瑞星卡卡安全论坛

下午机子的江民杀毒突然弹出wsttrs.exe,winform.exe,Kernel32.exe这几个程序要修改启动，然后生成一系列3.exe，4.exe，5.exe等等；

在c:\docume~1\用户名\locals~1\temp中有Servere.exe，winlog0n.exe，Rav30.dll，LgSy0.dll
按照【原创】关于近期1.exe、comfsg、wsttrs、msccrt、upxdnd清除方案
一文方法去弄，把这些都清除干净后，一看网页不久这些东西又重新出现。。。

请教高手！！

日志：

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <pyjj><D:\Program Files\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><rem ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RecSche><"D:\Program Files\LifeView TVR\RecSche.exe">  []
    <SKYNET Personal FireWall><D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [天网]
    <vptray><D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <IMSCMIG40W><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <KvMonXP><"D:\KV2006\KVMonXP_1.kxp" /auto>  [Jiangmin Co.Ltd]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <DAEMON Tools-2052><; rem ; "D:\Program Files\D-Tools\daemon.exe"  -lang 2052>  [N/A]
    <PHIME2002A><; rem ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.dll>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <9ftj><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BigDog303><; rem ; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <dv9dqijxxyc2d><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <kernel32><; C:\WINDOWS\Kernel32.exe>  []
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; rem ; "C:\Program Files\Messenger\msmsgs.exe" /background>  [N/A]
    <t6zs4ggjy14t><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Thunder><; rem ; "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <udmxd49d><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <winform><; C:\WINDOWS\winform.exe>  []
    <wsttrs><; C:\WINDOWS\wsttrs.exe>  []
    <yassistse><; rem ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
    <YLive.exe><; rem ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[DefWatch / DefWatch][Running/Auto Start]
  <D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC][Running/Auto Start]
  <"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>
[LifeView HID Service / LvHidSvc][Running/Auto Start]
  <C:\WINDOWS\system32\lvhidsvc.exe><Animation Technologies Inc.>
[Symantec AntiVirus Client / Norton AntiVirus Server][Stopped/Auto Start]
  <D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\NavLogon.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 792][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 284][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 304][D:\PROGRA~1\SKYNET\FIREWALL\pfw.exe]  [天网, 2.7.3.1104]
    [D:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL]  [N/A, ]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 368][D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.00.00.9374]
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 8.00.00.9374]
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.00.00.9374]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [D:\KV2006\KVMonXP_1.kxp]  [Jiangmin Co.Ltd, 9, 2, 0, 60905]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\GUIExt_1.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2006\EngFace.dll]  [Jiangmin Co.Ltd, 9.0.0.50809]
    [D:\KV2006\EngPS.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 50817]
    [D:\KV2006\KvMemory.dll]  [Jiangmin Co. Ltd., 9, 0, 6, 0214]
    [D:\KV2006\KvOffice.dll]  [JiangMin New Tech., 9.0.0.1213]
    [D:\KV2006\lang\KVOffice0804.lng]  [N/A, ]
    [D:\KV2006\VirusUpload.dll]  [, 2, 16, 6, 7260]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [D:\KV2006\PProtect.dll]  [Jiangmin Co. Ltd., 9.0.0.921]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 1164][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 0, 1002]
    [C:\PROGRA~1\3721\notifier.dll]  [, 2.5.0.1002]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 1092][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 1704][D:\Program Files\jj4\jjsvr4.exe]  [加加开发组, 4.0.0.19]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [D:\KV2006\TrojDie.kxp]  [Jiangmin Co.Ltd, 9.0.6.0413]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\lang\TrojDie0804.lng]  [Jiangmin Co.Ltd, 9.0.0.0813]
    [D:\KV2006\GUIExt_1.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2006\PProtect.dll]  [Jiangmin Co. Ltd., 9.0.0.921]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [D:\KV2006\ComUIPS.dll]  [Jiangmin Ltd., 9. 5. 5. 20]
    [D:\KV2006\KVWPSet.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 60220]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 2696][D:\KV2006\KRegEx.exe]  [Jiangmin Co.Ltd, 9.0.6.210]
    [D:\KV2006\KRegEx.dll]  [Jiangmin Co. Ltd., 9.0.6.0119]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\KRegTrust.dll]  [Jiangmin Co. Ltd., 9.0.0.825]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 2784][D:\KV2006\UIHost.exe]  [Jiangmin Co. Ltd, 9.2.0.50822]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\ComUI.dll]  [Jiangmin Ltd., 9. 0. 0.509]
    [D:\KV2006\ComUIPS.dll]  [Jiangmin Ltd., 9. 5. 5. 20]
    [D:\KV2006\GUIExt_1.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp1A.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav30.dll]  [N/A, ]

[PID: 2664][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\scrblock.dll]  [3721, 2.5.0.1002]
    [C:\PROGRA~1\3721\alrex.dll]  [, 2.5.0.1002]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 0, 1002]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll]  [Yahoo!, 2, 0, 1, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo, 1, 0, 1, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  [Yahoo, 1, 0, 3, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [, 1, 0, 0, 9]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo, 1, 0, 0, 1]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [, 4, 5, 1, 33]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 1, 0, 9, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [Yahoo., 1, 0, 8, 1009]
    [D:\KV2006\KVBHO_1.dll]  [Jiangmin Co.Ltd, 9.0.6.0113]
    [D:\KV2006\KVAddrDb.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 1018]
    [D:\KV2006\KvShell.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 830]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [D:\KV2006\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\Program Files\NetXfer\NXIEHelper.dll]  [Xi, 2.01.301]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
[PID: 2860][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\scrblock.dll]  [3721, 2.5.0.1002]
    [C:\PROGRA~1\3721\alrex.dll]  [, 2.5.0.1002]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 0, 1002]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll]  [Yahoo!, 2, 0, 1, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo, 1, 0, 1, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  [Yahoo, 1, 0, 3, 1004]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [, 1, 0, 0, 9]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo, 1, 0, 0, 1]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [, 4, 5, 1, 33]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 1, 0, 9, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [Yahoo., 1, 0, 8, 1009]
    [D:\KV2006\KVBHO_1.dll]  [Jiangmin Co.Ltd, 9.0.6.0113]
    [D:\KV2006\KVAddrDb.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 1018]
    [D:\KV2006\KvShell.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 830]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [D:\KV2006\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\Program Files\NetXfer\NXIEHelper.dll]  [Xi, 2.01.301]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yeheocx.dll]  [, 9, 0, 0, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  [ , 1, 0, 3, 1002]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yoptimum.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YASSEC~1.DLL]  [Yahoo, 1, 0, 0, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrepair.dll]  [Yahoo, 1, 0, 8, 1321]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasfsks.dll]  [3721.com, 2, 1, 1, 87]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yXPStyle.dll]  [Yahoo, 1, 0, 2, 1309]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp1A.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40W\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
[PID: 3552][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\alrex.dll]  [, 2.5.0.1002]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [D:\KV2006\KvShell.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 830]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [D:\KV2006\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5672]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\autolive.dll]  [, 2, 5, 0, 1002]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [, 4, 5, 1, 33]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 1, 0, 9, 1029]
    [C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll]  [Yahoo!, 2, 0, 1, 1015]
    [D:\KV2006\KVBHO_1.dll]  [Jiangmin Co.Ltd, 9.0.6.0113]
    [D:\KV2006\KVAddrDb.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 1018]
    [D:\Program Files\NetXfer\NXIEHelper.dll]  [Xi, 2.01.301]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [, 1, 0, 1, 1014]
    [D:\Program Files\Tencent\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [D:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\PROGRA~1\3721\ske\contmenu.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.00.00.9374]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp1A.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
[PID: 1560][C:\WINDOWS\wsttrs.exe]  [N/A, ]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1532][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [D:\KV2006\KVHookG.dll]  [Jiangmin Co.Ltd, 9.0.0.1226]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm19.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tmp1A.tmp.rom]  [N/A, ]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：CreateRemoteThread (危险等级: 高,  被下面模块所HOOK: D:\KV2006\KVHookG.dll)

==================================
隐藏进程
N/A

==================================

驱动程序
[00 / 00][Stopped/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\215660.sys><N/A>
[a320raid / a320raid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><N/A>
[fasttrak / fasttrak][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GPKiller / GPKiller][Running/Auto Start]
  <\SystemRoot\system32\drivers\gpkiller.sys><Yahoo!>
[Hpt366 / Hpt366][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]

<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[kildnckj / kildnckj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kildnckj.sys><N/A>
[KRegEx / KRegEx][Running/System Start]
  <\??\D:\KV2006\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall Service / KSysCall][Running/System Start]
  <\??\D:\KV2006\KSysCall.sys><Jiangmin Co. Ltd.>
[KVDP_1 / KVDP_1][Running/Manual Start]
  <\??\D:\KV2006\KVDP_1.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Running/Manual Start]
  <\??\D:\KV2006\KvMemon.sys><Jiangmin Co. Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\D:\KV2006\KVREDIR.sys><Jiangmin Co. Ltd>
[X-View Capture Driver / LVCapT68][Running/Manual Start]
  <System32\DRIVERS\lvcapT68.sys><Animation Technologies Inc.>
[X-View WDM TV Tuner / lvtuner][Running/Manual Start]
  <System32\DRIVERS\lvtuner.sys><Animation Technologies Inc.>
[m5228 / m5228][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[mraid2k / mraid2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070328.019\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070328.019\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OMSCAN / OMSCAN][Stopped/Auto Start]
  <\Sys?罸知?覫><N/A>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[PProtect / PProtect][Running/System Start]
  <\??\D:\KV2006\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rockeynt.sys><FeiTian Tech Co.,Ltd>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sense3 / Sense3][Running/Auto Start]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[UlSata / UlSata][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Running/Boot Start]
  <\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xinstall / xinstall][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

哪位高手帮帮忙啊~~~~谢谢了

在线等回复，拜托了～～～