cmd乱了,求求电脑高手qq帮助
点击联系发帖人
时间:2012-06-10 13:35
查看: 874|回复: 6
求助高手,本人菜鸟
oneyearslater
本帖最后由 oneyearslater 于
19:08 编辑
最近出了个问题,开机桌面自动会生成一个空文件夹,删除了又生成了,一开始没注意,今天刚删除了,过了几个小时现在又生成了,真好今天网络奇卡无比,网络测试才40kb多下载速度,所有觉得有问题用sreng。wsyscheck,xuetr查了半天也没发现什么,或许是我太菜了吧。。然后用微点也没查出问题,file:///C:/DOCUME%7E1/MYLIFE%7E1/LOCALS%7E1/Temp/moz-screenshot.png附上
最近也没乱进什么网站,只是安装了nba live游戏和Photoshop cs2而已,这些文件都已经用微点+小红伞+nod32扫描过无问题,在安装过程中comodo也没发现什么异常
System Repair Engineer 2.8.2.1321
Smallfrogs ([url][/url])
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &IMJPMIG8.1&&&C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE& /Spoil /RemAdvDef /Migration32&&&[(Verified)Microsoft Windows Component Publisher]
& & &PHIME2002ASync&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&&&[(Verified)Microsoft Windows Component Publisher]
& & &PHIME2002A&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&&&[(Verified)Microsoft Windows Component Publisher]
& & &COMODO Internet Security&&&C:\Program Files\COMODO\COMODO Internet Security\cfp.exe& -h&&&[(Verified)Comodo Security Solutions, Inc.]
& & &Shadow Defender Daemon&&&C:\Program Files\Shadow Defender\DefenderDaemon.exe& /auto&&&[]
& & &DAEMON Tools-1033&&&C:\Program Files\D-Tools\daemon.exe&&&-lang 1033&&&[DAEMON'S HOME]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&& C:\WINDOWS\system32\guard32.dll&&&[(Verified)Comodo Security Solutions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
& & &WinlogonNotify: dimsntfy&&%SystemRoot%\System32\dimsntfy.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /HideWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\WINDOWS\system32\logon.scr&&&[(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe&&&Adobe Systems&
[COMODO Internet Security Helper Service / cmdAgent][Running/Auto Start]
&&&&C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe&&&COMODO&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[Sandboxie Service / SbieSvc][Running/Auto Start]
&&&&C:\Program Files\Sandboxie\SbieSvc.exe&&&tzuk&
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
&&&system32\drivers\ac97intc.sys&&Intel Corporation&
[COMODO Internet Security Sandbox Driver / cmdGuard][Running/System Start]
&&&System32\DRIVERS\cmdguard.sys&&COMODO&
[COMODO Internet Security Helper Driver / cmdHlp][Running/System Start]
&&&System32\DRIVERS\cmdhlp.sys&&COMODO&
[d347bus / d347bus][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\d347bus.sys&&&
[d347prt / d347prt][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\d347prt.sys&&&
[COMODO Internet Security Firewall Driver / Inspect][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\inspect.sys&&COMODO&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
&&&system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&
[SbieDrv / SbieDrv][Running/Manual Start]
&&&\??\C:\Program Files\Sandboxie\SbieDrv.sys&&tzuk&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[KernelCheck / KernelCheck][Running/Manual Start]
&&&\??\C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\flbs\KpCheck.sys&&N/A&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) 深圳市迅雷网络技术有限公司&
[]
&&{e2e2dd38-d088--f2ba} &%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx, (Signed) Adobe Systems, Inc.&
[]
&&{E2E2DD38-D088--F2BA} &, &
[使用迅雷下载]
&&&C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A&
[使用迅雷下载全部链接]
&&&C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A&
==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 568][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 636][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 648][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 816][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 880][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1104][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 120]
& & [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
& & [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[深圳市迅雷网络技术有限公司, 1, 0, 0, 16]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
& & [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.34]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 5.0.0.3787]
[PID: 1164][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1248][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1304][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1644][C:\Program Files\Sandboxie\SbieSvc.exe]&&[tzuk, 3.442]
& & [C:\Program Files\Sandboxie\SbieDll.dll]&&[tzuk, 3.442]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1940][C:\Program Files\Shadow Defender\DefenderDaemon.exe]&&[, 1.1.0.275]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
[PID: 1968][C:\Program Files\D-Tools\daemon.exe]&&[DAEMON'S HOME, 3.47.0.0]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\WINDOWS\daemon.dll]&&[, 3.47.0.0]
& & [C:\Program Files\D-Tools\PFCTOC.DLL]&&[Padus(R), Inc., 1, 0, 0, 12]
& & [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]&&[, 1.0.2.0]
& & [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]&&[GENERIC, 1.02.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]&&[GENERIC, 1.01.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]&&[GENERIC, 1.02.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll]&&[GENERIC, 1.01.0.0]
[PID: 1976][C:\WINDOWS\system32\ctfmon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 572][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1876][C:\Program Files\TTPlayer\TTPlayer.exe]&&[Alen Soft, 5, 5, 2, 0]
& & [C:\Program Files\TTPlayer\ttpcomm.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\TTPlayer\ttpres.dll]&&[Alen Soft, 5, 5, 2, 0]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
& & [C:\Program Files\TTPlayer\AddIn\ttp_ape.dll]&&[N/A, ]
[PID: 752][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1600][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.782\wsyscheck0223中文版\Wsyscheck.exe]&&[[email].cn[/email], 1.68.33.0]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
[PID: 432][C:\Program Files\Mozilla Firefox\firefox.exe]&&[Mozilla Corporation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\xul.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\sqlite3.dll]&&[sqlite.org, 3.7.1]
& & [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]&&[Mozilla Foundation, 8.00.0000]
& & [C:\Program Files\Mozilla Firefox\js3250.dll]&&[N/A, ]
& & [C:\Program Files\Mozilla Firefox\nspr4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\smime3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nss3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssutil3.dll]&&[Mozilla Foundation, 3.12.8.0]
& & [C:\Program Files\Mozilla Firefox\plc4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\plds4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\ssl3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\MOZCPP19.dll]&&[Mozilla Foundation, 8.00.0000]
& & [C:\Program Files\Mozilla Firefox\xpcom.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\softokn3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssdbm3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\freebl3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssckbi.dll]&&[Mozilla Foundation, 1.80]
& & [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Documents and Settings\MY LIFE\Application Data\Mozilla\Firefox\Profiles\njwceobx.default\extensions\[email][/email]\components\windowTrayIcon.dll]&&[N/A, ]
& & [C:\Documents and Settings\MY LIFE\Application Data\Mozilla\Firefox\Profiles\njwceobx.default\extensions\[email][/email]\components\mediacenter-com.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 5.0.0.3787]
& & [C:\WINDOWS\system32\icm32.dll]&&[Microsoft Corporation, 5.1. (xpsp.5)]
[PID: 2420][C:\WINDOWS\system32\conime.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 3836][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\SREngLdr.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
[PID: 3936][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\SREd127fdb.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
& & [C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1876, C:\PROGRAM FILES\TTPLAYER\TTPLAYER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1600, C:\DOCUME~1\MYLIFE~1\LOCALS~1\TEMP\RAR$EX00.782\WSYSCHECK0223中文版\WSYSCHECK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1600, C:\DOCUME~1\MYLIFE~1\LOCALS~1\TEMP\RAR$EX00.782\WSYSCHECK0223中文版\WSYSCHECK.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
似乎没看出什么。文件夹是什么名字?
oneyearslater
新建文件夹
Markel.Scofield
日志没问题
LZ装的安全软件好多呀
会不会LZ是在开着SD的模式下删除文件的呀
oneyearslater
额,不是,其实我一个杀毒软件都没装,是在影子系统中安装的,临时扫描下
oneyearslater
求高人解答
用msconfig查看启动项目,再试关闭可疑程序自动运行。也可尝试Windows注册表里“新建文件夹 ”路径。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,}
求助高手,本人菜鸟
oneyearslater
本帖最后由 oneyearslater 于
19:08 编辑
最近出了个问题,开机桌面自动会生成一个空文件夹,删除了又生成了,一开始没注意,今天刚删除了,过了几个小时现在又生成了,真好今天网络奇卡无比,网络测试才40kb多下载速度,所有觉得有问题用sreng。wsyscheck,xuetr查了半天也没发现什么,或许是我太菜了吧。。然后用微点也没查出问题,file:///C:/DOCUME%7E1/MYLIFE%7E1/LOCALS%7E1/Temp/moz-screenshot.png附上
最近也没乱进什么网站,只是安装了nba live游戏和Photoshop cs2而已,这些文件都已经用微点+小红伞+nod32扫描过无问题,在安装过程中comodo也没发现什么异常
System Repair Engineer 2.8.2.1321
Smallfrogs ([url][/url])
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
& & 计划任务
& & Windows 安全更新检查
& & API HOOK
& & 隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &IMJPMIG8.1&&&C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE& /Spoil /RemAdvDef /Migration32&&&[(Verified)Microsoft Windows Component Publisher]
& & &PHIME2002ASync&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC&&&[(Verified)Microsoft Windows Component Publisher]
& & &PHIME2002A&&C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName&&&[(Verified)Microsoft Windows Component Publisher]
& & &COMODO Internet Security&&&C:\Program Files\COMODO\COMODO Internet Security\cfp.exe& -h&&&[(Verified)Comodo Security Solutions, Inc.]
& & &Shadow Defender Daemon&&&C:\Program Files\Shadow Defender\DefenderDaemon.exe& /auto&&&[]
& & &DAEMON Tools-1033&&&C:\Program Files\D-Tools\daemon.exe&&&-lang 1033&&&[DAEMON'S HOME]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&& C:\WINDOWS\system32\guard32.dll&&&[(Verified)Comodo Security Solutions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
& & &{AEB-11d0-97EE-00C04FD91972}&&shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
& & &PostBootReminder&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &CDBurn&&%SystemRoot%\system32\SHELL32.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &WebCheck&&%SystemRoot%\system32\webcheck.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &SysTray&&C:\WINDOWS\system32\stobject.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
& & &WinlogonNotify: crypt32chain&&crypt32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
& & &WinlogonNotify: cryptnet&&cryptnet.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
& & &WinlogonNotify: cscdll&&cscdll.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
& & &WinlogonNotify: dimsntfy&&%SystemRoot%\System32\dimsntfy.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
& & &WinlogonNotify: ScCertProp&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
& & &WinlogonNotify: Schedule&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
& & &WinlogonNotify: sclgntfy&&sclgntfy.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
& & &WinlogonNotify: SensLogn&&WlNotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
& & &WinlogonNotify: termsrv&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
& & &WinlogonNotify: wlballoon&&wlnotify.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
& & &{-A8BA-11D1-B96B-00A0C90312E1}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
& & &{8C7461EF-2B13-11d2-BE35-0}&&%SystemRoot%\system32\browseui.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{22d6f312-b0f6-11d0-94ab-e95}]
& & &Microsoft Windows Media Player&&C:\WINDOWS\inf\unregmp2.exe /HideWMP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{d38-484f-9b9e-dec}]
& & &Internet Explorer&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{60B49E34-C7CC-11D0-C90347FF}MICROS]
& & &浏览器自定义组件&&RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\&{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
& & &Outlook Express&&%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09--FED}]
& & &Themes Setup&&%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
& & &Microsoft Outlook Express 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:OE /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
& & &NetMeeting 3.01&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e7d-11d1-bc44-00c04fd912be}]
& & &Windows Messenger 4.7&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
& & &Microsoft Windows Media Player&&rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{71-11d2-AF11-00C04FA35D02}]
& & &通讯簿 6&&&%ProgramFiles%\Outlook Express\setup50.exe& /APP:WAB /CALLER:WINNT /user /install&&&[File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4340}]
& & &Windows 桌面更新&®svr32.exe /s /n /i:U shell32.dll&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{-ECBD-11cf-8B85-00AA005B4383}]
& & &Internet Explorer 6&&%SystemRoot%\system32\ie4uinit.exe&&&[(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\WINDOWS\system32\logon.scr&&&[(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
&&&&C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe&&&Adobe Systems&
[COMODO Internet Security Helper Service / cmdAgent][Running/Auto Start]
&&&&C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe&&&COMODO&
[Human Interface Device Access / HidServ][Stopped/Disabled]
&&&C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&
[Sandboxie Service / SbieSvc][Running/Auto Start]
&&&&C:\Program Files\Sandboxie\SbieSvc.exe&&&tzuk&
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
&&&system32\drivers\ac97intc.sys&&Intel Corporation&
[COMODO Internet Security Sandbox Driver / cmdGuard][Running/System Start]
&&&System32\DRIVERS\cmdguard.sys&&COMODO&
[COMODO Internet Security Helper Driver / cmdHlp][Running/System Start]
&&&System32\DRIVERS\cmdhlp.sys&&COMODO&
[d347bus / d347bus][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\d347bus.sys&&&
[d347prt / d347prt][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\d347prt.sys&&&
[COMODO Internet Security Firewall Driver / Inspect][Running/Boot Start]
&&&\SystemRoot\System32\DRIVERS\inspect.sys&&COMODO&
[nv / nv][Running/Manual Start]
&&&system32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
&&&system32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&
[SbieDrv / SbieDrv][Running/Manual Start]
&&&\??\C:\Program Files\Sandboxie\SbieDrv.sys&&tzuk&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.&
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
&&&system32\DRIVERS\tcpip.sys&&Microsoft Corporation&
[KernelCheck / KernelCheck][Running/Manual Start]
&&&\??\C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\flbs\KpCheck.sys&&N/A&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[启动迅雷5]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) 深圳市迅雷网络技术有限公司&
[]
&&{e2e2dd38-d088--f2ba} &%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A&
[Messenger]
&&{FB5Fd2-BB9E-00C04F795683} &C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx, (Signed) Adobe Systems, Inc.&
[]
&&{E2E2DD38-D088--F2BA} &, &
[使用迅雷下载]
&&&C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A&
[使用迅雷下载全部链接]
&&&C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A&
==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 568][\??\C:\WINDOWS\system32\csrss.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 636][C:\WINDOWS\system32\services.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 648][C:\WINDOWS\system32\lsass.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.3)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 816][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 880][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1104][C:\WINDOWS\Explorer.EXE]&&[(Verified) Microsoft Corporation, 6.00. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 120]
& & [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
& & [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[深圳市迅雷网络技术有限公司, 1, 0, 0, 16]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
& & [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.34]
& & [C:\WINDOWS\system32\MSVCP71.dll]&&[Microsoft Corporation, 7.10.3077.0]
& & [C:\WINDOWS\system32\MSVCR71.dll]&&[Microsoft Corporation, 7.10.3052.4]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 5.0.0.3787]
[PID: 1164][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1248][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1304][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1644][C:\Program Files\Sandboxie\SbieSvc.exe]&&[tzuk, 3.442]
& & [C:\Program Files\Sandboxie\SbieDll.dll]&&[tzuk, 3.442]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1940][C:\Program Files\Shadow Defender\DefenderDaemon.exe]&&[, 1.1.0.275]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
[PID: 1968][C:\Program Files\D-Tools\daemon.exe]&&[DAEMON'S HOME, 3.47.0.0]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\WINDOWS\daemon.dll]&&[, 3.47.0.0]
& & [C:\Program Files\D-Tools\PFCTOC.DLL]&&[Padus(R), Inc., 1, 0, 0, 12]
& & [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]&&[, 1.0.2.0]
& & [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]&&[GENERIC, 1.02.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]&&[GENERIC, 1.01.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]&&[GENERIC, 1.02.0.0]
& & [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll]&&[GENERIC, 1.01.0.0]
[PID: 1976][C:\WINDOWS\system32\ctfmon.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 572][C:\WINDOWS\System32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1876][C:\Program Files\TTPlayer\TTPlayer.exe]&&[Alen Soft, 5, 5, 2, 0]
& & [C:\Program Files\TTPlayer\ttpcomm.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\TTPlayer\ttpres.dll]&&[Alen Soft, 5, 5, 2, 0]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
& & [C:\Program Files\TTPlayer\AddIn\ttp_ape.dll]&&[N/A, ]
[PID: 752][C:\WINDOWS\system32\svchost.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.1)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 1600][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.782\wsyscheck0223中文版\Wsyscheck.exe]&&[[email].cn[/email], 1.68.33.0]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Shadow Defender\ShellExt.dll]&&[, 1.1.0.275]
[PID: 432][C:\Program Files\Mozilla Firefox\firefox.exe]&&[Mozilla Corporation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\xul.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\sqlite3.dll]&&[sqlite.org, 3.7.1]
& & [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]&&[Mozilla Foundation, 8.00.0000]
& & [C:\Program Files\Mozilla Firefox\js3250.dll]&&[N/A, ]
& & [C:\Program Files\Mozilla Firefox\nspr4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\smime3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nss3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssutil3.dll]&&[Mozilla Foundation, 3.12.8.0]
& & [C:\Program Files\Mozilla Firefox\plc4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\plds4.dll]&&[Mozilla Foundation, 4.8.6]
& & [C:\Program Files\Mozilla Firefox\ssl3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\MOZCPP19.dll]&&[Mozilla Foundation, 8.00.0000]
& & [C:\Program Files\Mozilla Firefox\xpcom.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
& & [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Program Files\Mozilla Firefox\softokn3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssdbm3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\freebl3.dll]&&[Mozilla Foundation, 3.12.8.0 Basic ECC]
& & [C:\Program Files\Mozilla Firefox\nssckbi.dll]&&[Mozilla Foundation, 1.80]
& & [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]&&[Mozilla Foundation, 1.9.2.13]
& & [C:\Documents and Settings\MY LIFE\Application Data\Mozilla\Firefox\Profiles\njwceobx.default\extensions\[email][/email]\components\windowTrayIcon.dll]&&[N/A, ]
& & [C:\Documents and Settings\MY LIFE\Application Data\Mozilla\Firefox\Profiles\njwceobx.default\extensions\[email][/email]\components\mediacenter-com.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 5.0.0.3787]
& & [C:\WINDOWS\system32\icm32.dll]&&[Microsoft Corporation, 5.1. (xpsp.5)]
[PID: 2420][C:\WINDOWS\system32\conime.exe]&&[(Verified) Microsoft Corporation, 5.1. (xpsp.5)]
& & [C:\WINDOWS\system32\guard32.dll]&&[COMODO, 3, 14, 6]
[PID: 3836][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\SREngLdr.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
[PID: 3936][C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\SREd127fdb.EXE]&&[Smallfrogs Studio, 2.8.2.1321]
& & [C:\DOCUME~1\MYLIFE~1\LOCALS~1\Temp\Rar$EX00.442\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&OK. [&C:\WINDOWS\hh.exe& %1]
.HLP&&OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS&&OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.JS& &OK. [%SystemRoot%\System32\WScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1876, C:\PROGRAM FILES\TTPLAYER\TTPLAYER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1600, C:\DOCUME~1\MYLIFE~1\LOCALS~1\TEMP\RAR$EX00.782\WSYSCHECK0223中文版\WSYSCHECK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1600, C:\DOCUME~1\MYLIFE~1\LOCALS~1\TEMP\RAR$EX00.782\WSYSCHECK0223中文版\WSYSCHECK.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
似乎没看出什么。文件夹是什么名字?
oneyearslater
新建文件夹
Markel.Scofield
日志没问题
LZ装的安全软件好多呀
会不会LZ是在开着SD的模式下删除文件的呀
oneyearslater
额,不是,其实我一个杀毒软件都没装,是在影子系统中安装的,临时扫描下
oneyearslater
求高人解答
用msconfig查看启动项目,再试关闭可疑程序自动运行。也可尝试Windows注册表里“新建文件夹 ”路径。
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,}
我要回帖
更多关于 求电脑高手qq 的文章
- ·求求电脑高手qqP图,速度...
- ·求12套图集,哪位求电脑高手qq能分享下,谢谢!邮箱:812247253@Q...
- ·求一P图求电脑高手qq帮忙P图。
- ·1+1=几 求求化学高手解释答
- ·求求电脑高手qq整理一份建筑环境与设备工程的知识...
- ·求求电脑高手qq翻译 ~~~~急急急急
- ·求论题及相关材料,还忘求电脑高手qq路见囧人,出...
- ·求求电脑高手qq解答!
- ·求求电脑高手qq帮我把这个图P成彩色的
- ·在线求求电脑高手qq求解,要快啊!!!!!!!!...
- ·求求电脑高手qq帮忙,1-X2n方/1+X2n方...
- ·法语问题 求求电脑高手qq哦解决
- ·3D字迷求求电脑高手qq解答!
- ·求求电脑高手qq解答
- ·语法不懂,求求电脑高手qq
- ·求统计学求电脑高手qq帮忙单选题
- ·求求电脑高手qq推荐一些商务统计学的书!
- ·草酸分解问题!求求电脑高手qq
- ·求一个作文:难忘的第一次。今天就要,求求电脑高手qq指点。
- ·求计算机求电脑高手qq帮我填写下
- ·求高手帮我看看我求电脑高手qq提升?
- ·求求电脑高手qq指点此球拍的配置怎样
- ·啊啊啊啊,求求电脑高手qq回答一下啊。!!!
- ·求求电脑高手qq解答
- ·求电脑高手qq帮我看看配置
- ·优派7e 怎么设置3d 求求电脑高手qq讲解,详细最好,
- ·求求电脑高手qq帮我解决关于网站程序和模板的问,我给RMB的。
- ·有P图求电脑高手qq吗?求P图求电脑高手qq帮忙。。
- ·糟糕!网页无法访问。(错误类型:-2146697211)是怎么回事求求电脑高手qq
- ·求求电脑高手qq指导,怎么用matlab拟合一个二元二次方程:y=a*x1+b*x2^2+c*x2?
- ·求电脑高手qq帮忙
- ·求求电脑高手qq指点指点价格
- ·求求电脑高手qq帮我解释下下面的程序
- ·求c++编程求电脑高手qq,帮忙看看我编写的简单程序:
- ·求电脑高手qq点评
- ·求语文求电脑高手qq来阿...
- ·单位网络限制,连QQ农场都打不开了,网络求电脑高手qq求解决办法,邮箱tcf.
- ·cmd乱了,求求电脑高手qq帮助
- ·求求电脑高手qq帮我看哈配置
- ·求求电脑高手qq帮忙,有重谢
- ·求电脑高手qq,在线等,积分不是问题
- ·这个是从QQ哪个部分截图来的?求求电脑高手qq告知。
- ·求电脑高手qq白痴 求帮助
- ·求求电脑高手qq翻译下,我急啊
- ·求VB求电脑高手qq看看错哪了?
- ·生物:内环境中多余的H+主要从肾和皮肤排出 是对还是错?为什么?求求电脑高手qq详解
- ·NDT文件 如何修改啊?求求电脑高手qq指点。急急急!!!
更多推荐
- ·为什么酷狗会员最低是多少钱听歌要钱?
- ·为什么听歌免费还要收费??
- ·请问大德这个八字怎样解读。男:辛丑日甲午时出生的人年甲午月丁亥日甲辰时?
- ·有哪些关于适合五四青年节的歌曲运动的歌呀?
- ·一个梗说自己是战狼是什么意思
- ·浙江工业大学发放研究生浙江专升本录取通知知书的实际时间比公布时间早吗
- ·成语接龙大全证件后面可以接什么
- ·中考前几天怎样复习还有4天复习什么啊
- ·福建师范大学校社联联与院系社联如何分工协调
- ·体味下列各句中加点成语词的妙处。
- ·【完成句子,急】1.姚明作为一名顶级的篮球运动员而出名。Yao mingguoderongyao is ()()a top basketball player。
- ·显卡接口怎么看显卡?
- ·打印cad图纸打印机对打印机有要求吗?
- ·电脑的播放器播放最好的视频播放器的时候有一层紫色,网页播放最好的视频播放器都正常,唯独播放器的时候就这样。请高手指点一下
- ·windows7 xp玩游戏经常死机 不仅死机 还看视屏是会卡 有时看着看着就不动了 不过玩游戏不卡 用播放器不卡
- ·百度一下下载是不是他妈的全都知道。。我想知道百度什么时候关门。。。
- ·QQ拼音的音节是什么是什么游戏在哪里能找到
- ·湖南这边深圳铁通宽带怎么样样
- ·求大侠做下面几个 用C#matlab编程题目的题目 急急急急急急!!!!
- ·腾讯qq十四傲视天地周年庆庆典活动★★
- ·cmd乱了,求求电脑高手qq帮助
- ·g12刷机rom后游戏安装失败。。可以下载但是安装的时候就说失败了。。。。 求解~~
- ·求一个杰奇小说1.7破解版1.5的系统破解版 1.4的也行
- ·有没有一款软件让笔记本怎么发射wifi发射WIFI信号让手机上网 需要测试过 我的笔记本怎么发射wifi是XP系统 手机IPHONE4
- ·免费软件防火墙防火墙
- ·15、拨号上网的费用只需交上网费不需要交通信费。( )这话这样爱你对不对对?
- ·QQ上提醒有好友谁谁谁 歌词给你点了歌 是怎么回事
- ·怎么百度影音怎么用的东西要收费的吗?
- ·就是处理、存储、显卡出问题问题么?
- ·我想问下邮箱容量小,删除垃圾邮箱你会不会突然的出现提升邮箱容量?
- ·adobe premiere vobpro 怎么设置的导出才可以得到IFO 和VOB组成的视频文件?
- ·芬达2012广告曲mp3Turntable Commercial mp3格式的铃声 可不可以给我一份吖 谢谢啦
- ·欧洲杯2012赛程年2月29日国务院发布环境空气质量标准增加什么检测指标
- ·笔记本电脑不通电不显示通电的亮点,
- ·求求空间背景音乐链接,或者教我怎么截取也行
- ·fedora root账户14 中,在root中如何设置新的用户名和密码。安装的时候不知道为什么没有出现设置用户名和密码、时间
