symantec没反应。。有人知道怎么回事吗？~关了进程后它有会自动打开，有时甚至打开2个以上。。。

引用:

【Seaweed的贴子】symantec没反应。。有人知道怎么回事吗？~关了进程后它有会自动打开，有时甚至打开2个以上。。。 ………………

扫日志上来啊 http://szcht.ys168.com系统工具里有扫描工具

还会自己双击~。。快发疯了

2006-11-25,20:30:43

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><E:\软件\MagicSet\SRIECLI.EXE /LOAD>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RemoteControl><; E:\软件\Powerdve\PDVDServ.exe>  [Cyberlink Corp.]
    <LanguageShortcut><; E:\软件\Powerdve\Language\Language.exe>  [N/A]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <xy><; C:\WINDOWS\Download\svhost32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  [(Verified)Symantec Corporation]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Candy\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\tencent\QQ.exe [TENCENT]><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Cyberlink RichVideo Service(CRVS) / RichVideo]
  <"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>
[Remote Locator RPC / Rpcaccess ]
  <C:\WINDOWS\svchost.exe><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Remote Procedure Call System(RPCS) / RpcS]
  <C:\WINDOWS\System32\RpcS.exe><N/A>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061124.017\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061124.017\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\tencent\npkcrypt.sys><N/A>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\软件\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\软件\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\tencent\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\软件\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\软件\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\tencent\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 672][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\NavLogon.dll]  [Symantec Corporation, 10.0.2.2000]
[PID: 788][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1040][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1160][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1188][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1432][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\软件\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.2.2000]
    [C:\WINDOWS\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 1636][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1668][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 120][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4109]
[PID: 196][C:\Program Files\Cyberlink\Shared files\RichVideo.exe]  [, 1.1.0808  ]
[PID: 328][C:\WINDOWS\System32\RpcS.exe]  [N/A, N/A]
[PID: 448][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2568][E:\软件\yyfb\mplayerc.exe]  [Gabest, 6, 4, 8, 4]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [E:\软件\yyfb\Codecs\ffdshow.ax]  [N/A, 1.0.2.4]
    [E:\软件\Powerdve\VideoFilter\DXdec.ax]  [DivXNetworks, Inc., 6.0.0.1571]
    [E:\软件\yyfb\Codecs\vsfilter.dll]  [Gabest, 1, 0, 1, 2]
    [E:\软件\yyfb\codecs\TTL2Dec.dll]  [N/A, N/A]
    [E:\软件\Powerdve\NavFilter\clm4splt.ax]  [CyberLink Corp., 1.0.2803  ]
    [E:\软件\yyfb\codecs\mpeg2dmx.ax]  [Moonlight Cordless Ltd., 3, 1, 200, 50117]
    [C:\WINDOWS\System32\xvid.ax]  [N/A, N/A]
    [C:\WINDOWS\System32\ac3filter.cpl]  [, 1.01a]
    [C:\WINDOWS\System32\xvidcore.dll]  [N/A, N/A]
[PID: 580][D:\Program Files\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [D:\Program Files\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [D:\Program Files\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [D:\Program Files\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 3240][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3648][E:\软件\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.3.0.220]
    [E:\软件\Thunder\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [E:\软件\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 71]
    [E:\软件\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [E:\软件\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\软件\Thunder\Program\asyn_dns.dll]  [N/A, N/A]
    [E:\软件\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [E:\软件\Thunder\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [E:\软件\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
    [E:\软件\Thunder\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\软件\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 11]
    [E:\软件\Thunder\Components\InMedia\iEmbed04.dll]  [　, 2, 3, 0, 37]
    [E:\软件\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 8]
    [E:\软件\Thunder\Program\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 55]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 3272][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [D:\Program Files\tencent\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [E:\软件\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[PID: 4008][F:\My Documents\DOWNLOAD\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

用SRENG=>启动项目=>服务=>Win32服务应用程序勾选“隐藏微软服务”选中病毒服务
[Remote Locator RPC / Rpcaccess ]
[Remote Procedure Call System(RPCS) / RpcS]
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：

<C:\WINDOWS\svchost.exe>
<C:\WINDOWS\System32\RpcS.exe

<xy><; C:\WINDOWS\Download\svhost32.exe> [N/A]

引用:

【303266474的贴子】用SRENG=>启动项目=>服务=>Win32服务应用程序勾选“隐藏微软服务”选中病毒服务 [Remote Locator RPC / Rpcaccess ] [Remote Procedure Call System(RPCS) / RpcS] ，选择“删除服务” 点“设置”选择“否” 重启按F８进入安全模式下 显示隐藏文件 删除： <C:\WINDOWS\svchost.exe> <C:\WINDOWS\System32\RpcS.exe ………………

第一个exe我没找到。。。


不过现在好象是不会开IE了。。


日志

2006-11-25,22:13:42

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RemoteControl><; E:\软件\Powerdve\PDVDServ.exe>  [Cyberlink Corp.]
    <LanguageShortcut><; E:\软件\Powerdve\Language\Language.exe>  [N/A]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  [(Verified)Symantec Corporation]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Candy\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\tencent\QQ.exe [TENCENT]><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Cyberlink RichVideo Service(CRVS) / RichVideo]
  <"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061124.017\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061124.017\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\tencent\npkcrypt.sys><N/A>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\软件\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\软件\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\tencent\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\tencent\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\软件\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\软件\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\tencent\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 672][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\NavLogon.dll]  [Symantec Corporation, 10.0.2.2000]
[PID: 788][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1012][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1116][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1132][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1448][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\软件\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[PID: 1624][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1712][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2000][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4109]
[PID: 300][C:\Program Files\Cyberlink\Shared files\RichVideo.exe]  [, 1.1.0808  ]
[PID: 448][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1256][F:\My Documents\DOWNLOAD\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================