![[软件]最近下了个快速还原 不知道怎么删除](/0.jpg)
查看: 14788|回复: 39
[软件]
最近下了个快速还原 不知道怎么删除
[复制链接]
amour
电梯直达
1楼
发表于 2014-8-20 21:45:54
|
|倒序浏览
|阅读模式
类似Shadow Defender的软件,我在安装的时候提示安装失败,可是我每次开机自动还原C盘!而且任何软件管理软件都找不到快速还原这个软件,系统自带的也没有!而且我都不知道他安装到哪里去了!怎么才能删了这个东西!就是这个网站http://fast.xia008.com/
收藏0
淘帖0
回复
举报
woxihuan2011
2楼
发表于 2014-8-20 22:01:48
|
提供个办法不一定管用,试一试看看吧。
1.启动系统至安全模式。
2.如果你记得安装的日期,请用搜索功能搜索这个日期创建的文件,将它们删除到回收站,注意这些文件里面有没有.sys文件,如果有请记住他们的名称,在注册表中以名称为关键字搜索,备份注册表后将搜索的结果全部删除。
3.如果你备份过mbr,请用备份还原mbr,有些还原软件会修改mbr,在系统启动时获取控制权,从而还原系统的。
4.如果开启系统还原,将系统还原到一个比较早的时间。
评分
参与人数 1人气 +1
收起
理由
100lj
+ 1
正解,专业
查看全部评分
回复
举报
cis
3楼
发表于 2014-8-20 22:51:02
|
无语了,可能得重装系统
回复
举报
firethreat
4楼
发表于 2014-8-21 00:06:31
|
1.请备份资料,数据永远最重要。
2.尝试重新安装,如果安装还是不成功,尝试安装相近版本的。安装完成后再卸载。
3.去官方论坛发帖寻求帮助,比如人家给个卸载工具。
4.以上都失败,pe启动搜索注册表,删除相关项目,然后删除磁盘文件。但这种强行卸载容易导致不稳定。当然,也可以这样先去除还原,然后在安装这个软件,再卸载。
5备份后重装。
评分
参与人数 1经验 +4
收起
理由
woxihuan2011
+ 4
感谢解答: )
查看全部评分
回复
举报
伊川书院
5楼
发表于 2014-8-21 07:25:50
|
什么系统,
这类工具的引导项一般在:系统引导区和较高的驱动加载项。
评分
参与人数 1经验 +4
收起
理由
woxihuan2011
+ 4
感谢解答: )
查看全部评分
回复
举报
天月来了
6楼
发表于 2014-8-21 10:05:20
|
我晕,这玩意驱动级的,自己还不能随便删除它的驱动
搞了
回复
举报
amour
7楼
楼主|
发表于 2014-8-21 18:32:37
|
伊川书院 发表于 2014-8-21 07:25
什么系统,
这类工具的引导项一般在:系统引导区和较高的驱动加载项。
XP系统!
回复
举报
伊川书院
8楼
发表于 2014-8-21 20:38:49
|
amour 发表于 2014-8-21 18:32
XP系统!
我们先暂时认为引导区是正常的,
先排除驱动加载项(懒得自己去装这种软件),那么上传一份:SREng日志,看看他都有哪些加载项,
看过火眼的日志,好像没几个加载项,不清楚会不会有自保。先试试看吧。如果你愿意跟我一起折腾的话。
回复
举报
amour
9楼
楼主|
发表于 2014-8-21 21:18:46
|
伊川书院 发表于 2014-8-21 20:38
我们先暂时认为引导区是正常的,
先排除驱动加载项(懒得自己去装这种软件),那么上传一份:SREng ...
2014-08-21,21:17:44
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
==================================
启动文件夹
N/A
==================================
服务
[Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
[HID Input Service / HidServ][Stopped/Auto Start]
[KSafe service / KSafeSvc][Running/Auto Start]
<"d:\program files\ksafe\KSafeSvc.exe" -svc>
[MPSVC Service / MPSVCService][Running/Auto Start]
[Sandboxie Service / SbieSvc][Running/Auto Start]
<"C:\Program Files\Sandboxie\App\Sandboxie\SbieSvc.exe">
==================================
驱动程序
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
[FASTMNT / FASTMNT][Stopped/Manual Start]
<\??\c:\windows\system32\drivers\fastmnt.sys>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\hptpro.sys>
[ialm / ialm][Running/Manual Start]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
[kmodurl / kmodurl][Running/System Start]
<\??\d:\program files\ksafe\kmodurlxp.sys>
[KSafeBootCheck / KSafeBootCheck][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\ksafebc.sys>
[ksafebootsafe / ksafebootsafe][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\ksafebootsafe.sys>
[ksapi / ksapi][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\ksapi.sys>
[mp110001 / mp110001][Running/Auto Start]
[mp110002 / mp110002][Running/Auto Start]
[mp110003 / mp110003][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110003.sys>
[mp110004 / mp110004][Running/Auto Start]
[mp110005 / mp110005][Running/Manual Start]
[mp110006 / mp110006][Running/System Start]
[mp110007 / mp110007][Running/System Start]
[mp110008 / mp110008][Running/Auto Start]
[mp110009 / mp110009][Running/System Start]
[mp110010 / mp110010][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110010.sys>
[mp110011 / mp110011][Running/System Start]
[mp110012 / mp110012][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110012.sys>
[mp110013 / mp110013][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110013.sys>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
[QqGameMasterControl / QqGameMasterControl][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\QMTgpNetflowxp.sys>
[QQProtect / QQProtect][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\QQProtect.sys>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Stopped/Manual Start]
[SbieDrv / SbieDrv][Running/Manual Start]
<\??\C:\Program Files\Sandboxie\App\Sandboxie\SbieDrv.sys>
[Secdrv / Secdrv][Stopped/Manual Start]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
==================================
浏览器加载项
[AccountProtectBHO Class]
{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
[]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
{889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[]
{98F22D0A-B97F-4AF4-8E4C-A6596C8CDD4C} <, >
[AccountProtectBHO Class]
{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}
[]
{E05BC2A3-9A46-4a32-80C9-023A473F5B23} <, >
[TimwpCheck Class]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}
[使用迅雷离线下载]
==================================
正在运行的进程
[PID: 632 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1000 / SYSTEM][C:\Program Files\Micropoint\MPSvc.exe] [Micropoint Corporation, 2,0,10582,32]
[C:\Program Files\Micropoint\dbghelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Micropoint\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Micropoint\mp110049.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110078.dll] [Micropoint Corporation, 2.0.10582.3]
[C:\Program Files\Micropoint\mp110081.dll] [Micropoint Corporation, 2,0,10582,4]
[C:\Program Files\Micropoint\mp110036.dll] [Micropoint Corporation, 2.0.10582.33]
[PID: 1144 / SYSTEM][C:\Program Files\Micropoint\MPSVC2.exe] [Micropoint Corporation, 2.0.10582.133]
[C:\Program Files\Micropoint\dbghelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Micropoint\mp110030.dll] [Micropoint Corporation, 1.2.10038]
[C:\Program Files\Micropoint\mp110037.dll] [Micropoint Corporation, 2.0.10582.9]
[C:\Program Files\Micropoint\mp110078.dll] [Micropoint Corporation, 2.0.10582.3]
[C:\Program Files\Micropoint\mp110028.dll] [Micropoint Corporation, 1, 2, 10581, 4]
[C:\Program Files\Micropoint\mp110036.dll] [Micropoint Corporation, 2.0.10582.33]
[C:\Program Files\Micropoint\mp110033.dll] [Micropoint Corporation, 2,0,10582,21]
[C:\Program Files\Micropoint\mp110034.dll] [Micropoint Corporation, 2.0.10145]
[C:\Program Files\Micropoint\mp110039.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110042.dll] [Micropoint Corporation, 1, 2, 10053, 100]
[C:\Program Files\Micropoint\mp110049.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110069.dll] [Micropoint Corporation, 1, 2, 10581, 104]
[C:\Program Files\Micropoint\mp110071.dll] [Micropoint Corporation, 2, 0, 10582, 1]
[C:\Program Files\Micropoint\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Micropoint\mp110073.dll] [Micropoint Corporation, 2,0,10582,8]
[C:\Program Files\Micropoint\mp110075.dll] [Micropoint Corporation, 2.0.10582.5]
[C:\Program Files\Micropoint\mp110081.dll] [Micropoint Corporation, 2,0,10582,4]
[C:\Program Files\Micropoint\mp110086.dll] [, 2, 0, 10582, 2]
[C:\Program Files\Micropoint\mp110185.dll] [Micropoint Corporation, 2, 0, 10582, 3]
[C:\Program Files\Micropoint\mp110186.dll] [Micropoint Corporation, 2, 0, 10582, 9]
[C:\Program Files\Micropoint\mp110124.dll] [Micropoint Corporation, 2,0,10582,14]
[C:\Program Files\Micropoint\mp110125.dll] [Micropoint Corporation, 1.2.10572.3]
[C:\Program Files\Micropoint\mp110029.dll] [Micropoint Corporation, 2, 0, 10582, 1]
[C:\Program Files\Micropoint\mp110077.dll] [Micropoint Corporation, 2,0,10582,10]
[C:\Program Files\Micropoint\mp110100.dll] [Micropoint Corporation, 1, 2, 10581, 115]
[C:\Program Files\Micropoint\mp110118.dll] [Micropoint Corporation, 1, 2, 10582, 86]
[C:\Program Files\Micropoint\mp110115.dll] [Micropoint Corporation, 1, 2, 10581, 113]
[C:\Program Files\Micropoint\mp110103.dll] [Micropoint Corporation, 1, 2, 10582, 83]
[C:\Program Files\Micropoint\mp110116.dll] [Micropoint Corporation, 1, 2, 10581, 4]
[C:\Program Files\Micropoint\mp110120.dll] [Micropoint Corporation, 1, 2, 10581, 10]
[C:\Program Files\Micropoint\mp110122.dll] [Micropoint Corporation, 1.2.69.705]
[C:\Program Files\Micropoint\mp110128.dll] [Micropoint Corporation, 1, 2, 10581, 11]
[C:\Program Files\Micropoint\mp110130.dll] [Micropoint Corporation, 1, 2, 10581, 108]
[C:\Program Files\Micropoint\mp110190.dll] [Micropoint Corporation, 1, 2, 10581, 30]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1344 / SYSTEM][C:\Program Files\Micropoint\MPSVC1.exe] [Micropoint Corporation, 2.0.10582.26]
[C:\Program Files\Micropoint\mp110049.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110078.dll] [Micropoint Corporation, 2.0.10582.3]
[C:\Program Files\Micropoint\mp110081.dll] [Micropoint Corporation, 2,0,10582,4]
[C:\Program Files\Micropoint\mp110072.dll] [Micropoint Corporation, 2.0.10582.2]
[PID: 1380 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1832 / SYSTEM][C:\Program Files\Sandboxie\App\Sandboxie\SbieSvc.exe] [Sandboxie Holdings, LLC, 4.08]
[C:\Program Files\Sandboxie\App\Sandboxie\SbieDll.dll] [Sandboxie Holdings, LLC, 4.06]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1872 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 200 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 488 / SYSTEM][d:\program files\ksafe\KSafeSvc.exe] [Kingsoft Corporation, 4.7.0.4064]
[d:\program files\ksafe\json.dll] [N/A, ]
[d:\program files\ksafe\kdump.dll] [Kingsoft Corporation, 2012,11,14,3229]
[d:\program files\ksafe\kxebase.dll] [Kingsoft Corporation, 2012,02,10,1978]
[d:\program files\ksafe\scom.dll] [Kingsoft Corporation, 2010,07,29,976]
[d:\program files\ksafe\kxecore\kxecore.dll] [Kingsoft Corporation, 2012,03,30,2020]
[d:\program files\ksafe\kexectrl.dll] [Kingsoft Corporation, 2010,09,18,1422]
[d:\program files\ksafe\kwssp.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\netstat.dll] [Kingsoft Corporation, 4.7.0.4064]
[d:\program files\ksafe\fwproxy.dll] [Kingsoft Corporation, 4.7.0.4064]
[d:\program files\ksafe\ksinst.dll] [Kingsoft Corporation, 2012,07,25,3056]
[d:\program files\ksafe\kse\ksecansp.dll] [Kingsoft Corporation, 4.0.7.2420]
[d:\program files\ksafe\kse\ksbwdet2.dll] [Kingsoft Corporation, 2012,05,18,2915]
[d:\program files\ksafe\ksapi.dll] [Kingsoft Corporation, 2013,02,22,107]
[d:\program files\ksafe\khistory.dll] [Kingsoft Corporation, 2012,05,08,2880]
[d:\program files\ksafe\kse\kseutil.dll] [Kingsoft Corporation, 2012,04,26,14]
[d:\program files\ksafe\kse\ksesscan.dll] [Kingsoft Corporation, 2012,06,09,2]
[d:\program files\ksafe\kse\wfs.dll] [Kingsoft Corporation, 2011,10,13,1839]
[d:\program files\ksafe\kse\sqlite.dll] [Kingsoft Corporation, 2010,07,05,1194]
[d:\program files\ksafe\keng\kae\kaecore.dat] [Kingsoft Corporation, 2011,11,17,1887]
[d:\program files\ksafe\KSE\kseescan.dll] [Kingsoft Corporation, 2012,05,24,33]
[d:\program files\ksafe\keng\kae\karchive.dat] [Kingsoft Corporation, 2011,07,29,1746]
[d:\program files\ksafe\keng\kae\kaearcha.dat] [Kingsoft Corporation, 2010,11,19,1407]
[d:\program files\ksafe\keng\kae\kaeolea.dat] [Kingsoft Corporation, 2011,10,20,1847]
[d:\program files\ksafe\keng\kae\kaearchb.dat] [Kingsoft Corporation, 2012,04,25,12]
[d:\program files\ksafe\keng\kae\kaecoref.dat] [Kingsoft Corporation, 2010,12,16,1454]
[d:\program files\ksafe\keng\kae\kaecorem.dat] [Kingsoft Corporation, 2010,10,26,1328]
[d:\program files\ksafe\keng\kae\kaecorea.dat] [Kingsoft Corporation, 2011,10,20,1847]
[d:\program files\ksafe\keng\kae\kaextend.dat] [Kingsoft Corporation, 2012,01,19,1966]
[d:\program files\ksafe\keng\kae\kaext2.dat] [Kingsoft Corporation, 2011,10,20,1847]
[d:\program files\ksafe\keng\kae\kaecoreh.dat] [Kingsoft Corporation, 2011,10,20,1847]
[d:\program files\ksafe\keng\kae\kaecoreo.dat] [Kingsoft Corporation, 2011,12,22,1927]
[PID: 676 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[d:\program files\ksafe\kwsui.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswebshield.dll] [Kingsoft Corporation, 2014.03.20.4098]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\7-Zip\7-zip.dll] [Igor Pavlov, 9.20]
[PID: 1100 / Administrator][C:\Program Files\Micropoint\MPMon.exe] [Micropoint Corporation, 2,0,10582,37]
[C:\Program Files\Micropoint\mp110036.dll] [Micropoint Corporation, 2.0.10582.33]
[C:\Program Files\Micropoint\mp110078.dll] [Micropoint Corporation, 2.0.10582.3]
[C:\Program Files\Micropoint\mp110049.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110079.dll] [Micropoint Corporation, 2,0,10582,1]
[C:\Program Files\Micropoint\mp110081.dll] [Micropoint Corporation, 2,0,10582,4]
[C:\Program Files\Micropoint\mp110161.dll] [Micropoint Corporation, 2,0,10582,5]
[C:\Program Files\Micropoint\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Micropoint\dbghelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Micropoint\mp110051.dll] [Micropoint Corporation, 2,0,10582,24]
[C:\Program Files\Micropoint\mp34\mp110168.00A] [Micropoint Corporation, 2,0,10582,24]
[PID: 1948 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 2028 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 548 / Administrator][D:\program files\ksafe\KSafeTray.exe] [Kingsoft Corporation, 4.7.0.4109]
[d:\program files\ksafe\kdump.dll] [Kingsoft Corporation, 2012,11,14,3229]
[D:\program files\ksafe\ksftray.dll] [Kingsoft Corporation, 4.7.0.4153]
[D:\program files\ksafe\json.dll] [N/A, ]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[D:\program files\ksafe\ksapi.dll] [Kingsoft Corporation, 2013,02,22,107]
[d:\program files\ksafe\ksfskin.dll] [Kingsoft Corporation, 4.7.0.4102]
[d:\program files\ksafe\ksafedb.dll] [Kingsoft Corporation, 4.7.0.4064]
[D:\program files\ksafe\krcmdmon.dll] [Kingsoft Corporation, 4.7.0.4104]
[D:\program files\ksafe\actpush.dll] [Kingsoft Corporation, 4.7.0.4064]
[D:\program files\ksafe\pushapp\usbmon.dll] [Kingsoft Corporation, 4.7.0.4064]
[D:\program files\ksafe\kinfoc.dll] [Kingsoft Corporation, 2013,02,22,5159]
[D:\program files\ksafe\krunopt.dll] [Kingsoft Corporation, 4.7.0.4064]
[d:\program files\ksafe\khistory.dll] [Kingsoft Corporation, 2012,05,08,2880]
[D:\program files\ksafe\ksafeup.dll] [Kingsoft Corporation, 4.7.0.4064]
[d:\program files\ksafe\zlib1.dll] [, 1.2.3]
[d:\program files\ksafe\kwsctrl.dll] [Kingsoft Corporation, 4.7.0.4098]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[d:\program files\ksafe\KEng\ksignup.dll] [Kingsoft Corporation, 4.7.0.4064]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\ksafe\KEng\KSGMerge.DLL] [Kingsoft Corporation, 2011,05,12,1656]
[d:\program files\ksafe\ksgamemon.dll] [Kingsoft Corporation, 4.7.0.4064]
[D:\program files\ksafe\cloudlib.dll] [Kingsoft Corporation, 4.7.0.4064]
[D:\program files\ksafe\kse\sqlite.dll] [Kingsoft Corporation, 2010,07,05,1194]
[PID: 556 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 404 / SYSTEM][C:\Program Files\Microsoft Bing Pinyin\1.5.24.02\Shared\BingIMEUpdateService.exe] [Microsoft Corporation, 1.5.24.02]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 2460 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 2716 / Administrator][D:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.exe] [Tencent, 3.8.1.6000]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\libtcmalloc.dll] [, 2.0.1.0]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtectEngine.dll] [Tencent, 3.8.1.6000]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.dll] [Tencent, 3.8.1.6000]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\Common.dll] [Tencent, 3.8.1.5]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\zlib.dll] [Tencent, 3.8.1.5]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\libexpatw.dll] [Tencent, 3.8.1.5]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\tinyxml.dll] [Tencent, 3.8.1.5]
[D:\Program Files\Tencent\QQ\QQProtect\Bin\AsyncTask.dll] [Tencent, 5.3.59.0]
[PID: 3348 / Administrator][D:\Program Files\Tencent\QQ\bin\QQ.exe] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\libtcmalloc.dll] [, 2.0.1.0]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[D:\Program Files\Tencent\QQ\bin\HummerEngine.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\Common.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\zlib.dll] [, 1.2.8.0]
[D:\Program Files\Tencent\QQ\bin\libexpatw.dll] [, 2.0.1.0]
[D:\Program Files\Tencent\QQ\bin\tinyxml.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\AsyncTask.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\arkFS.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\arkIOStub.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\sqlite.dll] [, 3.7.16.1]
[D:\Program Files\Tencent\QQ\bin\KernelUtil.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\xImage.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\libpng.dll] [, 1.4.12.0]
[D:\Program Files\Tencent\QQ\bin\libjpegturbo.dll] [, 1.3.1.0]
[D:\Program Files\Tencent\QQ\bin\GF.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\xGraphic32.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\arkGraphic.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\arkImage.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\libimagequant.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\lua.dll] [, 5.2.3.0]
[D:\Program Files\Tencent\QQ\bin\AFBase.DLL] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\AFUtil.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\AppUtil.dll] [Tencent, 6.2.12179.0]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[d:\program files\ksafe\kwsui.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswebshield.dll] [Kingsoft Corporation, 2014.03.20.4098]
[D:\Program Files\Tencent\QQ\Bin\AppMisc.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\UtilGif.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\Bin\AFCtrl.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\ProcessSession.DLL] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\Bin\LongCnn.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\MainFrame.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\QSLogic.dll] [Tencent, 2.6.0.0]
[D:\Program Files\Tencent\QQ\Bin\arkIPC.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\Bin\RequestHost.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\QScanEngine.dll] [Tencent, 2.4.0.0]
[D:\Program Files\Tencent\QQ\Bin\LoginLogic.dll] [Tencent, 6.2.12179.0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\Tencent\QQ\Bin\TaskTray.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\AppFramework.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\xPlatform.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\PreloginLogic.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.2.2.81]
[D:\Program Files\Tencent\QQ\bin\TXSSO\Bin\SSOCommon.DLL] [Tencent, 1.2.2.81]
[D:\Program Files\Tencent\QQ\Bin\IM.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\KernelMisc.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\GroupApp.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\ConfigCenter.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\SystemMsg.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\ChatFrameApp.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\xplatform_dl.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\litetransfer.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\libhttp.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\libuv.dll] [, 0.11.25.0]
[D:\Program Files\Tencent\QQ\Bin\PluginCommon.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.audiovideo\Bin\AudioVideo.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.audiovideo\Bin\DocShare.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.netdisk\Bin\NetDisk.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.vas\Bin\VAS.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\SkinMgr.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\bin\ContactInfoFrame.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qzone\Bin\Qzone.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wblog\Bin\WBlog.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wblog\Bin\WBKernel.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wblog\Bin\WBMisc.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\InformationBox.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\LoginUI.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\QInterLive.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\ContactMgr.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.crm\Bin\CRM.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqmusic\Bin\QQMusic.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\MsgMgr.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.soso\Bin\Soso.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.paipai\Bin\PaiPai.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.vas\Bin\TRCloudInputLib.dll] [Tencent, 2.0.20120207]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.hrtx\Bin\HRTX.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.weather\Bin\Weather.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.netbar\Bin\NetBar.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.mmog\Bin\MMOG.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\FlashControl.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\Bin\RenderService.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\Bin\CustomFace.dll] [Tencent, 6.2.12179.0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 6.2.12179.0]
[D:\Program Files\Tencent\QQ\Bin\maJmp.dll] [Tencent, 4.0.999.3705]
[D:\Program Files\Tencent\QQ\Bin\maUtility.dll] [Tencent, 4.0.999.3705]
[C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Misc\com.tencent.wireless\SDK\22\AndroidAssist.dll] [腾讯公司, 6.2.105.1209]
[C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Misc\com.tencent.wireless\SDK\22\AdbTools.dll] [腾讯公司, 6.2.105.1209]
[C:\Documents and Settings\Administrator\Application Data\Tencent\AndroidAssist\1021\Bin\AndroidDevice.dll] [腾讯公司, 2.0.101.2592]
[D:\Program Files\Tencent\QQ\Bin\WebCtrl.dll] [Tencent, 6.2.19.0]
[D:\Program Files\Tencent\QQ\bin\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[D:\Program Files\Tencent\QQ\bin\AddrSearch.dll] [Tencent, 6, 0, 1, 0]
[PID: 3740 / Administrator][D:\Program Files\Tencent\QQ\Bin\TXPlatform.exe] [Tencent, 6.2.12179.0]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 6.2.12179.0]
[PID: 3956 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\Micropoint\mp110200.dll] [Micropoint Corporation, 1, 2, 10581, 19]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome.dll] [TheWorld.CN, 6.2.0.128]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[d:\program files\ksafe\kwsui.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswebshield.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswbc.dll] [Kingsoft Corporation, 2014.04.02.4117]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1180 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome_child.dll] [TheWorld.CN, 6.2.0.128]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\ffmpegsumo.dll] [N/A, ]
[PID: 2096 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome_child.dll] [TheWorld.CN, 6.2.0.128]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\ffmpegsumo.dll] [N/A, ]
[PID: 3616 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome_child.dll] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110200.dll] [Micropoint Corporation, 1, 2, 10581, 19]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[d:\program files\ksafe\kwsui.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswebshield.dll] [Kingsoft Corporation, 2014.03.20.4098]
[d:\program files\ksafe\kswbc.dll] [Kingsoft Corporation, 2014.04.02.4117]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\gcswf32.dll] [, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 196 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome_child.dll] [TheWorld.CN, 6.2.0.128]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\ffmpegsumo.dll] [N/A, ]
[PID: 3040 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\TheWorld.exe] [TheWorld.CN, 6.2.0.128]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\chrome_child.dll] [TheWorld.CN, 6.2.0.128]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\icudt.dll] [The ICU Project, 4, 6, 0, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\TheWorld6\Application\6.2.0.128\ffmpegsumo.dll] [N/A, ]
[PID: 2444 / Administrator][E:\Administrator\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 3864 / Administrator][E:\Administrator\Desktop\SRE3cb1113b.EXE] [Smallfrogs Studio, 2.8.4.1331]
[C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[d:\program files\ksafe\ksfmon.dll] [Kingsoft Corporation, 4.7.0.4109]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
IERD_TGP_LSP
C:\WINDOWS\system32\ierd_tgp_lsp.dll(Tencent, Tencent TGC LSP)
IERD_TGP_LSP over [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\ierd_tgp_lsp.dll(Tencent, Tencent TGC LSP)
IERD_TGP_LSP over [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\ierd_tgp_lsp.dll(Tencent, Tencent TGC LSP)
IERD_TGP_LSP over [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\ierd_tgp_lsp.dll(Tencent, Tencent TGC LSP)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 708, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
==================================
计划任务
[已禁用] Adobe Flash Player Updater.job
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB829019, Microsoft .NET Framework 2.0 语言包:x86 (KB829019)
KB925850, Windows Media Player 11
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB902344, 启用了 WMDRM 的 Media Player 更新程序 (KB902344)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB971513, Windows XP 更新程序 (KB971513)
KB2115168, Windows XP 安全更新程序 (KB2115168) MS10-052
KB982665, Windows XP 安全更新程序 (KB982665) MS10-055
KB2347290, Windows XP 安全更新程序 (KB2347290) MS10-061
KB975558, Windows XP 安全更新程序 (KB975558) MS10-062
KB979687, Windows XP 安全更新程序 (KB979687) MS10-083
KB2296011, Windows XP 安全更新程序 (KB2296011) MS10-081
KB2345886, Windows XP 更新程序 (KB2345886)
KB2378111, Windows XP 安全更新程序 (KB2378111) MS10-082
KB2387149, Windows XP 安全更新程序 (KB2387149) MS10-074
KB982132, Windows XP 安全更新程序 (KB982132) MS10-076
KB2423089, Windows XP 安全更新程序 (KB2423089) MS10-096
KB2419632, Windows XP 安全更新程序 (KB2419632) MS11-002
KB2478971, Windows XP 安全更新程序 (KB2478971) MS11-013
KB2483185, Windows XP 安全更新程序 (KB2483185) MS11-006
KB2478960, Windows XP 安全更新程序 (KB2478960) MS11-014
KB2393802, Windows XP 安全更新程序 (KB2393802) MS11-011
KB971029, Windows XP 更新程序 (KB971029)
KB2479943, Windows XP 安全更新程序 (KB2479943) MS11-015
KB2481109, Windows XP 安全更新程序 (KB2481109) MS11-017
KB2485663, Windows XP 安全更新程序 (KB2485663) MS11-033
KB2508429, Windows XP 安全更新程序 (KB2508429) MS11-020
KB2506212, Windows XP 安全更新程序 (KB2506212) MS11-024
KB2510581, Windows XP 安全更新程序 (KB2510581) MS11-031
KB2509553, Windows XP 安全更新程序 (KB2509553) MS11-030
KB2492386, Windows XP 更新程序 (KB2492386)
KB2535512, Windows XP 安全更新程序 (KB2535512) MS11-042
KB2507938, Windows XP 安全更新程序 (KB2507938) MS11-056
KB2566454, Windows XP 安全更新程序 (KB2566454) MS11-062
KB2536276, Windows XP 安全更新程序 (KB2536276) MS11-043
KB2570947, Windows XP 安全更新程序 (KB2570947) MS11-071
KB2592799, Windows XP 安全更新程序 (KB2592799) MS11-080
KB2564958, Windows XP 安全更新程序 (KB2564958) MS11-075
KB2544893, Windows XP 安全更新程序 (KB2544893) MS11-037
KB2619339, Windows XP 安全更新程序 (KB2619339) MS11-092
KB2620712, Windows XP 安全更新程序 (KB2620712) MS11-097
KB2631813, Windows XP 安全更新程序 (KB2631813) MS12-004
KB2585542, Windows XP 安全更新程序 (KB2585542) MS12-006
KB2603381, Windows XP 安全更新程序 (KB2603381) MS12-002
KB2598479, Windows XP 安全更新程序 (KB2598479) MS12-004
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB2661637, Windows XP 安全更新程序 (KB2661637) MS12-014
KB2653956, Windows XP 安全更新程序 (KB2653956) MS12-024
KB2676562, Windows XP 安全更新程序 (KB2676562) MS12-034
KB2659262, Windows XP 安全更新程序 (KB2659262) MS12-034
KB982670, 用于 Windows XP x86 的 Microsoft .NET Framework 4 Client Profile (KB982670)
KB2686509, Windows XP 安全更新程序 (KB2686509) MS12-034
KB2691442, Windows XP 安全更新程序 (KB2691442) MS12-048
KB2655992, Windows XP 安全更新程序 (KB2655992) MS12-049
KB2719985, Windows XP 安全更新程序 (KB2719985) MS12-043
KB2698365, Windows XP 安全更新程序 (KB2698365) MS12-045
KB2712808, Windows XP 安全更新程序 (KB2712808) MS12-054
KB2749655, Windows XP 更新程序 (KB2749655)
KB2723135, Windows XP 安全更新程序 (KB2723135) MS12-053
KB2705219, Windows XP 安全更新程序 (KB2705219) MS12-054
KB2727528, Windows XP 安全更新程序 (KB2727528) MS12-072
KB2770660, Windows XP 安全更新程序 (KB2770660) MS12-082
KB2757638, Windows XP 安全更新程序 (KB2757638) MS13-002
KB2802968, Windows XP 安全更新程序 (KB2802968) MS13-020
KB2780091, Windows XP 安全更新程序 (KB2780091) MS13-011
KB2807986, Windows XP 安全更新程序 (KB2807986) MS13-027
KB2820917, Windows XP 安全更新程序 (KB2820917) MS13-033
KB2813345, Windows XP 安全更新程序 (KB2813345) MS13-029
KB2834886, Windows XP 安全更新程序 (KB2834886) MS13-054
KB2850869, Windows XP 安全更新程序 (KB2850869) MS13-060
KB2859537, Windows XP 安全更新程序 (KB2859537) MS13-063
KB2834903, 用于 Windows XP 的 Windows Media Format Runtime 9.5 的安全更新程序 (KB2834903) MS13-057
KB2876217, Windows XP 安全更新程序 (KB2876217) MS13-070
KB2864063, Windows XP 安全更新程序 (KB2864063) MS13-071
KB2847311, Windows XP 安全更新程序 (KB2847311) MS13-081
KB2862330, Windows XP 安全更新程序 (KB2862330) MS13-081
KB2862335, Windows XP 安全更新程序 (KB2862335) MS13-081
KB2808679, Windows XP 更新程序 (KB2808679)
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和用于 .NET 版本 2.0 至 3.5 的 .NET Framework 3.5 Family Update (KB951847) x86
KB2900986, 用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB2900986) MS13-090
KB2876331, Windows XP 安全更新程序 (KB2876331) MS13-089
KB2868626, Windows XP 安全更新程序 (KB2868626) MS13-095
KB931125, Windows XP 的根证书更新 [2013 年 11 月] (KB931125)
KB2862152, Windows XP 安全更新程序 (KB2862152)
KB2898715, Windows XP 安全更新程序 (KB2898715) MS13-102
KB2892075, Windows XP 安全更新程序 (KB2892075) MS13-099
KB2893294, Windows XP 安全更新程序 (KB2893294) MS13-098
KB2904266, Windows XP 更新程序 (KB2904266)
KB2914368, Windows XP 安全更新程序 (KB2914368) MS14-002
KB2917500, Windows XP 和 Windows Server 2003 安全更新程序 (KB2917500)
KB2916036, Windows XP 安全更新程序 (KB2916036) MS14-005
KB2909212, Windows XP 安全更新程序 (KB2909212) MS14-011
KB2929961, Windows XP 安全更新程序 (KB2929961) MS14-013
KB2930275, Windows XP 安全更新程序 (KB2930275) MS14-015
KB2936068, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB2936068) MS14-018
KB2922229, Windows XP 安全更新程序 (KB2922229) MS14-019
KB2964358, 用于 Windows XP 的 Internet Explorer 6 安全更新程序 (KB2964358) MS14-021
KB890830, Windows 恶意软件删除工具 - 2014 年 8 月 (KB890830)
==================================
API HOOK
入口点错误:LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x00FD02F1)
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00F702F1)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00FA02F1)
==================================
隐藏进程
N/A
==================================
复制代码
回复
举报
amour
10楼
楼主|
发表于 2014-8-21 21:20:01
|
伊川书院 发表于 2014-8-21 20:38
我们先暂时认为引导区是正常的,
先排除驱动加载项(懒得自己去装这种软件),那么上传一份:SREng ...
我什么也看不懂啊!
回复
举报