瑞星卡卡安全论坛

今天不小心下了个软件，中了剧毒，痛不欲生。试了各种药方，均无效果。
用360卫士查出是：“4199/9505/3448”，但删除不了。后又用了各种所能想到的杀流氓软件，仍无效果。此外，也试了其它一些方法，还是没有效果，包括卡巴杀毒、Ewido杀木马。
百般无奈，又恨由痛之下，只好求助各位大侠，先拜谢了。


系统扫描日记如下：2007-01-19,18:02:34

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS.0\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS.0\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4121]
    [C:\WINDOWS.0\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS.0\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS.0\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows.0\system32\msgsvc32.dll]  [Microsoft Corporation, 6.6.3791.1832]
[PID: 804][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1280][C:\WINDOWS.0\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1404][C:\WINDOWS.0\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1668][C:\Program Files\Wopti\WoptiUtilities.exe]  [鲁锦, 7.68.6.1222]
    [C:\Program Files\Wopti\WoptiP2P.dll]  [鲁锦, 1.3.6.1222]
    [C:\Program Files\Wopti\D3DX81ab.dll]  [鲁锦, 1.0.0.0]
    [C:\WINDOWS.0\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
[PID: 1880][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS.0\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS.0\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
[PID: 1068][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 744][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.922\sreng2\sreng2\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1424][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS.0\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================


Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS.0\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\Firewall\pfw.exe>  [广州众达天网技术有限公司]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS.0\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS.0\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><%SystemRoot%\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[9A703488 / 9A703488]
  <><N/A>
[A212E3AA / A212E3AA]
  <><N/A>
[Application Management / AppMgmt]
  <C:\WINDOWS.0\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ATI Smart / ATI Smart]
  <C:\WINDOWS.0\system32\ati2sgag.exe><>
[AVP / AVP]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r"><Kaspersky Lab>
[dos.eeewl.com / dos.eeewl.com]
  <C:\WINDOWS.0\system32\nsvc.exe><N/A>
[fan.eeewl.com / fan.eeewl.com]
  <C:\WINDOWS.0\system32\nsvce32.exe><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Messenger / Messenger]
  <C:\WINDOWS.0\System32\svchost -k DcomLaunch-->C:\WINDOWS.0\system32\msgsvc32.dll><Microsoft Corporation>
[O&O Defrag / O&O Defrag]
  <><N/A>
[Vsn osvb Service / osvb]
  <C:\WINDOWS.0\system32\rundll32.exe C:\PROGRA~1\ufbh\ymio.dll,Service><Microsoft Corporation>
[Remote Procedure Call System(11RPCS) / RpcS11]
  <C:\WINDOWS.0\system32\Rpcs11.exe><Microsoft Corporation>
[VirtualHardwareProtect / VirtualHardwareProtect]
  <C:\WINDOWS.0\inf\msvhpsp.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[bbcap / bbcap]
  <system32\DRIVERS\bbcap.sys><Windows (R) 2000 DDK provider>
[dtscsi / dtscsi]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[islpgxg / islpgxg]
  <\SystemRoot\system32\drivers\islpgxg.sys><N/A>
[jr_yah / jr_yah]
  <\SystemRoot\system32\drivers\jr_yah.sys><N/A>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS.0\system32\drivers\klif.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[ospbnak / ospbnak]
  <\SystemRoot\system32\drivers\ospbnak.sys><N/A>
[pa_xbv / pa_xbv]
  <\SystemRoot\system32\drivers\pa_xbv.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SCBACK / SCBACK]
  <\SystemRoot\scdriver\scback.sys><StarSoftComm>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS.0\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\C:\PROGRA~1\SkyNet\Firewall\SkyProcs.sys><N/A>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[SSCFLTXP / SSCFLTXP]
  <\SystemRoot\System32\drivers\SSCFLTXP.SYS><Windows (R) 2000 DDK provider>
[SSFltPT / SSFltPT]
  <\SystemRoot\scdriver\ssfltpt.sys><N/A>
[TSP / TSP]
  <\??\C:\WINDOWS.0\system32\drivers\klif.sys><Kaspersky Lab>
[uerxekk / uerxekk]
  <\SystemRoot\system32\drivers\uerxekk.sys><N/A>

==================================
浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[]
  {08F3ED25-EADF-453C-A950-0538F625697F} <C:\WINDOWS.0\system32\cnlkikbmjvsiv.dll, N/A>
[]
  {5DB3D73A-7D9F-49C7-9678-09F2E7CE7A3F} <C:\WINDOWS.0\system32\hsnaxxcxokjvlis.dll, N/A>
[lwvy]
  {9FAAFD82-17A5-4200-BD3B-B9821B290E89} <C:\PROGRA~1\ufbh\vjfl.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Abobe Flash Play 9]
  {DF9C07B2-C8C1-4FEA-B0FE-5E0709162B26} <C:\Program Files\Abobe Flash Play 9\Cab301b48.dll, N/A>
[Java Plug-in 1.5.0_08]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_08]
  {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS.0\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS.0\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

看到大家没回复，思量了一下。原来上述日记是在安全系统下扫描而得到了，实在是汗颜，对不住大家。
  因一进正常模式系统就崩溃，现只好将“360安全卫士”在安全模式下扫描的诊断日记呈上：

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-01-20  11:16:19
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1022MB - 当前可用内存:738MB

100 - 未知 - Process: runiep.exe [Rising AntiSpyware Monitor] - D:\Program Files\Rising\AntiSpyware\runiep.exe
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Search Asst=
O2 - 未知 - BHO: (浏览器辅助对象(BHO)) - [无效的CLSID:{5DB3D73A-7D9F-49C7-9678-09F2E7CE7A3F}] - {5DB3D73A-7D9F-49C7-9678-09F2E7CE7A3F} - C:\WINDOWS.0\system32\ydfgcoxurddlrbs.dll
O3 - 未知 - Toolbar: (Abobe Flash Play 9) - [无效的CLSID:{DF9C07B2-C8C1-4FEA-B0FE-5E0709162B26}] - {DF9C07B2-C8C1-4FEA-B0FE-5E0709162B26} - C:\Program Files\Abobe Flash Play 9\tbu06484\Cab301b48.dll
O4 - 未知 - HKLM\..\Run: [bfurunonce] [] C:\backup_tk\bfu.exe fix.bfu
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O16 - 未知 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
O18 - 未知 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 未知 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - 未知 - Service: COM+ Messages [COM+ Messages] - "C:\WINDOWS.0\system32\svchosts.exe" -e te-110-12-0000049 - (not running)
O23 - 未知 - Service: Messenger [传输客户端和服务器之间的 NET SEND 和 警报器服务消息。此服务与 Windows Messenger 无关。如果服务停止，警报器消息不会被传输。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。] - C:\WINDOWS.0\system32\msgsvc32.dll - (running)
O23 - 未知 - Service: MsDtsServer [为 SSIS 包的存储和执行提供管理支持。] - "C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" - (not running)
O23 - 未知 - Service: msftesql [快速创建结构化和半结构化数据的内容和属性的全文索引，以允许对此数据进行快速的语言搜索。] - "D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER - (not running)
O23 - 未知 - Service: MSSQLSERVER [提供数据的存储、处理和受控访问，并提供快速的事务处理。] - "D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER - (not running)
O23 - 未知 - Service: MSSQLServerOLAPService [为商业智能应用程序提供联机分析处理(OLAP)和数据挖掘功能。] - "D:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "D:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config" - (not running)
O23 - 未知 - Service: O&O Defrag [O&O Defragmentation Service] -  - (not running)
O23 - 未知 - Service: osvb [Vsn osvb Service] - C:\WINDOWS.0\system32\rundll32.exe C:\PROGRA~1\ufbh\ymio.dll,Service - (not running)
O23 - 未知 - Service: RpcS11 [管理并控制RPC服务数据库11。] - C:\WINDOWS.0\system32\Rpcs11.exe - (not running)
O23 - 未知 - Service: SQLBrowser [将 SQL Server 连接信息提供给客户端计算机。] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [执行作业、监视 SQL Server、激发警报，以及允许自动执行某些管理任务。] - "D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER - (not running)
O23 - 未知 - Service: SQLWriter [提供通过 Windows VSS 基础结构备份/还原 Microsoft SQL server 的接口。] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" - (not running)
O23 - 未知 - Service: usnjsvc [Messenger 上安装的启用共享情况的服务] - "C:\Program Files\MSN Messenger\usnsvc.exe" - (not running)

=======================================

100 - 安全 - Process: smss.exe [该进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS.0\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS.0\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=ba
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS.0\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS.0\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS.0\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS.0\Explorer.EXE
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS.0\system32\ctfmon.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS.0\system32\conime.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O4 - 安全 - HKLM\..\Run: [SKYNET Personal FireWall] [天网个人防火墙] C:\PROGRA~1\SkyNet\Firewall\pfw.exe
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] D:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS.0\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [msnmsgr] [微软msn即时通讯工具] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O18 - 安全 - Protocol: OFFICE 相关 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O23 - 安全 - Service: ATI Smart [是一个ati图形显示卡驱程的相关进程。] - C:\WINDOWS.0\system32\ati2sgag.exe - (not running)
O23 - 安全 - Service: AVP [卡巴斯基杀毒软件相关程序。] - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r" - (not running)
O23 - 安全 - Service: Macromedia Licensing Service [是macromedia公司网页三剑客软件的注册程序。] - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" - (not running)
O23 - 安全 - Service: MSSQLServerADHelper [sql server，microsoft开发的企业级数据库相关程序。] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" - (not running)

=======================================

O40 - svchost.exe - Microsoft Corporation - c:\windows.0\system32\msgsvc32.dll - Background Intelligent Transfer Services - c23ac55bc84d5477fa6f737c2bcc8d68
O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\AntiSpyware\ieprot.dll - IE Protector - 6b0f42a6f0fcca3b2de389fd297fd25c
O40 - Explorer.EXE - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll - Windows Shell Extension - 62281a8da78c81f4f4695c3de52ba680

=======================================

O41 - acpidisk - acpidisk - C:\WINDOWS.0\system32\drivers\acpidisk.sys - (not running) -  -  - 7f7aa15b34272976e0f2680f9d62d9e7
O41 - GWIOPM - GWIOPM - C:\Program Files\Wopti\GWIOPM.SYS - (not running) -  -  - ee271c6c56955c42297cd4d524e6fda5
O41 - islpgxg - islpgxg - C:\WINDOWS.0\system32\drivers\islpgxg.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - jr_yah - jr_yah - C:\WINDOWS.0\system32\drivers\jr_yah.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - kl1 - Kaspersky Unified Driver - C:\WINDOWS.0\system32\drivers\kl1.sys - (not running) - Kaspersky Unified Driver - Kaspersky Lab - 5445b03cd42dedf5f85b9daf712fdd09
O41 - klif - spuper-ptor - C:\WINDOWS.0\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - NPF - npf - C:\WINDOWS.0\system32\drivers\npf.sys - (not running) - npf - CACE Technologies - d21fee8db254ba762656878168ac1db6
O41 - npkcrypt - npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys - (not running) -  -  -
O41 - ospbnak - ospbnak - C:\WINDOWS.0\system32\drivers\ospbnak.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - pa_xbv - pa_xbv - C:\WINDOWS.0\system32\drivers\pa_xbv.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - qt_yrh - qt_yrh - C:\WINDOWS.0\system32\drivers\qt_yrh.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - RsAntiSpyware - RsBoot - C:\WINDOWS.0\system32\drivers\RsBoot.sys - (not running) - RsBoot - Beijing Rising - 2a3543eb15242c2f40669835cd55463c
O41 - SCBACK - File System Filter Driver - scdriver\scback.sys - (not running) - File System Filter Driver - StarSoftComm -
O41 - SKNFW - SKNFW - C:\WINDOWS.0\system32\drivers\SKNFW.sys - (running) -  -  - 3d40ce47367347c16c5e0a47178ac677
O41 - SkyProcs - SkyProcs - C:\Program Files\SkyNet\Firewall\SkyProcs.sys - (not running) -  -  - d521f5c4007e185ea5575fedd3382798
O41 - sptd - SCSI Pass Through Direct Host - C:\WINDOWS.0\system32\drivers\sptd.sys - (not running) - SCSI Pass Through Direct Host - Duplex Secure Ltd. - 75d937b416d7a79fcd5db79d67eb32be
O41 - SSCFLTXP - File System Filter Driver - C:\WINDOWS.0\system32\drivers\SSCFLTXP.sys - (running) - File System Filter Driver - Windows (R) 2000 DDK provider - 9662e36dd4dd508ce6bcb0021910dbd0
O41 - SSFltPT - SSFltPT - scdriver\ssfltpt.sys - (running) -  -  -
O41 - TSP - spuper-ptor - C:\WINDOWS.0\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - uerxekk - uerxekk - C:\WINDOWS.0\system32\drivers\uerxekk.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - we_xdt - we_xdt - C:\WINDOWS.0\system32\drivers\we_xdt.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - wx_kul - wx_kul - C:\WINDOWS.0\system32\drivers\wx_kul.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - xo_lft - xo_lft - C:\WINDOWS.0\system32\drivers\xo_lft.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - xz_kpp - xz_kpp - C:\WINDOWS.0\system32\drivers\xz_kpp.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - yn_npl - yn_npl - C:\WINDOWS.0\system32\drivers\yn_npl.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1

=======================================
360Safe.exe=2.3.0.1001
AntiAdwa.dll=2.2.2.1000
AntiEng.dll=2.2.0.1000
AntiActi.dll=2.0.0.3000
CleanHis.dll=2.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

=======================================

100 - 安全 - Process: smss.exe [该进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS.0\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS.0\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=ba
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS.0\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS.0\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS.0\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS.0\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS.0\Explorer.EXE
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS.0\system32\ctfmon.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS.0\system32\conime.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O4 - 安全 - HKLM\..\Run: [SKYNET Personal FireWall] [天网个人防火墙] C:\PROGRA~1\SkyNet\Firewall\pfw.exe
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] D:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS.0\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [msnmsgr] [微软msn即时通讯工具] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O18 - 安全 - Protocol: OFFICE 相关 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O23 - 安全 - Service: ATI Smart [是一个ati图形显示卡驱程的相关进程。] - C:\WINDOWS.0\system32\ati2sgag.exe - (not running)
O23 - 安全 - Service: AVP [卡巴斯基杀毒软件相关程序。] - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r" - (not running)
O23 - 安全 - Service: Macromedia Licensing Service [是macromedia公司网页三剑客软件的注册程序。] - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" - (not running)
O23 - 安全 - Service: MSSQLServerADHelper [sql server，microsoft开发的企业级数据库相关程序。] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" - (not running)

=======================================

O40 - svchost.exe - Microsoft Corporation - c:\windows.0\system32\msgsvc32.dll - Background Intelligent Transfer Services - c23ac55bc84d5477fa6f737c2bcc8d68
O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\AntiSpyware\ieprot.dll - IE Protector - 6b0f42a6f0fcca3b2de389fd297fd25c
O40 - Explorer.EXE - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll - Windows Shell Extension - 62281a8da78c81f4f4695c3de52ba680

=======================================

O41 - acpidisk - acpidisk - C:\WINDOWS.0\system32\drivers\acpidisk.sys - (not running) -  -  - 7f7aa15b34272976e0f2680f9d62d9e7
O41 - GWIOPM - GWIOPM - C:\Program Files\Wopti\GWIOPM.SYS - (not running) -  -  - ee271c6c56955c42297cd4d524e6fda5
O41 - islpgxg - islpgxg - C:\WINDOWS.0\system32\drivers\islpgxg.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - jr_yah - jr_yah - C:\WINDOWS.0\system32\drivers\jr_yah.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - kl1 - Kaspersky Unified Driver - C:\WINDOWS.0\system32\drivers\kl1.sys - (not running) - Kaspersky Unified Driver - Kaspersky Lab - 5445b03cd42dedf5f85b9daf712fdd09
O41 - klif - spuper-ptor - C:\WINDOWS.0\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - NPF - npf - C:\WINDOWS.0\system32\drivers\npf.sys - (not running) - npf - CACE Technologies - d21fee8db254ba762656878168ac1db6
O41 - npkcrypt - npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys - (not running) -  -  -
O41 - ospbnak - ospbnak - C:\WINDOWS.0\system32\drivers\ospbnak.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - pa_xbv - pa_xbv - C:\WINDOWS.0\system32\drivers\pa_xbv.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - qt_yrh - qt_yrh - C:\WINDOWS.0\system32\drivers\qt_yrh.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - RsAntiSpyware - RsBoot - C:\WINDOWS.0\system32\drivers\RsBoot.sys - (not running) - RsBoot - Beijing Rising - 2a3543eb15242c2f40669835cd55463c
O41 - SCBACK - File System Filter Driver - scdriver\scback.sys - (not running) - File System Filter Driver - StarSoftComm -
O41 - SKNFW - SKNFW - C:\WINDOWS.0\system32\drivers\SKNFW.sys - (running) -  -  - 3d40ce47367347c16c5e0a47178ac677
O41 - SkyProcs - SkyProcs - C:\Program Files\SkyNet\Firewall\SkyProcs.sys - (not running) -  -  - d521f5c4007e185ea5575fedd3382798
O41 - sptd - SCSI Pass Through Direct Host - C:\WINDOWS.0\system32\drivers\sptd.sys - (not running) - SCSI Pass Through Direct Host - Duplex Secure Ltd. - 75d937b416d7a79fcd5db79d67eb32be
O41 - SSCFLTXP - File System Filter Driver - C:\WINDOWS.0\system32\drivers\SSCFLTXP.sys - (running) - File System Filter Driver - Windows (R) 2000 DDK provider - 9662e36dd4dd508ce6bcb0021910dbd0
O41 - SSFltPT - SSFltPT - scdriver\ssfltpt.sys - (running) -  -  -
O41 - TSP - spuper-ptor - C:\WINDOWS.0\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 2985985b39e13643f941b6396fb915dd
O41 - uerxekk - uerxekk - C:\WINDOWS.0\system32\drivers\uerxekk.sys - (running) -  -  - 19184a8e1a381bef8ebe119e3d3cb92d
O41 - we_xdt - we_xdt - C:\WINDOWS.0\system32\drivers\we_xdt.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - wx_kul - wx_kul - C:\WINDOWS.0\system32\drivers\wx_kul.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - xo_lft - xo_lft - C:\WINDOWS.0\system32\drivers\xo_lft.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - xz_kpp - xz_kpp - C:\WINDOWS.0\system32\drivers\xz_kpp.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1
O41 - yn_npl - yn_npl - C:\WINDOWS.0\system32\drivers\yn_npl.sys - (running) -  -  - 27d923602b2598b3dbdacec3c6a7ffb1

=======================================
360Safe.exe=2.3.0.1001
AntiAdwa.dll=2.2.2.1000
AntiEng.dll=2.2.0.1000
AntiActi.dll=2.0.0.3000
CleanHis.dll=2.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

邮箱地址:maoke2005191@126.com