后使用快捷导航没有帐号?
请 [] 或 []
查看: 732|回复: 8
请高手给看看我的电脑是怎么了?谢谢。
在线时间 小时
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
才可以下载或查看,没有帐号?
电脑最近经常蓝屏,如图,本人英语水平有限,请哪位高手给看看,是什么原因,谢谢啦。
(562 KB, 下载次数: 5)
17:05 上传
在线时间 小时
重新装个系统,或者看看内存!
在线时间 小时
管理板块: &
内存可能性大点!
在线时间 小时
如果没有内存可换的话 就先 换一个版本的系统重新安装系统看下 是否正常
在线时间 小时
谢谢各位,我先试试。
在线时间 小时
AGE_FAULT_IN_NONPAGED+AREA
◆错误分析:有问题的内存(包括屋里内存、二级缓存、显存)、不兼容的软件(主要是远程控制和杀毒软件)、损坏的NTFS卷以及有问题的硬件(比如CI插卡本身已损坏)等都会引发这个错误.
◇解决方案:
1.卸掉所有的新近安装的硬件.
2.运行由计算机制造商提供的所有系统诊断软件.尤其是内存检查.
3.检查是否正确安装了所有新硬件或软件,如果这是一次全新安装,请与硬件或软件制造商联系,获得可能需要的任何Windows更新或驱动程序.
4.禁用或卸载所有的反病毒程序.
5.禁用BIOS内存选项,例如cache或shadow
方案里并非每一条都要做,只是每一条都有可能!蓝屏代码50是我看到现在最麻烦的,可能引起的原因非常多!即使那五条你都做了可能都解决不了,至少我以前解决过一次并不在这几条之中,你就先试试看吧!
在线时间 小时
有问题百度一下就有答案了。
在线时间 小时
在线时间 小时
管理板块: &
其实 错误原因很明白,就是我们英语水平差 而已
Powered by只需一步,快速开始
后使用快捷导航
版主请看看我的电脑怎么了,谢谢了
该用户从未签到
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
才可以下载或查看,没有帐号?
我的电脑开机老是出现这个东西“0x73d3439a”指令引用的“0x”内存该内存不能为“read”
还有
,20:46:05
System Repair Engineer 2.5.16.900
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
& & &KavPFW&&&C:\KAV2007\KPFW32.EXE&&&&[Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &SoundMan&&SOUNDMAN.EXE&&&[(Verified)Microsoft Windows Hardware Compatibility Publisher]
& & &IgfxTray&&C:\WINDOWS\system32\igfxtray.exe&&&[(Verified)Microsoft Windows Publisher]
& & &HotKeysCmds&&C:\WINDOWS\system32\hkcmd.exe&&&[(Verified)Microsoft Windows Publisher]
& & &KavStart&&&C:\KAV2007\KAVStart.exe& -startup&&&[Kingsoft Corporation]
& & &LiveUpatePower&&D:\Program Files\完美卸载V2006 方正版\MyUpdate.exe -PowerOn&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe jshelp.exe&&&[]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\KAV2007\KaScrScn.SCR&&&[Kingsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
& & &IMJPMIG8.1&&; &C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE& /Spoil /RemAdvDef /Migration32&&&[N/A]
& & &PHIME2002A&&; &&&[N/A]
& & &PHIME2002ASync&&; &&&[N/A]
& & &RealTray&&; C:\Program Files\Real\RealPlayer\Realplay.exe SYSTEMBOOTHIDEPLAYER&&&[N/A]
==================================
启动文件夹
[腾讯QQ]
&&&C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --& F:\QQ2006\QQ.exe [TENCENT]&&N&
[QQ游戏启动加速程序]
&&&C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --& F:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]&&N&
==================================
服务
[Google Updater Service / gusvc][Stopped/Manual Start]
&&&&C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe&&&Google&
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
&&&&C:\KAV2007\KPfwSvc.EXE&&&Kingsoft Corporation&
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
&&&C:\KAV2007\KWatch.EXE&&Kingsoft Corporation&
==================================
驱动程序
[4py4 / 4py4y][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\4py4y.sys&&N/A&
[a320raid / a320raid][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\a320raid.sys&&Adaptec, Inc.&
[AAC / AAC][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AAC.SYS&&Adaptec, Inc.&
[aar1210 / aar1210][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aar1210.sys&&Adaptec, Inc.&
[abp480n5 / abp480n5][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\abp480n5.sys&&Microsoft Corporation&
[adpu160m / adpu160m][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\adpu160m.sys&&Microsoft Corporation&
[adpu320 / adpu320][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\adpu320.sys&&Adaptec, Inc.&
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aec6210.sys&&ACARD Technology Corp.&
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aec6260.sys&&ACARD Technology Corp.&
[aec6280 / aec6280][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aec6280.sys&&ACARD Technology Corp.&
[AEC6290 / AEC6290][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AEC6290.SYS&&ACARD Technology Corp.&
[AEC67160 / AEC67160][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AEC67160.SYS&&ACARD Technology Corp.&
[AEC671X / AEC671X][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AEC671X.SYS&&ACARD Technology Corp.&
[AEC6880 / AEC6880][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AEC6880.SYS&&ACARD Technology Corp.&
[AEC6890 / AEC6890][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\AEC6890.sys&&ACARD Technology Corp.&
[aec68x5 / aec68x5][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aec68x5.sys&&ACARD Technology Corp.&
[Aha154x / Aha154x][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aha154x.sys&&Microsoft Corporation&
[aic78u2 / aic78u2][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aic78u2.sys&&Microsoft Corporation&
[aic78xx / aic78xx][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aic78xx.sys&&Microsoft Corporation&
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
&&&system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&
[ALi Based Ethernet NT Driver / ALI5261][Stopped/Manual Start]
&&&system32\DRIVERS\ALI5261.SYS&&Acer Laboratories Inc.&
[AliIde / AliIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\aliide.sys&&Acer Laboratories Inc.&
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
&&&System32\DRIVERS\amdk8.sys&&Microsoft Corporation&
[arc / arc][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\arc.sys&&Adaptec, Inc.&
[asc / asc][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\asc.sys&&Advanced System Products, Inc.&
[asc3550 / asc3550][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\asc3550.sys&&Advanced System Products, Inc.&
[CmdIde / CmdIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\cmdide.sys&&CMD Technology, Inc.&
[dac2w2k / dac2w2k][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\dac2w2k.sys&&Mylex Corporation&
[dpti2o / dpti2o][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\dpti2o.sys&&Microsoft Corporation&
[elxstor / elxstor][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\elxstor.sys&&Emulex&
[FASTSX / FASTSX][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\FASTSX.SYS&&Promise Technology, Inc.&
[fasttrak / fasttrak][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\fasttrak.sys&&Promise Technology, Inc.&
[fasttx2k / fasttx2k][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\fasttx2k.sys&&Promise Technology, Inc.&
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\fasttx2k2.sys&&Promise Technology, Inc.&
[HookUrl / HookUrl][Stopped/Auto Start]
&&&\??\C:\Program Files\Rising\Rfw\HookUrl.sys&&N/A&
[HpCISSs / HpCISSs][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\hpcisss.sys&&Hewlett-Packard Company&
[Hpt366 / Hpt366][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\Hpt366.sys&&Microsoft Corporation&
[HPT371 / HPT371][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\HPT371.sys&&HighPoint Technologies, Inc.&
[hpt374 / hpt374][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\hpt374.sys&&HighPoint Technologies, Inc.&
[hpt3xx / hpt3xx][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\hpt3xx.sys&&HighPoint Technologies, Inc.&
[hptmv / hptmv][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\hptmv.sys&&HighPoint Technologies, Inc.&
[hptpro / hptpro][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\hptpro.sys&&HighPoint Technologies, Inc.&
[ialm / ialm][Running/Manual Start]
&&&system32\DRIVERS\ialmnt5.sys&&Intel Corporation&
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\iaStor.sys&&Intel Corporation&
[iirsp / iirsp][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\iirsp.sys&&Intel Corp./ICP vortex GmbH&
[ini910u / ini910u][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ini910u.sys&&Microsoft Corporation&
[IntelIde / IntelIde][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\intelide.sys&&N/A&
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\iteraid.sys&&Integrated Technology Express, Inc.&
[KAVBootC / KAVBootC][Stopped/Boot Start]
&&&\SystemRoot\system32\Drivers\KAVBootC.sys&&Kingsoft Corporation&
[KNetWch / KNetWch][Running/System Start]
&&&\??\C:\KAV2007\KNetWch.SYS&&Kingsoft Corporation&
[KWatch3 / KWatch3][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\KWatch3.SYS&&Kingsoft Corporation&
[LSI_FC / LSI_FC][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\lsi_fc.sys&&LSI Logic&
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\lsi_sas.sys&&LSI Logic&
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\lsi_scsi.sys&&LSI Logic&
[m5228 / m5228][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\m5228.sys&&ALi Corporation.&
[m5281 / m5281][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\m5281.sys&&ALi Corporation&
[MegaIDE / MegaIDE][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\MegaIDE.sys&&LSI Logic Corporation.&
[megasas / megasas][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\megasas.sys&&LSI Logic Corporation&
[mraid2k / mraid2k][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\mraid2k.sys&&American Megatrends, Inc.&
[mraid35x / mraid35x][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\mraid35x.sys&&American Megatrends Inc.&
[nfrd960 / nfrd960][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\nfrd960.sys&&IBM Corporation&
[npkcrypt / npkcrypt][Stopped/Auto Start]
&&&\??\C:\Program Files\QQ2006\npkcrypt.sys&&N/A&
[nv / nv][Stopped/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\NVATABUS.SYS&&NVIDIA Corporation&
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
&&&\SystemRoot\system32\DRIVERS\nvraid.sys&&NVIDIA Corporation&
[PNP649R / PNP649R][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\PNP649R.SYS&&CMD Technology, Inc.&
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\pnp680.sys&&Silicon Image, Inc.&
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\pnp680r.sys&&Silicon Image, Inc&
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys&&N/A&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[ql1080 / ql1080][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ql1080.sys&&QLogic Corporation&
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ql10wnt.sys&&Microsoft Corporation&
[ql12160 / ql12160][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ql12160.sys&&QLogic Corporation&
[ql1280 / ql1280][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ql1280.sys&&QLogic Corporation&
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\ql2300.sys&&QLogic Corporation&
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\RAIDSRC.SYS&&Intel/ICP&
[Rising&&Rfwbase Driver / RfwBase][Stopped/System Start]
&&&System32\DRIVERS\rfwbase.SYS&&N/A&
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\RsBoot.sys&&N/A&
[RsFwDrv / RsFwDrv][Stopped/System Start]
&&&\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys&&N/A&
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
&&&system32\DRIVERS\Rtnicxp.sys&&Realtek Semiconductor Corporation&
[S150SX8 / S150SX8][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\S150SX8.SYS&&Promise Technology, Inc.&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SI3112.sys&&Silicon Image, Inc.&
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\SI3112r.sys&&Silicon Image, Inc&
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SI3114.sys&&Silicon Image, Inc.&
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SI3114R.sys&&Silicon Image, Inc&
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SI3124.sys&&Silicon Image, Inc.&
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SI3124R.sys&&Silicon Image, Inc&
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SiWinAcc.sys&&Silicon Image, Inc.&
[SISIDE / SISIDE][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SISIDE.SYS&&Silicon Integrated Systems Corp.&
[SiSRaid / SiSRaid][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SiSRaid.sys&&Silicon Integrated Systems&
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SiSRaid1.sys&&Silicon Integrated Systems&
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SISRAIDS.SYS&&Silicon Integrated Systems Corp&
[Sparrow / Sparrow][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\sparrow.sys&&Adaptec, Inc.&
[sptrak / sptrak][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\sptrak.sys&&Promise Technology, Inc.&
[symc810 / symc810][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\symc810.sys&&Symbios Logic Inc.&
[symc8xx / symc8xx][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\symc8xx.sys&&LSI Logic&
[SYMMPI / SYMMPI][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\SYMMPI.SYS&&LSI Logic&
[sym_hi / sym_hi][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\sym_hi.sys&&LSI Logic&
[sym_u3 / sym_u3][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\sym_u3.sys&&LSI Logic&
[TosIde / TosIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\toside.sys&&Microsoft Corporation&
[UlSata / UlSata][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ulsata.sys&&Promise Technology, Inc.&
[ULSATAS / ULSATAS][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ULSATAS.SYS&&Promise Technology, Inc.&
[ultra / ultra][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\ultra.sys&&Promise Technology, Inc.&
[ViaIde / ViaIde][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\viaide.sys&&Microsoft Corporation&
[viamraid / viamraid][Stopped/Boot Start]
&&&\SystemRoot\system32\DRIVERS\viamraid.sys&&VIA Technologies inc,.ltd&
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\viapdsk.sys&&VIA Technologies, Inc.&
[VIAPFD / VIAPFD][Running/System Start]
&&&\SystemRoot\System32\Drivers\VIAPFD.SYS&&VIA Technologies. Inc.&
[viaraid / viaraid][Stopped/Boot Start]
&&&\SystemRoot\System32\DRIVERS\viaraid.sys&&VIA Technologies inc,.ltd&
[viasraid / viasraid][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\viasraid.sys&&VIA Technologies inc,.ltd&
[vmscsi / vmscsi][Stopped/Boot Start]
&&&\SystemRoot\system32\drivers\vmscsi.sys&&VMware, Inc.&
[XPROTECTOR / XPROTECTOR][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\drivers\Xprotector.sys&&N/A&
==================================
浏览器加载项
[Windows Genuine Advantage]
&&{A-453E-A040-C7C580BBF700} &C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft? Corporation&
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\Mshtml.dll, N/A&
[DHTML Edit Control Safe for Scripting for IE5]
&&{2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation&
[HtmlDlgSafeHelper Class]
&&{B5-11CF-BB82-00AA00BDCE0B} &C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation&
[IEBuddyExtControl Class]
&&{3AECD3C1-DC-47B6CF7EF749} &D:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation&
[XML Document]
&&{4D9-11D1-A6B3-00C04FD91555} &%SystemRoot%\system32\msxml3.dll, N/A&
[Kingsoft Trojan Webshield]
&&{4E8AFE3-BF78-8A7CCD6EF333} &, N/A&
[CBrowseStakeout Class]
&&{E-470E-8A57-} &, N/A&
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation&
[Symantec RuFSI Utility Class]
&&{644E432F-49D3-41A1-8DD5-E099162EEEC5} &, N/A&
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[Microsoft Web 浏览器]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation&
[Microsoft Scriptlet Component]
&&{AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, N/A&
[RDS.DataSpace]
&&{BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[VIDEO__X_MS_WMV Moniker Class]
&&{CD3AFA94-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&
[RealPlayer G2 Control]
&&{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} &C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.&
[卡卡上网安全助手]
&&{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} &, N/A&
[BoBoControl Class]
&&{EC0978ED-24E3-403C-AB7A-060E} &, N/A&
==================================
正在运行的进程
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 936 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1032 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1084 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1148 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1364 / SYSTEM][C:\KAV2007\KWatch.EXE]&&[Kingsoft Corporation, , 84]
& & [C:\KAV2007\KAVIPC2.DLL]&&[Kingsoft Corporation, , 30]
& & [C:\KAV2007\KAEPlat.DLL]&&[Kingsoft Corp., , 61]
& & [C:\KAV2007\KAEMem.DAT]&&[Kingsoft, , 16]
& & [C:\KAV2007\KAEUnpack.DAT]&&[Kingsoft Corp., , 122]
& & [C:\KAV2007\KAVQuara.DLL]&&[Kingsoft Corporation, , 4]
[PID: 1440 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\mdimon.dll]&&[Microsoft Corporation, 11.3.2175.0]
& & [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]&&[Microsoft Corporation, 11.3.2175.0]
[PID: 1584 / SYSTEM][C:\KAV2007\KPfwSvc.EXE]&&[Kingsoft Corporation, , 31]
[PID: 1632 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]&&[Microsoft Corporation, 5.2. built by: dnsrv(bld4act)]
[PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 844 / Administrator][C:\WINDOWS\Explorer.exe]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\jsshow.dll]&&[, 1.1.1.348]
& & [C:\KAV2007\KAVEXT.DLL]&&[Kingsoft Corporation, , 29]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\RavExt.dll]&&[Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
& & [C:\Program Files\Picaview\PicaView.dll]&&[ACD Systems, Ltd., 2, 0, 0, 84]
& & [C:\Program Files\Picaview\IDE_ACDStd.apl]&&[ACD Systems, Ltd., 3,2,62,0]
& & [C:\Program Files\Picaview\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\Program Files\Picaview\msvcr71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [D:\Documents and Settings\PixPlayer\PPShell.dll]&&[深圳市复兴科技有限公司, 1.0.0.1]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\msadp32.acm]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KAScript.DLL]&&[Kingsoft Corporation, , 75]
& & [C:\KAV2007\KAEPlat.DLL]&&[Kingsoft Corp., , 61]
& & [C:\KAV2007\KAEMem.DAT]&&[Kingsoft, , 16]
& & [C:\KAV2007\KAEUnpack.DAT]&&[Kingsoft Corp., , 122]
& & [C:\WINDOWS\system32\igfxpph.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxdev.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxress.dll]&&[Intel Corporation, 3.0.0.3929]
[PID: 1576 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]&&[Realtek Semiconductor Corp., 5, 1, 0, 48]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 1884 / Administrator][C:\WINDOWS\system32\igfxtray.exe]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxdev.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxress.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 1936 / Administrator][C:\WINDOWS\system32\hkcmd.exe]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\hccutils.DLL]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxdev.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxsrvc.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxhk.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\WINDOWS\system32\igfxres.dll]&&[Intel Corporation, 3.0.0.3929]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 1944 / Administrator][C:\KAV2007\KAVStart.exe]&&[Kingsoft Corporation, , 278]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KAVIPC2.DLL]&&[Kingsoft Corporation, , 30]
& & [C:\KAV2007\SvcTimer.DLL]&&[Kingsoft Corporation, .84]
& & [C:\KAV2007\KAVPassp.dll]&&[Kingsoft Corporation, , 271]
& & [C:\KAV2007\PopSprt3.dll]&&[Kingsoft Corporation, , 45]
& & [C:\WINDOWS\system32\odbcbcp.dll]&&[Microsoft Corporation, 7.00 (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 188 / Administrator][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 248 / Administrator][C:\KAV2007\KPFW32.EXE]&&[Kingsoft Corporation, , 717]
& & [C:\WINDOWS\system32\MFC71.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MFC71CHS.DLL]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KAVIPC2.DLL]&&[Kingsoft Corporation, , 30]
& & [C:\KAV2007\KAConfig.DLL]&&[Kingsoft Corporation, , 41]
& & [C:\KAV2007\FiltList.dll]&&[N/A, ]
& & [C:\KAV2007\KAVPassp.DLL]&&[Kingsoft Corporation, , 271]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\KAV2007\KAScript.DLL]&&[Kingsoft Corporation, , 75]
[PID: 1060 / Administrator][C:\KAV2007\KMailMon.EXE]&&[Kingsoft Corporation, , 948]
& & [C:\KAV2007\KAntiSpm.dll]&&[Kingsoft Corporation, , 129]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KAVIPC2.DLL]&&[Kingsoft Corporation, , 30]
& & [C:\KAV2007\KAECall2.DLL]&&[Kingsoft Corporation, , 7]
& & [C:\KAV2007\KAEPlat.DLL]&&[Kingsoft Corp., , 61]
& & [C:\KAV2007\KAEMem.DAT]&&[Kingsoft, , 16]
& & [C:\KAV2007\KAEUnpack.DAT]&&[Kingsoft Corp., , 122]
& & [C:\KAV2007\KAConfig.DLL]&&[Kingsoft Corporation, , 41]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
[PID: 2232 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]&&[Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]&&[Microsoft Corporation, 11.0.5510]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\WINDOWS\system32\msadp32.acm]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KAScript.DLL]&&[Kingsoft Corporation, , 75]
& & [C:\KAV2007\KAEPlat.DLL]&&[Kingsoft Corp., , 61]
& & [C:\KAV2007\KAEMem.DAT]&&[Kingsoft, , 16]
& & [C:\KAV2007\KAEUnpack.DAT]&&[Kingsoft Corp., , 122]
& & [E:\Program Files\ShiQiang\wnwb\WNMKEY.DLL]&&[深圳世强软件开发部
, , 1]
& & [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]&&[Microsoft Corporation, 11.3.2175.0]
& & [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll]&&[Microsoft Corporation, 11.3.2175.0]
& & [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]&&[Adobe Systems, Inc., 9,0,47,0]
& & [C:\WINDOWS\system32\xpsp3res.dll]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.3)]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
[PID: 2448 / Administrator][E:\Program Files\ShiQiang\wnwb\wnwb.exe]&&[深圳世强软件开发部
, , 1]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [E:\Program Files\ShiQiang\wnwb\WNMKEY.DLL]&&[深圳世强软件开发部
, , 1]
& & [E:\Program Files\ShiQiang\wnwb\flyDll.dll]&&[N/A, ]
[PID: 2508 / Administrator][C:\WINDOWS\system32\conime.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
[PID: 2720 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 2816 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]&&[N/A, ]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\WINDOWS\system32\Audiodev.dll]&&[Microsoft Corporation, 5.2. built by: dnsrv(bld4act)]
[PID: 2968 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.937\SREngPS.EXE]&&[Smallfrogs Studio, 2.5.16.900]
& & [C:\KAV2007\KMailOEBand.dll]&&[Kingsoft Corporation, , 139]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\KAV2007\KASocket.dll]&&[Kingsoft Corporation, , 241]
& & [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.937\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&Error. [winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1944, C:\KAV2007\KAVSTART.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 248, C:\KAV2007\KPFW32.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1060, C:\KAV2007\KMAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1060, C:\KAV2007\KMAILMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2448, E:\PROGRAM FILES\SHIQIANG\WNWB\WNWB.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2816, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2816, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高,&&被下面模块所HOOK: C:\KAV2007\KASocket.dll)
==================================
隐藏进程
N/A
==================================
复制代码
各位大哥帮一个忙好吗
现在我的电脑什么也不敢玩,怕被盗了
没有什么异常的,用系统清理专家提交下未知项
回复 3# 的帖子
[将方案保存文本放在桌面,没有操作完之前,不要打开任何网站、网页、QQ,不要进入任何分区。
预先下载好所有工具,看清楚步骤和要求。引自annygi ]
你可以下载,使用里面的GetSuspectFiles.exe,(根据你的系统和可疑文件的多少可能需要等待一段时间),扫描完成以后,然后打包Files文件夹上传到可疑文件上传区以供工程师分析
可以使用[url=http://bbs.duba.net/attachment.php?aid=
]强力杀灭天王
[/url],勾选抑制再生以后,复制路径进入杀灭看看(提示目标不存在的不用理他)
(楼主在杀灭之前请做好备份工作 ,以免因为我的误判造成有些程序不能运行)
C:\windows\system32\jsshow.dll
C:\windows\system32\jshelp.exe
C:\windows\jshelp.exe
c:\windows\system32\drivers\4py4y.sys
c:\windows\system32\drivers\xprotector.sys
使用sreng编辑 shell的值
把&Explorer.exe jshelp.exe&修改为&Explorer.exe&即清除Explorer.exe后面的内容
删除以下服务或者驱动:(可以使用sreng完成,启动项管理--服务选项&驱动程序或服务选中后 然后勾选&隐藏已认证的微软项目& 然后将下面名称的服务删除(选中有问题的服务后,点&删除服务&,点“设置”按钮即可。注意弹出的窗口中要点 &否NO&才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置)&)
[4py4 / 4py4y]& & &\SystemRoot\System32\DRIVERS\4py4y.sys&
[XPROTECTOR / XPROTECTOR]& & &\??\C:\WINDOWS\system32\drivers\Xprotector.sys&
使用以下的软件清理工具清理下系统里面可能存在的病毒或者恶意软件残余
由于水平所限可能存在漏判,,误判的情况欢迎楼主及时反馈问题的解决情况
打开SREng-&启动项目-&注册表-&
编辑& & &shell&&Explorer.exe jshelp.exe&
为& & &shell&&Explorer.exe&
编辑& & &AppInit_DLLs&&&&&
为& & &AppInit_DLLs&&&
重启 显示隐藏文件后删除以下文件
C:\WINDOWS\system32\jshelp.exe
C:\WINDOWS\system32\DRIVERS\4py4y.sys
[XPROTECTOR / XPROTECTOR]& & &\??\C:\WINDOWS\system32\drivers\Xprotector.sys&这项没问题
回复 5# 的帖子
逛了这许久,何不进去瞧瞧?
关注我们:
