\drivers\es1371mp.sys&&Creative Technology Ltd.&
[HookPort / HookPort][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\Hookport.sys&&360安全中心&
[KLIF / KLIF][Stopped/Manual Start]
&&&\??\F:\PROGRA~1\卡巴斯基\KLIF.SYS&&Kaspersky Lab&
[McAfee Inc. mfeapfk / mfeapfk][Stopped/Manual Start]
&&&system32\drivers\mfeapfk.sys&&McAfee, Inc.&
[McAfee Inc. mfeavfk / mfeavfk][Stopped/Manual Start]
&&&system32\drivers\mfeavfk.sys&&McAfee, Inc.&
[McAfee Inc. mfebopk / mfebopk][Stopped/Manual Start]
&&&system32\drivers\mfebopk.sys&&McAfee, Inc.&
[McAfee Inc. mfehidk / mfehidk][Running/Boot Start]
&&&\SystemRoot\system32\drivers\mfehidk.sys&&McAfee, Inc.&
[McAfee Inc. mferkdet / mferkdet][Stopped/Manual Start]
&&&system32\drivers\mferkdet.sys&&McAfee, Inc.&
[McAfee Inc. mfetdik / mfetdik][Running/System Start]
&&&system32\drivers\mfetdik.sys&&McAfee, Inc.&
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
&&&system32\DRIVERS\pcntpci5.sys&&AMD Inc.&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Quantum DeepScanner Servers / qutmdserv][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmdrv.sys&&360安全中心&
[qutmipc / qutmipc][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmipc.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[VMware VMCI Bus Driver / vmci][Running/Manual Start]
&&&system32\DRIVERS\vmci.sys&&VMware, Inc.&
[VMware Replay Debugging Helper / vmdebug][Running/System Start]
&&&\??\C:\WINDOWS\system32\Drivers\vmdebug.sys&&VMware, Inc.&
[vmhgfs / vmhgfs][Running/System Start]
&&&System32\DRIVERS\vmhgfs.sys&&VMware, Inc.&
[鍐呭瓨鎺у埗椹卞姩绋嬪簭 / VMMEMCTL][Running/Auto Start]
&&&\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys&&VMware, Inc.&
[VMware Pointing Device / vmmouse][Running/Manual Start]
&&&system32\DRIVERS\vmmouse.sys&&VMware, Inc.&
[VMware Vista 物理磁盘助手 / vmrawdsk][Stopped/System Start]
&&&\??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys&&N/A&
[vmscsi / vmscsi][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\vmscsi.sys&&VMware, Inc.&
[VMware Ethernet Adapter Driver / vmxnet][Running/Manual Start]
&&&system32\DRIVERS\vmxnet.sys&&VMware, Inc.&
[vmx_svga / vmx_svga][Running/Manual Start]
&&&system32\DRIVERS\vmx_svga.sys&&VMware, Inc.&
==================================
xietingfeng
浏览器加载项
[scriptproxy]
&&{7DB2D5A0--B68D-1} &F:\Program Files\Mcafee\scriptsn.dll, (Signed) McAfee, Inc.&
[scriptproxy]
&&{7DB2D5A0--B68D-1} &F:\Program Files\Mcafee\scriptsn.dll, (Signed) McAfee, Inc.&
[360SafeLive]
&&{C--D416CB8059E3} &F:\Program Files\360安全卫士\Safelive.dll, (Signed) &
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.&
&&{FB5FD2-BB9E-00C04F795683} &, &
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
==================================
正在运行的进程
[PID: 592 / SYSTEM][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [F:\Program Files\卡巴斯基\klogon.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 996 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1100 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1196 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1356 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1720 / Z Y X][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\vmhgfs.dll]&&[VMware, Inc., 8.0.20.0]
& & [F:\Program Files\Mcafee\scriptsn.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\GOOGLEPINYIN2.IME]&&[Google Inc., 2.1.10.65]
& & [F:\Program Files\Mcafee\shext.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\卡巴斯基\ShellEx.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
[PID: 1788 / Z Y X][F:\Program Files\Mcafee\SHSTAT.EXE]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\Graphics.dll]&&[McAfee, Inc., 8.7.0.570]
[PID: 1800 / Z Y X][C:\Program Files\VMware\VMware Tools\VMwareUser.exe]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\sigc-2.0.dll]&&[N/A, ]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0._x-ww_3bf8fa05\MFC80U.DLL]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0._x-ww_\MFC80CHS.DLL]&&[Microsoft Corporation, 8.00.]
[PID: 1936 / SYSTEM][F:\Program Files\Mcafee\EngineServer.exe]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_server.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
[PID: 1956 / SYSTEM][F:\Program Files\Common Framework\FrameworkService.exe]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\nailog3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [F:\Program Files\Common Framework\naxml3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [F:\Program Files\Common Framework\naCmnLib3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\applib.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cryptocme2.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\0804\AgentRes.dll]&&[McAfee, Inc., 4.0.0.1148]
& & [F:\Program Files\Common Framework\Logging.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\UserSpace.Dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\SecureFrameworkFactory3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\Management.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naPolicyManager.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\UpdateSubSys.Dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\updater.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\ipcchannel.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\boost_thread-vc71-mt-1_32.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\mfeCmnLib71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\Scheduler.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\TCSubSys.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cmalib.dll]&&[McAfee, Inc., 4.0.0.1180]
[PID: 2044 / SYSTEM][F:\Program Files\Mcafee\VsTskMgr.exe]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\condl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\MIDUtil.Dll]&&[McAfee, Inc., 8.7.0.138]
& & [F:\Program Files\Mcafee\BBCpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\coptcpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\EmCfgCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\nvpcpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\OASCpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\QuarCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\vsodscpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\VsEvntUI.dll]&&[N/A, ]
& & [F:\Program Files\Mcafee\NAEvent.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftl.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\vsupdcpl.dll]&&[McAfee, Inc., 8.7.0.810]
[PID: 200 / SYSTEM][C:\WINDOWS\system32\mfevtps.exe]&&[McAfee, Inc., SYSCORE.14.1.0.645.x86]
[PID: 244 / SYSTEM][C:\Program Files\VMware\VMware Tools\vmtoolsd.exe]&&[VMware, Inc., 8.4.3.13618]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\VMware\VMware Tools\intl.dll]&&[Free Software Foundation, 0.14.6]
& & [C:\Program Files\VMware\VMware Tools\iconv.dll]&&[Free Software Foundation, 1.9]
& & [C:\Program Files\VMware\VMware Tools\glib-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gobject-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gthread-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\vmtools.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsServer.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsUsability.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\thinprint.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vix.dll]&&[VMware, Inc., 8.4.3.13618]
[PID: 1264 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 3620 / SYSTEM][F:\Program Files\Common Framework\naPrdMgr.exe]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naxml3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [F:\Program Files\Common Framework\nailog3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naCmnLib3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\applib.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cryptocme2.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\0804\AgentRes.dll]&&[McAfee, Inc., 4.0.0.1148]
[PID: 3660 / Z Y X][F:\Program Files\Mcafee\mcconsol.exe]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\consl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\condl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\BBCpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\coptcpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\EmCfgCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\nvpcpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\OASCpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\QuarCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\vsodscpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\VsEvntUI.dll]&&[N/A, ]
& & [F:\Program Files\Mcafee\NAEvent.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftl.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\vsupdcpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\Graphics.dll]&&[McAfee, Inc., 8.7.0.570]
[PID: 2392 / Z Y X][E:\安全\Sreng分析助手\韩国队 .EXE]&&[Smallfrogs Studio, 2.8.2.1321]
[PID: 3552 / Z Y X][E:\安全\Sreng分析助手\SRE8821b97f.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
& & [C:\WINDOWS\system32\2108703.LOG]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\安全\Sreng分析助手\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
VMCI sockets DGRAM
& & C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll(VMware, Inc., VSockets Library)
VMCI sockets STREAM
& & C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll(VMware, Inc., VSockets Library)
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
==================================
==================================
Windows 安全更新检查
==================================
==================================
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,}
[问题点数:40分]
server2008中病毒了怎么办
[问题点数:40分]
不显示删除回复
显示所有回复
显示星级回复
显示得分回复
只显示楼主
2014年6月 Linux/Unix社区大版内专家分月排行榜第二2014年1月 Linux/Unix社区大版内专家分月排行榜第二2013年11月 Linux/Unix社区大版内专家分月排行榜第二2010年6月 Windows专区大版内专家分月排行榜第二2010年4月 Windows专区大版内专家分月排行榜第二2010年3月 Windows专区大版内专家分月排行榜第二2009年12月 Windows专区大版内专家分月排行榜第二2009年11月 Windows专区大版内专家分月排行榜第二2008年7月 Windows专区大版内专家分月排行榜第二2008年1月 Windows专区大版内专家分月排行榜第二2007年12月 Windows专区大版内专家分月排行榜第二2007年11月 Windows专区大版内专家分月排行榜第二2007年10月 Windows专区大版内专家分月排行榜第二2007年6月 Windows专区大版内专家分月排行榜第二
2014年7月 Linux/Unix社区大版内专家分月排行榜第三2014年4月 Linux/Unix社区大版内专家分月排行榜第三2013年1月 Linux/Unix社区大版内专家分月排行榜第三2010年5月 Windows专区大版内专家分月排行榜第三2009年9月 Windows专区大版内专家分月排行榜第三2009年8月 Windows专区大版内专家分月排行榜第三2008年8月 Windows专区大版内专家分月排行榜第三2008年6月 Windows专区大版内专家分月排行榜第三2007年9月 Windows专区大版内专家分月排行榜第三2007年7月 Windows专区大版内专家分月排行榜第三2007年4月 Windows专区大版内专家分月排行榜第三
2010年8月 硬件使用大版内专家分月排行榜第二
2010年7月 Windows专区大版内专家分月排行榜第三2009年1月 Windows专区大版内专家分月排行榜第三2008年12月 Windows专区大版内专家分月排行榜第三2006年8月 扩充话题大版内专家分月排行榜第三
2013年12月 站务专区大版内专家分月排行榜第一2013年8月 站务专区大版内专家分月排行榜第一2013年7月 站务专区大版内专家分月排行榜第一2013年6月 站务专区大版内专家分月排行榜第一2013年4月 社区支持大版内专家分月排行榜第一
2013年5月 社区支持大版内专家分月排行榜第二
匿名用户不能发表回复!|
每天回帖即可获得10分可用分!小技巧:
你还可以输入10000个字符
(Ctrl+Enter)
请遵守CSDN,不得违反国家法律法规。
转载文章请注明出自“CSDN(www.csdn.net)”。如是商业用途请联系原作者。手机中了这个病毒怎么办?_百度知道
手机中了这个病毒怎么办?
jpg" esrc="http.baidu.hiphotos.baidu.
来自团队:
其他类似问题
为您推荐:
其他2条回答
一,卸载这个病毒软件,下载杀毒软件,若没用,第二
请下载百度卫士,百度卫士,能给你解决问题。
你试着看能不能用?。
您可能关注的推广
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁热线电话:400-999-7658
您的位置 ->
-> 在线帮助
中了文件夹exe病毒该怎么办?
文件夹exe病毒让我们使用U盘和手机存储卡等等时产生了很多问题,也影响到了电脑的使用,病毒会把原文件隐藏起来,生成同名的病毒文件,经过不断地复制传播,危害巨大。
文件夹exe病毒的特症:
文件夹exe病毒有很多,本文以“SXS2.exe”病毒、“重要资料.exe”病毒和“新建文件夹_12”病毒为例撰写。 正常的原文件如下图所示:
中了病毒后,以上原文件属性被强制隐藏,文件夹形式更改为:
下载U盘杀毒专家(USBkiller),进行全盘扫描,体验轻松杀毒的感觉。官方下载地址:
U盘杀毒专家(USBkiller)清除文件夹exe病毒的步骤
1.打开U盘杀毒专家(USBkiller),图示如下:
2.自行选择需要扫描的对象,一共有内存、本地硬盘和移动存储三个供您选择的对象,不选某一项则用左键点击将方框里面的“√”去掉,图示如下:
如上图所示,选择需要扫描的项目后,点击“开始扫描”按钮,U盘杀毒专家(USBkiller)就会进行扫描。
3.U盘杀毒专家自动找到文件夹exe病毒清除,并在结果栏显示病毒的相关信息,如下图所示:
U盘杀毒专家不仅可以清除文件夹exe病毒,还能进行U盘免疫,另外,它还提供一些U盘辅助功能,比如U盘解锁功能及进程管理等。 想了解更多关于U盘杀毒专家的信息,请登录
为何选择U盘杀毒专家
全面查杀+主动防御=安全
专杀主流软件不能解决的U盘病毒
努力查杀任何一个新出现的U盘病毒
提供完善售后技术服务
清新界面,简单的步骤适合每个用户
针对不用需求,制定不同版本查看: 3360|回复: 20
中了这个病毒怎么办
xietingfeng
本帖最后由 xietingfeng 于
14:24 编辑
& & 中这毒后只要不运行360一切好像安然无恙,此毒主要修改注册表,运行360后就会导致所有软件无法打开,连杀毒软件服务都会自动停止,要说明的是360与杀毒软件都有保护措施的,请教各位大虾该怎样修复?不要跟我说重装之类的,附上样本供参考
(27.87 KB, 下载次数: 84)
14:56 上传
点击文件名下载附件
58781.png (43.93 KB, 下载次数: 3)
14:23 上传
先扫描sreng日志上传,禁止杀软可能由于IFEO劫持,可以修复的(我们看过日志后给指导),
然后尝试金山急救箱+windows清理助手扫描修复。
NPE +cureIT +急救箱
头像被屏蔽
这个病毒虽然写驱动了,但似乎又不存在。
另外它添加了一个伪输入法,当然是病毒啦。还有映像劫持,但似乎没发现有楼主这种现象。
楼主还是上传SRENG日志吧。
360网盾扫出来了.....
一运行当场被和谐......
你用360急救箱试试
ddd.exe为自己添加隐藏属性(用XT才看到它,并去除了它的隐藏属性)
用自身以替换的方式拷贝到:c:\windows\system32\ceoidq.pif
生成动态链接库&&C:\windows\system32\8383406.LOG
已加密,读不懂。删除之
然后就开始加载各种dll了~~~
还有,不可以在这里发样本的,要去样本区发,然后给个链接到这里。
本帖最后由 sadfish5 于
21:49 编辑
哎呀,,网络卡了,发了连帖,呵呵~~
| Submission Summary:Submission details:
Submission received: 2 December :24Processing time: 7 min 14 secSubmitted sample:
File MD5: 0x31DF3C2D09DBAFBA823134File SHA-1: 0xAA123ADAF89D22AAD0E832C25ADFE0DFilesize: 31,878 bytesAlias:
Trojan.KillAV!rem [PCTools] [Symantec]Trojan-Downloader.Win32.Geral.yya [Kaspersky Lab]Trojan.Win32.Bodime [Ikarus]
Summary of the findings:
What's been foundSeverity LevelContains characteristics of an identified security risk.
Technical Details:
Possible Security RiskAttention! The following threat categories were identified:
Threat CategoryDescriptionA program that downloads files to the local computer that may represent security riskA malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
File System ModificationsThe following files were created in the system:
#Filename(s)File SizeFile HashAlias1%ProgramFiles%\Common Files\realteck\ceoidq.pif
[file and pathname of the sample #1] 31,878 bytesMD5: 0x31DF3C2D09DBAFBA823134
SHA-1: 0xAA123ADAF89D22AAD0E832C25ADFE0DTrojan.KillAV!rem [PCTools]
[Symantec]
Trojan-Downloader.Win32.Geral.yya [Kaspersky Lab]
Trojan.Win32.Bodime [Ikarus]2%System%\108421.LOG 0 bytesMD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEFAFD80709(not available)
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following directory was created:
%ProgramFiles%\Common Files\realteck
Registry ModificationsThe following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804]
Ime File = &108421.LOG&Layout Text = &chinese(simple)&Layout File = &kbdus.dll&
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804]
Ime File = &108421.LOG&Layout Text = &chinese(simple)&Layout File = &kbdus.dll&
[HKEY_CURRENT_USER\Keyboard Layout\Preload]
2 = &E0200804&
The following Registry Value was modified:
[HKEY_CURRENT_USER\Keyboard Layout\Preload]
Other detailsAnalysis of the file resources indicate the following possible country of origin:
All content (&Information&) contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies (&ThreatExpert&) and may not be copied without the express permission of ThreatExpert.
The Information is provided on an &as is& basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 . All rights reserved.
xietingfeng
感谢各位的热心,感谢楼上的关心,我用虚拟机试的,目的是测试杀软的防御,还有了解下解决方法,言归正传,用Sreng扫描了下,日志如下——
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ShStatEXE&&&F:\Program Files\Mcafee\SHSTAT.EXE& /STANDALONE&&&[(Verified)McAfee, Inc.]
& & &VMware User Process&&&C:\Program Files\VMware\VMware Tools\VMwareUser.exe&&&&[(Verified)VMware, Inc.]
& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&&&[File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Publisher]
& & &WPDShServiceObj&&C:\WINDOWS\system32\WPDShServiceObj.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
& & &WinlogonNotify: klogon&&F:\Program Files\卡巴斯基\klogon.dll&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
& & &WinlogonNotify: TPSvc&&TPSvc.dll&&&[(Verified)ThinPrint GmbH]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
& & &WinlogonNotify: VMUpgradeAtShutdown&&VMUpgradeAtShutdownWXP.dll&&&[(Verified)VMware, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /ShowWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.EXE]
& & &IFEO[360rp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
& & &IFEO[360rpt.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
& & &IFEO[360safe.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE]
& & &IFEO[360safebox.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.EXE]
& & &IFEO[360sd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sdrun.EXE]
& & &IFEO[360sdrun.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360setupscan.EXE]
& & &IFEO[360setupscan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.EXE]
& & &IFEO[360speedld.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE]
& & &IFEO[360tray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
& & &IFEO[ANTIARP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arpfw.EXE]
& & &IFEO[arpfw.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE]
& & &IFEO[ArSwp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE]
& & &IFEO[Ast.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.EXE]
& & &IFEO[AutoRun.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.EXE]
& & &IFEO[avfwsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.EXE]
& & &IFEO[avgnt.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.EXE]
& & &IFEO[avguard.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE]
& & &IFEO[AvMonitor.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.EXE]
& & &IFEO[avnotify.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.EXE]
& & &IFEO[avp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.EXE]
& & &IFEO[avwebgrd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BacsTray.EXE]
& & &IFEO[BacsTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikearpmain.EXE]
& & &IFEO[beikearpmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikearpsvc.EXE]
& & &IFEO[beikearpsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beikescan.EXE]
& & &IFEO[beikescan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.EXE]
& & &IFEO[ccEvtMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DumpUper.EXE]
& & &IFEO[DumpUper.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.EXE]
& & &IFEO[egui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.EXE]
& & &IFEO[ekrn.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\essact.EXE]
& & &IFEO[essact.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
& & &IFEO[Frameworkservice.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
& & &IFEO[GFUpd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
& & &IFEO[GuardField.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.EXE]
& & &IFEO[guardgui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE]
& & &IFEO[HijackThis.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE]
& & &IFEO[IceSword.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE]
& & &IFEO[Iparmor.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.EXE]
& & &IFEO[kaccore.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KANSGUI.EXE]
& & &IFEO[KANSGUI.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KANSvr.EXE]
& & &IFEO[KANSvr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
& & &IFEO[KASARP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.EXE]
& & &IFEO[kasmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastray.EXE]
& & &IFEO[kastray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.EXE]
& & &IFEO[kav.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE]
& & &IFEO[kav32.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
& & &IFEO[KAVPFW.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE]
& & &IFEO[kavstart.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.EXE]
& & &IFEO[kissvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KpfwSvc.EXE]
& & &IFEO[KpfwSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE]
& & &IFEO[KRegEx.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.EXE]
& & &IFEO[krepair.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.EXE]
& & &IFEO[krnl360svc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafe.EXE]
& & &IFEO[KSafe.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.EXE]
& & &IFEO[KSafeSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.EXE]
& & &IFEO[KSafeTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe]
& & &IFEO[kswebshield.exe]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kudiskmon.EXE]
& & &IFEO[kudiskmon.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.EXE]
& & &IFEO[KVMonXP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP]
& & &IFEO[KVMonxp.KXP]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE]
& & &IFEO[KVSrvXP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE]
& & &IFEO[KVWSC.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE]
& & &IFEO[kwatch.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.EXE]
& & &IFEO[kxedefend.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.EXE]
& & &IFEO[kxesapp.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.EXE]
& & &IFEO[kxescore.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.EXE]
& & &IFEO[kxeserv.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.EXE]
& & &IFEO[kxetray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.EXE]
& & &IFEO[mcshield.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE]
& & &IFEO[Mmsk.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.EXE]
& & &IFEO[naPrdMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE]
& & &IFEO[Navapsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.EXE]
& & &IFEO[nod32kui.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
& & &IFEO[PFW.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe]
& & &IFEO[QQDoctorRtp.exe]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCLeakScan.EXE]
& & &IFEO[QQPCLeakScan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCMgr.EXE]
& & &IFEO[QQPCMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE]
& & &IFEO[QQPCRTP.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.EXE]
& & &IFEO[QQPCTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE]
& & &IFEO[RAV.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE]
& & &IFEO[RavMon.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE]
& & &IFEO[RavMonD.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.EXE]
& & &IFEO[Ravservice.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE]
& & &IFEO[RavStub.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE]
& & &IFEO[RavTask.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE]
& & &IFEO[RAVTRAY.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE]
& & &IFEO[Regedit.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE]
& & &IFEO[rfwmain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE]
& & &IFEO[rfwProxy.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE]
& & &IFEO[rfwsrv.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE]
& & &IFEO[Rfwstub.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE]
& & &IFEO[RsAgent.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE]
& & &IFEO[Rsaupd.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE]
& & &IFEO[RsMain.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMgrSvc.EXE]
& & &IFEO[RsMgrSvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.EXE]
& & &IFEO[RSTray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE]
& & &IFEO[Runiep.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.EXE]
& & &IFEO[safeboxtray.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE]
& & &IFEO[ScanFrm.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.EXE]
& & &IFEO[sched.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE]
& & &IFEO[SREngLdr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.EXE]
& & &IFEO[SuperKiller.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE]
& & &IFEO[TrojanDetector.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.EXE]
& & &IFEO[Trojanwall.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP]
& & &IFEO[TrojDie.KXP]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSVulFWMan.EXE]
& & &IFEO[TSVulFWMan.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.EXE]
& & &IFEO[Twister.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.EXE]
& & &IFEO[upsvc.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
& & &IFEO[VPC32.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
& & &IFEO[VPTRAY.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.EXE]
& & &IFEO[VsTskMgr.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
& & &IFEO[WOPTILITIES.EXE]&&ntsd -d&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZhuDongFangYu.EXE]
& & &IFEO[ZhuDongFangYu.EXE]&&ntsd -d&&&[N/A]
==================================
启动文件夹
==================================
[avp / avp][Stopped/Manual Start]
&&&&F:\Program Files\卡巴斯基\avp.exe& -r&&Kaspersky Lab&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[McAfee Engine Service / McAfeeEngineService][Running/Auto Start]
&&&&F:\Program Files\Mcafee\EngineServer.exe&&&McAfee, Inc.&
[McAfee Framework 服务 / McAfeeFramework][Running/Auto Start]
&&&&F:\Program Files\Common Framework\FrameworkService.exe& /ServiceStart&&McAfee, Inc.&
[McAfee McShield / McShield][Stopped/Auto Start]
&&&&F:\Program Files\Mcafee\Mcshield.exe&&&McAfee, Inc.&
[McAfee Task Manager / McTaskManager][Running/Auto Start]
&&&&F:\Program Files\Mcafee\VsTskMgr.exe&&&McAfee, Inc.&
[McAfee Validation Trust Protection Service / mfevtp][Running/Auto Start]
&&&C:\WINDOWS\system32\mfevtps.exe&&McAfee, Inc.&
[VMware Tools Service / VMTools][Running/Auto Start]
&&&&C:\Program Files\VMware\VMware Tools\vmtoolsd.exe&&&VMware, Inc.&
[VMware 升级助手 / VMUpgradeHelper][Stopped/Disabled]
&&&&C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe& /service&&VMware, Inc.&
[VMware 物理磁盘助手服务 / VMware Physical Disk Helper Service][Stopped/Manual Start]
&&&&C:\Program Files\VMware\VMware Tools\vmacthlp.exe&&&VMware, Inc.&
[主动防御 / ZhuDongFangYu][Stopped/Disabled]
&&&&D:\安全\绿色360safe\deepscan\zhudongfangyu.exe&&&(File is missing)&
==================================
[360netmon / 360netmon][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\360netmon.sys&&&
[360SelfProtection / 360SelfProtection][Running/System Start]
&&&system32\drivers\360SelfProtection.sys&&360安全中心&
[BAPIDRV / BAPIDRV][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS&&&
[EfiSystemMon / EfiMon][Running/System Start]
&&&System32\Drivers\Efimon.sys&&奇虎网&
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
&&&system32\drivers\es1371mp.sys&&Creative Technology Ltd.&
[HookPort / HookPort][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\Hookport.sys&&360安全中心&
[KLIF / KLIF][Stopped/Manual Start]
&&&\??\F:\PROGRA~1\卡巴斯基\KLIF.SYS&&Kaspersky Lab&
[McAfee Inc. mfeapfk / mfeapfk][Stopped/Manual Start]
&&&system32\drivers\mfeapfk.sys&&McAfee, Inc.&
[McAfee Inc. mfeavfk / mfeavfk][Stopped/Manual Start]
&&&system32\drivers\mfeavfk.sys&&McAfee, Inc.&
[McAfee Inc. mfebopk / mfebopk][Stopped/Manual Start]
&&&system32\drivers\mfebopk.sys&&McAfee, Inc.&
[McAfee Inc. mfehidk / mfehidk][Running/Boot Start]
&&&\SystemRoot\system32\drivers\mfehidk.sys&&McAfee, Inc.&
[McAfee Inc. mferkdet / mferkdet][Stopped/Manual Start]
&&&system32\drivers\mferkdet.sys&&McAfee, Inc.&
[McAfee Inc. mfetdik / mfetdik][Running/System Start]
&&&system32\drivers\mfetdik.sys&&McAfee, Inc.&
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
&&&system32\DRIVERS\pcntpci5.sys&&AMD Inc.&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Quantum DeepScanner Servers / qutmdserv][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmdrv.sys&&360安全中心&
[qutmipc / qutmipc][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\qutmipc.sys&&360安全中心&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[VMware VMCI Bus Driver / vmci][Running/Manual Start]
&&&system32\DRIVERS\vmci.sys&&VMware, Inc.&
[VMware Replay Debugging Helper / vmdebug][Running/System Start]
&&&\??\C:\WINDOWS\system32\Drivers\vmdebug.sys&&VMware, Inc.&
[vmhgfs / vmhgfs][Running/System Start]
&&&System32\DRIVERS\vmhgfs.sys&&VMware, Inc.&
[鍐呭瓨鎺у埗椹卞姩绋嬪簭 / VMMEMCTL][Running/Auto Start]
&&&\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys&&VMware, Inc.&
[VMware Pointing Device / vmmouse][Running/Manual Start]
&&&system32\DRIVERS\vmmouse.sys&&VMware, Inc.&
[VMware Vista 物理磁盘助手 / vmrawdsk][Stopped/System Start]
&&&\??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys&&N/A&
[vmscsi / vmscsi][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\vmscsi.sys&&VMware, Inc.&
[VMware Ethernet Adapter Driver / vmxnet][Running/Manual Start]
&&&system32\DRIVERS\vmxnet.sys&&VMware, Inc.&
[vmx_svga / vmx_svga][Running/Manual Start]
&&&system32\DRIVERS\vmx_svga.sys&&VMware, Inc.&
==================================
xietingfeng
浏览器加载项
[scriptproxy]
&&{7DB2D5A0--B68D-1} &F:\Program Files\Mcafee\scriptsn.dll, (Signed) McAfee, Inc.&
[scriptproxy]
&&{7DB2D5A0--B68D-1} &F:\Program Files\Mcafee\scriptsn.dll, (Signed) McAfee, Inc.&
[360SafeLive]
&&{C--D416CB8059E3} &F:\Program Files\360安全卫士\Safelive.dll, (Signed) &
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.&
&&{FB5FD2-BB9E-00C04F795683} &, &
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
==================================
正在运行的进程
[PID: 592 / SYSTEM][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [F:\Program Files\卡巴斯基\klogon.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 996 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1100 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1196 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1356 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1720 / Z Y X][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\System32\vmhgfs.dll]&&[VMware, Inc., 8.0.20.0]
& & [F:\Program Files\Mcafee\scriptsn.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\GOOGLEPINYIN2.IME]&&[Google Inc., 2.1.10.65]
& & [F:\Program Files\Mcafee\shext.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\卡巴斯基\ShellEx.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
[PID: 1788 / Z Y X][F:\Program Files\Mcafee\SHSTAT.EXE]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\Graphics.dll]&&[McAfee, Inc., 8.7.0.570]
[PID: 1800 / Z Y X][C:\Program Files\VMware\VMware Tools\VMwareUser.exe]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\sigc-2.0.dll]&&[N/A, ]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0._x-ww_3bf8fa05\MFC80U.DLL]&&[Microsoft Corporation, 8.00.]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0._x-ww_\MFC80CHS.DLL]&&[Microsoft Corporation, 8.00.]
[PID: 1936 / SYSTEM][F:\Program Files\Mcafee\EngineServer.exe]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_server.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
[PID: 1956 / SYSTEM][F:\Program Files\Common Framework\FrameworkService.exe]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\nailog3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [F:\Program Files\Common Framework\naxml3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [F:\Program Files\Common Framework\naCmnLib3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\applib.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cryptocme2.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\0804\AgentRes.dll]&&[McAfee, Inc., 4.0.0.1148]
& & [F:\Program Files\Common Framework\Logging.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\UserSpace.Dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\SecureFrameworkFactory3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\Management.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naPolicyManager.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\UpdateSubSys.Dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\updater.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\ipcchannel.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\boost_thread-vc71-mt-1_32.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\mfeCmnLib71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\Scheduler.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\TCSubSys.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cmalib.dll]&&[McAfee, Inc., 4.0.0.1180]
[PID: 2044 / SYSTEM][F:\Program Files\Mcafee\VsTskMgr.exe]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\condl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\MIDUtil.Dll]&&[McAfee, Inc., 8.7.0.138]
& & [F:\Program Files\Mcafee\BBCpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\coptcpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\EmCfgCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\nvpcpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\OASCpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\QuarCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\vsodscpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\VsEvntUI.dll]&&[N/A, ]
& & [F:\Program Files\Mcafee\NAEvent.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftl.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\vsupdcpl.dll]&&[McAfee, Inc., 8.7.0.810]
[PID: 200 / SYSTEM][C:\WINDOWS\system32\mfevtps.exe]&&[McAfee, Inc., SYSCORE.14.1.0.645.x86]
[PID: 244 / SYSTEM][C:\Program Files\VMware\VMware Tools\vmtoolsd.exe]&&[VMware, Inc., 8.4.3.13618]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCR80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\VMware\VMware Tools\intl.dll]&&[Free Software Foundation, 0.14.6]
& & [C:\Program Files\VMware\VMware Tools\iconv.dll]&&[Free Software Foundation, 1.9]
& & [C:\Program Files\VMware\VMware Tools\glib-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gobject-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\gthread-2.0.dll]&&[The GLib developer community, 2.16.4.0]
& & [C:\Program Files\VMware\VMware Tools\vmtools.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0._x-ww_6b128700\MSVCP80.dll]&&[Microsoft Corporation, 8.00.]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsServer.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hgfsUsability.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\thinprint.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll]&&[VMware, Inc., 8.4.3.13618]
& & [C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vix.dll]&&[VMware, Inc., 8.4.3.13618]
[PID: 1264 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 3620 / SYSTEM][F:\Program Files\Common Framework\naPrdMgr.exe]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naxml3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [F:\Program Files\Common Framework\nailog3.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\naCmnLib3_71.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\applib.dll]&&[McAfee, Inc., 4.0.0.1180]
& & [F:\Program Files\Common Framework\cryptocme2.dll]&&[N/A, ]
& & [F:\Program Files\Common Framework\0804\AgentRes.dll]&&[McAfee, Inc., 4.0.0.1148]
[PID: 3660 / Z Y X][F:\Program Files\Mcafee\mcconsol.exe]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\consl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\shutil.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\wmain.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\condl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\LockDown.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\BBCpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\coptcpl.dll]&&[McAfee, Inc., 8.7.0.747]
& & [F:\Program Files\Mcafee\EmCfgCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\nvpcpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\ftcfg.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\mytilus3.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\mytilus3_worker.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\RES0402\McShield.dll]&&[McAfee, Inc., VSCORE.14.1.0.524]
& & [F:\Program Files\Mcafee\OASCpl.dll]&&[McAfee, Inc., 8.7.0.570]
& & [F:\Program Files\Mcafee\QuarCpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\vsodscpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\VsEvntUI.dll]&&[N/A, ]
& & [F:\Program Files\Mcafee\NAEvent.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\ftl.dll]&&[McAfee, Inc., VSCORE.14.1.0.524.x86]
& & [F:\Program Files\Mcafee\vsupdcpl.dll]&&[McAfee, Inc., 8.7.0.810]
& & [F:\Program Files\Mcafee\Graphics.dll]&&[McAfee, Inc., 8.7.0.570]
[PID: 2392 / Z Y X][E:\安全\Sreng分析助手\韩国队 .EXE]&&[Smallfrogs Studio, 2.8.2.1321]
[PID: 3552 / Z Y X][E:\安全\Sreng分析助手\SRE8821b97f.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
& & [C:\WINDOWS\system32\2108703.LOG]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [E:\安全\Sreng分析助手\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
VMCI sockets DGRAM
& & C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll(VMware, Inc., VSockets Library)
VMCI sockets STREAM
& & C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll(VMware, Inc., VSockets Library)
==================================
Autorun.inf
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
==================================
==================================
Windows 安全更新检查
==================================
==================================
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,}
我要回帖
更多关于 u盘中病毒了怎么办 的文章
更多推荐
- ·欲贷款买车,哥瑞,思域,买卡罗拉还是本田XRV好-V选哪个?
- ·微信多出来一怎么查询自己有几张工商银行卡卡
- ·请问网络营销与直播电商专业好吗的学院能上吗?在四川的国际标榜职业学院网络营销与直播电商专业好吗可以吗?
- ·市场上为什么没有看到有销售可以充气护腰带的皮带?
- ·oppoa3价格多少pro手机怎么样?
- ·联想和想象修辞手法属于表现手法吗
- ·电脑装完lg电视系统破解后开机只显示品牌lg
- ·跪求资源她的眼光百度云资源
- ·mol网站上的出口放单mol l是什么单位意思
- ·学习java
- ·QQ空间为什么不能直播 什么原因 怎么样预约成都新空间装饰公司
- ·计算机存储器管理单元存0和1000都只占一个单元
- ·qq处手心手背 刘涛什么意思?
- ·求doctors全集百度云百度云全集
- ·C++duilib实现半透明窗体飞行棋窗体的搭建(利用VS2010)
- ·现代名图电脑显示屏上特斯拉续航里程程怎么调整
- ·微信电脑版与手机版同步怎么如何设置qq与微信同步
- ·求扛着反派闯末世之反派才是真绝色gl百度云,谢谢
- ·微信微信账号申诉页面面有已往登录帐号,怎么删除
- ·福伦达35 1.2转接尼康 dkl口 voigtlander dynarex 135mm f4在尼康全幅上打不打版
- ·中这个中了勒索病毒怎么办了怎么办,
- ·求使命13使命召唤特效全开配置的电脑配置及价格
- ·真空泵从选购到使用过程中有哪些空调选购注意事项项
- ·a1395是ipad2 a1395报价
- ·谁能帮我申请一个QQ改密码,拜托了。我只玩天天酷跑qq授权失败。
- ·iOS8怎么装cafeteria rules字体
- ·棍子西游点gta4进去就停止工作老是停止运行怎么回事。是同学推荐给我的据说很无聊.
- ·推荐一款便携带无线路由器手机上网慢 可以插网卡上网的
- ·电脑打开浏览器蓝屏就蓝屏了
- ·a8不出现移动却出现mac移除移动硬盘
- ·百度贴吧只能回复不能发帖回复里面只能看到表态,这什么情况啊
- ·海信电视装的是电信的机顶盒但是电信机顶盒没有cctv55+这个
- ·华数宽带测速猫上Cable大灯不会亮怎么处理,求帮助。
- ·没有冒过风险 qq个性签名伤感
- ·geforce experience卡打不开啊急啊啊
- ·联想a3300-t后htc m7摄像头发红拍照时颜色发红
