在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

: D' d! h# _! I' B+ q. a9 B
2008-05-22,20:37:43
* H Y o: P! [% a7 m3 n I4 B
System Repair Engineer 2.5.16.900
8 j) r, Y G" H5 P1 w
Smallfrogs (http://www.KZTechs.com)' p' ?( n/ v+ j! p
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能1 C- ?, r& x" E" k; ^
以下内容被选中：6 v+ ?( j( M+ u% x. e, D$ I
所有的启动项目（包括注册表、启动文件夹、服务等）
3 H# e; k4 @' `0 W# D2 a2 u: j
浏览器加载项2 Z7 e& @3 b; T# Y; f$ D/ t
正在运行的进程（包括进程模块信息）
# R) M; O. b( Q7 ~" f
文件关联# V! {9 p1 F! Q! g' C
Winsock 提供者, @) ?1 d3 x8 q/ Z, o3 H
Autorun.inf
( \, r3 V8 u" w
HOSTS 文件
1 [, N( m- U) @) r
进程特权扫描7 v$ R& @! e1 ` M6 i
7 k# m6 X ]2 b/ _4 L1 `
启动项目
( h, Q& K( z9 Z- B
注册表
' U& b0 j- w+ D5 b4 M5 d
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
# f8 p$ s. W# f1 h
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]- }9 _3 J: _$ B. W) e7 y& l
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
7 J% f' }4 t. J% [6 z2 i# u$ B k
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]1 r$ a! B& y) I1 \
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
2 O- }* f; r: |) ^7 i
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
3 T' i+ ?. m8 i" f
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]7 k. \! c! c6 A, |6 V. v
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]/ h2 r1 _" \' i% K; O# d5 d7 S
<PHIME2002A><; > [N/A]
) N/ k, L' l$ [
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
' R4 C7 ?. i6 q$ L6 V
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]( @; C1 v, c' C) ]1 m6 B, g" c
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]2 I( Q: ~& L+ w+ i d" ^& l4 c
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
1 G' k, [7 U! D) o5 \8 G- I0 C' }
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]* }9 X* X+ D5 V& \7 p7 G7 J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]0 h- A5 O0 Z) l
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]" s; y: T' W+ ?8 T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]" t) E' W2 b. ^- p: t. d" J( d
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]2 ^' v2 w2 C4 ]. e) o( u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
# L( R; U# [: H N. u- `
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
7 d6 ^. c- t( W5 _$ \; H! ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]8 m) ?: h& J F) ^$ ~
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]- B# }; D5 T; A: S1 Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
4 m$ L* }) t# E& ]' H; G
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
* g' f" W2 d2 O3 T @! U4 G# Z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
, \( e4 Y& t9 `0 E+ M# S
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
3 z, q, X2 d' _4 O
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]. ~! m. W2 t6 Y9 ]5 Y6 R0 p
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
% r% z. v: f; o! n7 U& [/ s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
1 M/ d% Y' |$ q+ C/ E7 A3 r) r7 Y
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]; H L" E W( O8 m* d) o
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2 f$ W1 [: t( u; y. d6 ]3 n
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
/ E( i/ I+ x( z: G* b' I2 d7 y
==================================
. P. c* O8 u- M" c% f: h8 Q
启动文件夹
5 ^6 ^8 S) F3 `9 E7 l; @- P# B& F# g
N/A" F% @5 p4 i0 n8 k
==================================
! \% g' h% |3 R+ [5 Q# `
服务, I, o# d$ W" V- g, ~* M i
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]; E( @' r+ y r6 `9 v5 e8 E, V9 E' p; K
<C:\WINDOWS\System32\3wareSrv.exe><N/A>' j" a7 k& b# B( Y3 }4 C
[Google Updater Service / gusvc][Stopped/Manual Start]* u3 e5 @2 D2 e7 A8 U4 {
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
9 ^$ X# X0 Q* f8 i2 W, V
[Help and Support / helpsvc][Stopped/Disabled]
) }$ z! }/ }( e" p; T4 e
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>" [4 m. f" Z! s- r: y# X0 y
[Human Interface Device Access / HidServ][Stopped/Boot Start]# M9 x/ N3 s% Y4 `8 @/ s+ B! `
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A># a9 I$ ]$ u9 D+ o% V, ?
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
+ F8 J* D' W3 F' r
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
: T) f& U1 [6 i
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
: C# }( |( S0 ^ Z, Q! P6 \2 ^
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>' r ]+ t' l. p' [- ^
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]- q* W) ~# M. a% W0 x1 n2 A
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
$ e. z; j) B& q8 U+ d0 e( p) f
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
U% a4 A3 U l4 Z! K9 }! d
<><N/A>7 ]% U7 U: B1 H
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
. D! z# t- s" {4 e
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>" y) @, z) {) n, _% t( o
==================================
* o! T$ e& D8 n! [' f3 Y% d' z
驱动程序
3 p+ r5 F& T' M! I: e( V
[22j / 22jn][Stopped/Boot Start]
; n& `9 a' o3 }4 U6 z
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
# c) M; F& N% d9 q7 d n
[360AntiArp / 360AntiArp][Running/System Start]
! W4 j0 a7 f/ k2 ~
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>0 V! y4 m C+ A! _1 `
[43ec / 43ecu][Stopped/Boot Start], v4 I2 g+ h0 x, }
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
( Y" t" G- e B- ^2 z
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
7 o* S7 v& z- K/ k% z
<system32\drivers\ac97intc.sys><Intel Corporation>
6 P1 p1 Y7 {- {$ i; p6 m
[Promise driver accelerator / bb-run][Running/Boot Start]
# V3 p, e* P2 x. x) E& c T* w% N
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>! H: U. [1 q0 @0 W$ f0 x
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
4 P3 E- V% `' W- C
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.> }- y& @* @* E. a& R$ G; y/ H
[KAVBase / KAVBase][Running/Auto Start]
# o- c% E% ~2 X- Y
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>$ |6 X* W# v5 l$ u/ |0 W
[KAVBootC / KAVBootC][Running/Boot Start]
! c, k' _. ^& O5 G; l
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
" B8 P* M2 W1 Q. Q: p
[KAVSafe / KAVSafe][Running/Auto Start]
- t7 t) P9 j; j! x& Q! P
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>, M% O' e" B6 V; c1 n
[KNetWch / KNetWch][Running/System Start]! t9 h- Y I6 _4 p) c9 s
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
( d0 @. a9 d. [& l4 C4 c
[KWatch3 / KWatch3][Running/Auto Start]
. e O/ @1 b8 X
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>6 [2 V0 J" X- _
[ntptdb / ntptdb][Stopped/Auto Start]5 a: ]4 ^9 N' ~- W t
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>4 ^& U; r+ d/ ]1 I( ?" U$ |
[nv / nv][Running/Manual Start]3 d5 k. E0 X' q0 @
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
$ l1 l" s* M2 i
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]; v7 H& ~) r. Q! r
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>% a( e% B/ `8 K" q$ G* k0 _) B
[DDK PACKET Protocol / Packet][Running/Manual Start]
C! |, r3 X2 r+ l% P8 B, l
<system32\DRIVERS\ProtoDrv.sys><360安全中心>" k7 S3 E- j4 O5 J/ g) L* b
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
7 o+ s% |/ B6 p6 {: e1 ^9 z# L# \
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
8 C% [$ ~) Y# W% p8 `
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
4 E& t5 U+ L! E. o' V, A
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>* H" C4 _( p3 c1 G
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]( I: X. O, P! `6 c3 U7 M+ V
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
* S s5 K& U+ T; u
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
8 _: F. [4 [) f9 \; C4 A/ V4 I
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
. _/ {- h6 R. u6 \5 |2 W9 K
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]; }$ G+ g- q: ^) t4 H/ N
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
w4 a0 q0 \, `* b8 ?) `
[Secdrv / Secdrv][Stopped/Manual Start]
8 f6 G) R% D, \- d( _* h) M! @
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
' Z4 b, N5 Q( h0 G+ x
[SATALink External Device Filter / SiRemFil][Running/Boot Start]/ U+ | g2 F& G# j
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
1 N4 ?3 G. A2 m; b( q
[System Restore Filter Driver / sr][Stopped/Disabled]
# z, ?3 T' [0 L& l
<system32\DRIVERS\sr.sys><N/A>
# [0 e$ m& q9 X$ C
[TesSafe / TesSafe][Stopped/Manual Start]: [ ], N; q) W. F
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>! a. I: r2 v$ }! U( x" X+ Y5 t9 k
[System Services / unzxzsrs][Stopped/Boot Start]
4 d2 v; w! S8 P, m! }8 o
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>, |$ P* H4 Z! P& O7 G. V/ S, I3 {( g
[ViBus / ViBus][Stopped/Boot Start]
1 o! v, _* f- H9 V/ i
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A> P% b- G% B; i
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]; n+ \7 L- x7 k' m) N
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
9 [+ J; F' T' b |4 P
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]' T! L8 }* B; X6 v* h
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
" ]2 K5 | E7 ^
[ATI Extend / zhibmaso][Stopped/Boot Start]
; O; p& U: N. n! U, e# u
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>9 @$ u. U, w- s4 q+ h9 b5 ]
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]+ N: n6 R" d" I9 d1 Y. Q5 M3 `3 I
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
9 @% g1 n/ u, }- a6 l4 H4 i; v
==================================( P: x- q' f N$ f! D
浏览器加载项
N, x6 U" i( _; S$ o
[Google Toolbar Helper]
/ H) h2 U) z& {. N' p
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>! p) z9 p. k4 {: a) t5 p, o
[Google Toolbar Notifier BHO]
9 R; Y3 i- @( [. ?
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>! i0 H0 h) q, ]* u
[SafeMon Class]3 V! r/ z& v+ e: c, [
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>8 S+ m1 {4 W: Z [8 h9 U
[kingsoft browser shield]
$ i7 O5 d, _5 I, a+ W0 ~9 J* R
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation> I/ w; N0 B% k) ?8 O5 x+ Y
[IEBuddyExtControl Class]
6 Y4 t% u. A% ~" e
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
4 v4 v( l& } k5 y1 O
[Zcom 杂志]6 X0 u) H' A9 k$ a! x9 }4 i" h! k6 _
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
& O8 {- J$ q3 }, [0 ~2 \( j9 d
[&Google]9 T! w/ h! b0 [- ^, r
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>; l% H7 Z: F9 L* b$ l
[KooPlayer Control]$ c) y0 {% e% m: g7 G
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
/ ^- o6 F' f8 u! \6 y: C3 t5 G
[Shockwave Flash Object]7 w; v2 d: T) P& V( D
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>( N1 e( i* H3 B4 H
[KUpdateObj2 Class]) e# e9 ?' t" W& J' l
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>, |0 D6 y2 u/ A- G
[Google Script Object]
% R: r$ J: u* D
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
W# v% H# y* u4 v/ v3 C0 m
[EWA Control]
* v/ X7 @+ ~4 w" J& q
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
( U4 W1 _9 a( x' a+ W( B4 s
[Windows Media Player]
7 F$ x! \9 `% I1 B% M
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>4 O; c$ ^: z, H- K
[&Google]
1 P; y. |- G! Q) z
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>% e9 g6 M$ ~7 h
[HTML Document]
: ?+ h1 P. v' z/ p) y% l* t5 X
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>6 a s6 x9 ^# |8 t/ c
[DHTML Edit Control Safe for Scripting for IE5]' }% r9 b7 L7 k: Y
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
/ J& l$ `+ d2 w. `
[RealPlayer RAM Download Handler]; Z3 d( Y# a' v# r" B5 \4 M
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>3 a0 f, |: D# p1 s; g& q' W
[IEBuddyExtControl Class]$ c0 V$ Z& i+ i$ h2 i7 p
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>. u" O1 D G/ @6 i. t; h' D
[XML Document]
1 q' a; |6 B& X* D+ _. L) C- |% W. H
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
4 ]0 G( @0 n/ D, A6 ^2 k
[HHCtrl Object]. r* S% m, A9 ]3 v4 \
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
" U( f* |$ H' A4 d" H8 v# l' i
[Windows Media Player]; U. r- @9 g1 C8 w
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
; B" W. W& g3 x3 d; Q% r1 @9 k+ ^
[Active Desktop Mover], D& X! v( v1 Y5 D: X
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
/ _4 W; m) `6 p$ v- V+ Z
[360SafeLive]2 a2 M. ?& N6 V# J% }! ]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
; T0 Q& w1 D9 g7 _& g# R6 \
[Microsoft Web 浏览器]! g! F# L/ A# j1 z* A) x
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>: Y) t9 w' m* E# a, @' R
[Browser Enhanced Objects], ]% J1 P* r. Y3 V& ~* i5 X$ K% N
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>& ] e8 ^. p- h# Z% d
[Google Toolbar Helper]4 {" v0 m/ f8 t2 x2 p
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
& Y" o1 g1 v: s
[Microsoft Scriptlet Component]
6 x) }$ _. t# r: J) t
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>7 R$ g. R1 Z+ F V! _$ r
[Google Toolbar Notifier BHO]
' g% n( ^- z- `
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.> \# S7 C2 p9 B' w8 N
[SearchAssistantOC]. `8 T* C' J0 p/ {% ^; m
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
$ ^! \2 i8 J+ O
[SafeMon Class]
( [& F7 k* m- o7 E
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>! W/ M9 Q, ^ e5 c3 g: a
[RDS.DataSpace]
5 a5 P: V0 T. E& {" I$ r( G/ q
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>( M5 A8 W, v/ V) G7 g/ t: t( w/ [
[KooPlayer Control]/ Y6 S( A* F+ R0 v, L1 z
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
# F3 D7 ]: F& v
[AUDIO__MID Moniker Class]
- n Y. U. h9 C8 m+ ]+ o" O
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>2 F2 r* K# d$ \+ t9 A$ N- ~; U
[AUDIO__MP3 Moniker Class]
- X( ]+ w1 N: G
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>( \7 h- ~ f7 m4 G X- p
[AUDIO__X_MS_WMA Moniker Class]2 w9 i6 z, Y7 ? R& }7 @; \5 R3 Y
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>7 w1 g9 ?& b/ }5 T* K
[VIDEO__X_MS_WMV Moniker Class]: h. E. j" y, B6 ], `" _8 j6 ~
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
9 D7 T+ E2 M; z) R& X* z* S9 S
[RealPlayer G2 Control]9 n$ q( V) w. o* G; g4 A
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
h9 e( B3 V* J$ R: e- m
[Shockwave Flash Object] Q5 z( @, D$ v1 D
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
] X/ q8 `2 a
[KUpdateObj2 Class]
" M5 V) e. j4 C& G, [
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
9 c. e2 }9 r, y( j+ o
[kingsoft browser shield]$ H) w0 i8 T' w! o/ \" R
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
3 L/ h$ G4 E# m: C0 e% P
[PasswordEditCtrl Class]
9 I* _; \" V4 b3 C2 @
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>( Q) j' n; k6 n& b
[QvodCtrl Class]
+ T5 k$ ?2 h7 X! z' b
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
, M7 u) z9 I O* {- a
[&使用超级旋风下载]
0 l2 B6 f1 ~& r% ?: s* l3 \( z! j& ]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>) a- ~+ j6 @' Y) \+ l) A6 F" B
[&使用超级旋风下载全部链接]
. h# h# i+ y: Y4 g
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>2 `+ B+ f1 C6 z' u% |% {5 d- M
[使用迅雷下载]1 s# s' Q9 W7 l& N7 I1 V% k
<, N/A>; k9 |+ y R3 }* v# ~; q9 H9 e7 I
[使用迅雷下载全部链接]& w9 u& y# v3 }" [& W; T; S
<, N/A> K, p. p4 D3 y% d! l: h" }
[导出到 Microsoft Office Excel(&X)]& K0 O& q" @3 s8 U
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>1 e/ c }2 N4 [, X/ e& p
[添加到QQ表情]
, w" p5 p9 G; u3 G& C' _( w4 V
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>* d* T. M* q; B) W4 f
==================================3 {, V9 m& A2 h
正在运行的进程
' O( r) T$ }5 f
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' _3 G/ r9 b5 V$ i) `" q
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! }. Z, {! m5 J5 X
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! B# ]+ a% g( o
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]2 p2 S) u: c, O# b5 t6 R! }
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* x4 \' `/ Z) x- w( n: ^
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ g3 E3 e2 k* v; R1 l6 a
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 t' i' o1 g0 t" x: i \9 |' h
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 v9 n- R. X# s" J, Y- g* @
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 D2 F( D9 P. S3 |+ r; q* O" u U0 R
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; P D/ r% j/ `; a8 `- w9 z) A
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# l, U* i. x& p. h9 F/ l* s
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
8 C3 X4 y& y3 ~3 T6 a. D2 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) d3 P3 l( H0 O0 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* P$ ~+ B4 O( X
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
) h, l2 q$ ~9 Z" {: X6 v5 N
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( i. [4 z& Q# p7 U% n+ P; f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]5 O6 Q$ n! ~, }4 Q# Z# k
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
+ t. @1 p6 z5 {( v3 |
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
n( \6 v7 D. S2 v
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]0 s/ D" s1 L' b7 K
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
0 U4 t; [' |; `' Q8 ]5 A1 v+ n0 k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
9 r5 u- w- w: z- k
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
& Y; z" ^& Q: k- Z0 p
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]/ i2 P, K, x+ g; Z. a: A1 p
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]0 T }7 k; R( f S
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]1 `) o) o8 Y" T& j3 y& }, `/ H
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
N; i7 A) p: Z* v, d0 p
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 w( Y( X0 G+ O8 c, C$ M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# z# c |$ H) i2 p; a; i+ W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 ^' ~ D* K Z5 _5 M1 l
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]) T) p ~, s. U3 ]" p0 ^- a( {: u
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- I$ \% r+ J( V1 [. \8 Z% r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]3 I8 j0 A' O) @- J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" {2 g& K6 A$ g8 g, b3 s- `, N$ o
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 n+ w% x( v3 j# ^* j0 _
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]' T c/ M, t# m7 d; C
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]" Y, u' N8 A+ p" N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
+ }) _& c/ _ Z- g) t, d; ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" g% J* l4 X9 L/ e
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]7 Q7 u+ n) V1 H a- r& W
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
* M" b6 E; R5 |( @2 z& L
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]6 R# w9 }$ R! z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( |9 s' l( P, H5 Y6 s f
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( m I" w, [+ r/ n- B
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
U! g1 Z0 _& ]3 @
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 Q& @0 b9 s# O# }
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 ?* Q3 Q9 f) T
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
' p# x/ }3 Y% Z
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]# @) b$ v4 L& h5 G" B& h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. I/ y/ i+ X5 G! a. ]2 R4 |2 U1 `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) u5 @4 h& V4 M0 O0 s. X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( D7 l* I! F7 R( H1 P
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]/ q0 ]) t' j8 n1 l9 C4 E( V
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]# k4 t3 z; K2 L$ d7 t& p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]- E% }' ~' ]: X* |* w: D: z, V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]( r- Z, a( J, H" e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
1 x3 |6 o, Z# O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
( C3 [/ C6 H7 T3 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
: P( ~; b1 k" O. d) A
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]# U9 ]7 t; U) I5 @$ B8 S8 _, y
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
( V/ N9 Q% e8 w8 w. z
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! q/ e/ w( `+ p) n- K% k" I
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( i% \. y- V( a0 i- B/ g- v: ?
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
: ~5 }& s3 t1 K% j
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
, J! V8 [% X3 R* W( i6 L/ F$ x; Y
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
' g' F# L3 [ F' R0 I( }
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0], C$ W# ?1 {& F W6 O* r
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
4 V% I: r' B$ J$ A+ G( ~
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]# Z: Q S; R$ K; T
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( f% k8 [6 |) C: ^
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
7 c0 `3 z( l/ B6 @6 H; H
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' y0 W( i2 z6 U5 z% {5 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]7 g. o$ P& b- c5 J, p% j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 j0 T0 Q/ O# t9 x: n6 I
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: g+ j4 k; V n, ?4 q
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]& s8 C4 G$ Q) ~9 B: o6 h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" X- a* V; h; \6 \. o6 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]. t9 ]- O2 Q" T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: U/ |/ z- X' b4 W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ L9 o! i* ~ h/ a
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
3 \% w' D; N1 `1 Y9 z' ^
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]7 j' H: n/ G, {1 p. S8 J! A, _2 `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 p# T( B/ R; D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 i) L$ [6 f: Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) I A9 B3 n8 I: u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. E: r$ n9 \3 i) F- [& z
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]; f$ _) [, @" m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( `# x n1 V& ^% Z- \8 ~6 i! u/ \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]7 c* ~' S& Y( J3 ~+ X) g1 u+ F; g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]; O% h* X3 n; m3 \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]* z; i- n* B6 D6 O# ?
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]8 Y, W1 G8 M' S1 m$ w3 R! s+ r3 k4 {
==================================
* ^" o; A: p1 @. t6 S! P8 H9 L- F" P2 \
文件关联
& Q: A! X9 i, i$ P5 ]
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
1 L; R4 N" @" S8 W
.EXE OK. ["%1" %*]
8 z |& W$ _9 W$ l! J
.COM OK. ["%1" %*]
# m& X$ X: d- Z
.PIF OK. ["%1" %*]9 r- r: @; o+ T* ^
.REG OK. [regedit.exe "%1"]* K5 l1 W( r, n! K6 F6 u) l
.BAT OK. ["%1" %*]5 \6 q0 O3 R4 ^6 v# G+ y
.SCR OK. ["%1" /S]
) ~: l9 o. @4 ^2 I
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
@2 {4 z9 G) _) d3 _. m
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
" O( K9 B2 N L J/ k
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]/ X) C5 v5 Q) Y; S
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]. C- p0 p9 U( j& c* A. g- a7 G
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]' _/ E7 L' \4 T. W: s4 l' k5 Z9 S
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]% _3 P3 F8 A$ I, ^8 ?4 i1 X5 [& n
.LNK OK. [{00021401-0000-0000-C000-000000000046}]/ {: I- F' U' ^( _
==================================' M0 s- {: k3 q1 l0 _# h/ R4 C
Winsock 提供者) Z, E, w- X& A7 _& W* ~
N/A
; \) c% ?: S" `5 n H* u/ V
==================================
, `. y4 S/ C, r8 C" m6 q
Autorun.inf5 f q6 q6 e/ K" s: e9 x' ?
N/A
, z, I" W5 V3 |( B
==================================
+ q. U/ {+ u; C( P
HOSTS 文件4 l5 T( B% g' ?% C u
N/A: `# i. M) V' [! z, J3 ?* m
==================================
8 ~( W+ f- E* G' Q- a
进程特权扫描+ e6 p) I4 d; ?$ T7 @
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]& j% g; |! d f9 b$ E
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
2 b" \9 Z2 G3 U0 o6 G( C3 r
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
8 s7 g6 ^ }3 _' F* _0 N
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE] ?7 M% ?3 E* j+ H
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]) p. u4 F' Q f* ?
==================================0 S* x4 t" X+ h. e4 M
API HOOK
3 L! t6 X) m3 X$ L% @
N/A" g$ b& C: i( S& A% t0 `9 m; ]
==================================
3 W. q* s' Z& ]5 l# V
隐藏进程, i, |" R/ x+ a
N/A
" T# u3 w4 `+ ^, [
==================================
( \. _* k% f3 G" Y& ~$ x
0 B* S8 d* i6 B# @! }! A8 i

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115