在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

7 u# @* o- o# l
2008-05-22,20:37:43
. Z1 q" i- J5 V! ~1 @4 e: g
System Repair Engineer 2.5.16.900
* k# Z4 s+ F2 ]* p
Smallfrogs (http://www.KZTechs.com)
0 Z& m; R3 w; I3 G' _- f
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能' k+ Q# K4 B$ ^7 D \
以下内容被选中：4 s1 b }* L4 O$ U! A' X: ^
所有的启动项目（包括注册表、启动文件夹、服务等）
1 A' W! G7 L V! u1 F, j
浏览器加载项6 Y8 {1 _& j$ \: o B
正在运行的进程（包括进程模块信息）$ M/ C" h* }; w- a
文件关联
$ f/ |% ^) j& L( {6 L: h$ w) f
Winsock 提供者
' D5 H1 _# ]. P( p/ [ ^
Autorun.inf
* r I! O. i5 u+ w
HOSTS 文件4 ]; Y% g4 b# A, s- k
进程特权扫描
- A% T6 U& f6 W0 d
" _) E, u$ g" V
启动项目$ P5 n3 Q* h, t+ r
注册表) F1 D7 I, T# G" ~. C9 v5 j
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
% C L: C( x. F$ _) I
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
5 P# U; c" M0 S
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
1 z# T% }* P+ q( t# `3 a8 Z% p8 g
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
+ \0 V8 Q0 g* k& O) h1 P0 x
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd], q$ B' X3 \5 m2 f
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]5 ~) q2 h [7 V, V# V/ g! Q* y
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
* S' }# @7 W. @" e% y3 M3 u5 [. G
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A], G! f- n9 R8 m
<PHIME2002A><; > [N/A]( E, Z/ Z, Z! Q( M* S
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]6 I/ A! m" X8 M
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
9 S7 z# g/ Z {
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]. \1 T6 o# Q) A
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]$ R. g6 I" j6 X+ g
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]; F0 u+ c1 z3 e$ M7 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
4 @: R: s7 u) a, z5 Q
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
& p9 @0 `2 G0 ]5 T- }; X6 z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]8 }+ P3 j' M& C4 |2 W' ~" U- U
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
6 R: d. K+ Z6 U6 L& \! {8 R* c" w) g: Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]2 _# X) \2 {2 I: z/ {
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]6 ?# C) O3 @3 u' ]1 k7 D" r# G0 ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
, [9 `* a! u) E& H0 ?4 }3 @ V+ R
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
& Y* i& E" y1 y; s2 e3 y, \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]9 R% Q/ E3 P8 S z! c' ?! [; B
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] A( a# Y- p2 U) l7 K* ^! U$ h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
8 l- A$ E& ?: i6 T9 s( ]0 d
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
+ m m; k1 b+ P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]: v1 U) G; l8 Q8 j0 q
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
9 {* B2 |; m; n6 {8 v; D* l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
0 r1 E- {9 Q3 x/ w8 L# b' {
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]+ {' ~& f! |1 f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]* I- h" w7 e6 w8 U
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
& @8 Z/ M- s: M9 y+ K' o+ G8 m! e
==================================9 ~1 C N' N3 q: t+ o
启动文件夹
5 @1 s% X: Y( {( _) d8 b8 j8 P
N/A& c; m/ f5 A' H: H8 u7 O* M
==================================" P, N( R" k! K/ B& ?- W" S
服务& p; p/ Y2 n& O. W2 P
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]* n3 _& v: E/ L6 h7 ?7 V
<C:\WINDOWS\System32\3wareSrv.exe><N/A>8 U, X5 [! x) Z) d( a7 o5 p }# z
[Google Updater Service / gusvc][Stopped/Manual Start]
# d. j2 ^ t- W2 x
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>6 d5 B( Q3 c+ ?. S
[Help and Support / helpsvc][Stopped/Disabled]* C7 Q( u3 H& t4 P" L
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>% F; s* D# S0 E1 ?) \ c
[Human Interface Device Access / HidServ][Stopped/Boot Start]
7 B+ a$ z$ ~; y8 W+ h5 p
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
1 c- Q' m5 r5 K; x+ [/ _0 t' s/ v
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
6 ?- L) I$ B' Q5 c0 l" k. ]6 N% N
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>, O6 u' t3 W$ e% r
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
3 F2 M9 S9 X& V* C9 a6 n
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>" Z' a5 D* ?# P7 o& \+ X5 A7 p
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
- l2 }( r" z, R' v
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>/ j/ z2 K" r" U; v {# k% s
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
0 Y# m+ F) {& O, G: ^
<><N/A>
( V# a, r8 F$ A7 \7 `0 j
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
6 Z) k5 E& G6 t- ^; y: A, c6 W
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
" S4 r1 i3 p7 K1 g% p6 F" r
==================================
* o' K0 H" X9 u* G0 M
驱动程序
6 f9 G3 h% f3 B! ~
[22j / 22jn][Stopped/Boot Start]+ L2 Y3 r6 g8 w5 r- M8 Y$ B5 c" ] {5 N3 c
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
: H# |5 n: g' X, I1 Z6 _
[360AntiArp / 360AntiArp][Running/System Start]
3 c/ c# k6 F/ ?) H' l* b
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>+ ]: _! ~9 A- {! }0 t1 c7 U1 r
[43ec / 43ecu][Stopped/Boot Start]
2 j% U7 ?+ @/ A; O. z: T
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
" J& R, {+ R+ [7 o: M3 v
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
/ _, H t7 B* b4 ]" V( `
<system32\drivers\ac97intc.sys><Intel Corporation>; r2 N9 e v% u. y* A
[Promise driver accelerator / bb-run][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
3 o& X8 [$ i0 y/ i; N% i p7 Y
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
3 {! g( Y6 W! L' {& L8 t
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>$ d* M; _' `1 r) f; i
[KAVBase / KAVBase][Running/Auto Start]
4 D( h5 g* N% t" A. f8 u
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>' t4 f# h6 j; ^- a5 L
[KAVBootC / KAVBootC][Running/Boot Start]* e4 T) W- _; w# O Z
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>! ?1 T7 T" A' K4 c. T" R( I4 G
[KAVSafe / KAVSafe][Running/Auto Start]7 {2 e% R& A; R7 Q- d( q% o( r
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>: F3 x1 e! M: g y& W* ^) T
[KNetWch / KNetWch][Running/System Start]; a& `. v. e. M
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
6 Y: K- `9 }0 a
[KWatch3 / KWatch3][Running/Auto Start]
Q) ^3 B/ H4 [* `
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
9 r4 p# [7 P4 W
[ntptdb / ntptdb][Stopped/Auto Start]
1 Q3 G. n# g. g- c1 _
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
% I/ k1 v% Q; E8 X4 T6 x( k3 V( B; C
[nv / nv][Running/Manual Start], o0 ]# ]; y H3 `5 d
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>& X" h- H, t) t9 b3 ?5 |, O- b
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]1 q7 v: O* P- A' A& s/ e
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
% i! d1 d$ @6 f9 K
[DDK PACKET Protocol / Packet][Running/Manual Start]
4 E, ?# c1 y0 ~% D" g$ s( m
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
N& n, @3 `* H
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]7 g$ w5 R H, f S) U
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
0 L- E- \6 g( P3 e
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]& u2 B' R' C6 ]- @
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
7 i0 ] L% w! f. w
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]8 K* d h# @# {* I0 S' H2 q
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
: l7 O# U- p* X4 S* F2 ]8 t* Y
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]. m/ b+ z: c6 ?* Q) @$ d# S. ]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
/ k4 Z, f+ n/ ]: S9 {1 `0 v
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]1 K( ^2 V3 x3 K. P2 |6 K" p
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
9 j o3 N' a# K, f0 u
[Secdrv / Secdrv][Stopped/Manual Start]
% J/ [( {9 @; u6 z5 G1 v; u
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>& Z- B: u3 @# [ S) v% J
[SATALink External Device Filter / SiRemFil][Running/Boot Start] j ^8 N Q$ S C" K- z2 x
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>2 f+ K" y$ z3 A3 r3 k. h
[System Restore Filter Driver / sr][Stopped/Disabled]6 S+ |* X0 u) B4 V7 K/ b
<system32\DRIVERS\sr.sys><N/A>
" P0 w7 {' e5 o( f8 u- P# _
[TesSafe / TesSafe][Stopped/Manual Start]+ R/ V( a6 B5 }$ v6 W$ u; |3 _2 W
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>( p) g8 s, b" m e( N
[System Services / unzxzsrs][Stopped/Boot Start]
8 ]0 Z+ Y- z2 |9 m9 G& ^
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
9 z% T* B( {0 `) f
[ViBus / ViBus][Stopped/Boot Start]
5 `" I# i5 v3 I/ e! `3 o3 f
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! o) O' \# T+ f: C4 f; U3 A4 \
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]. G0 Q: `: b2 F; _6 l
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>; B0 K( t0 M H
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]& v I6 ]. r+ ^0 ]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
6 R% t5 P- P9 ~* J: A
[ATI Extend / zhibmaso][Stopped/Boot Start]
4 u- m( J0 `* n6 h* y
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>: i; g1 {, Q1 M5 [( v' R( i5 e
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]! W) H2 a% x- \, J- |4 U
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>& j* Y' T3 T3 h
==================================4 Z2 V2 M7 T! M6 k& b. y% `
浏览器加载项
/ f4 a8 P, t v u/ K8 S) c
[Google Toolbar Helper]
0 b$ b# f% C D( u
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 d8 A! s: V0 E9 F. }4 e
[Google Toolbar Notifier BHO]" y. G" Y4 E9 h/ Y9 g+ h% V- Q
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>; L# p5 `0 _5 H5 l! o$ n
[SafeMon Class]
+ C0 C N9 `6 N2 e( q( n
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>' n) J3 j4 F5 ]3 Q6 q, K- L
[kingsoft browser shield]
, v9 N u+ P! T+ z
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>4 _# G, |2 s% u( t. f8 \
[IEBuddyExtControl Class]+ \ }, T% ^/ [. b% w2 d+ B3 p
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
- r3 L' |/ A% |6 P: C @5 j
[Zcom 杂志]
y. C7 G3 e: X
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
) H3 y) @& V9 @0 n3 I/ [' }
[&Google]5 S8 F, b5 `9 j% s! Z( ?
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>, e4 T' C' T( |8 K4 l5 z
[KooPlayer Control]
5 Y; S& s( L- _! P5 s7 O
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
" ` |3 M6 e7 M! J4 n2 f1 M
[Shockwave Flash Object]
. u" z% w, h, v: ~) B4 @" Y
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>9 y: h/ A1 V7 |' \: g, L2 r8 K
[KUpdateObj2 Class]! [# X9 c% K) R2 \1 g& I& V1 M
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
+ b7 C: u& s2 ]7 @; O
[Google Script Object]
5 H* a3 |, i1 p- |
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>, y$ b p( p1 @! k
[EWA Control]! A3 t2 G% J+ F% |' d* V/ H. d
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>8 |$ g0 i- L4 q# |+ z/ m
[Windows Media Player]# s h" Q7 S+ V0 q f- h; G
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
7 R/ E J, s0 b1 Y9 E3 d
[&Google]
3 ~, R8 @- \' z" Z, S8 d6 h- f* N
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
. @5 {1 _- P1 ]/ B. m6 ]; ^
[HTML Document]
) j1 C3 U6 S9 D3 U4 j
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>/ c9 \9 Z, b3 ?3 A, D
[DHTML Edit Control Safe for Scripting for IE5]
. p- R1 a+ U( P A4 H; z6 x( t1 p
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation># p( R! r) \4 U, ~+ d
[RealPlayer RAM Download Handler]
' k; C4 p& m6 e# w9 O g) _
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.># O1 ]! M6 N; F; P9 W$ x
[IEBuddyExtControl Class]6 t% M1 R: K# \- J+ S
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>' q% U5 r* U* N% n
[XML Document]; n# V: N _; w! o3 Z: l' h! D) q
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>5 e3 f# f) `* F1 Y7 H/ V a
[HHCtrl Object]
" t+ Z8 J$ X7 o
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>5 j, I& m# ?* E# `; B$ K: n) z' S
[Windows Media Player]
+ k! I, P, D& H* ~! s8 N
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>( w7 P2 B$ T" d) B3 A$ O; |
[Active Desktop Mover]/ ~! p* e+ ]5 e
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
7 h* V3 {0 d5 L- t7 U1 J7 R- P Y
[360SafeLive]
5 }, y6 A" U7 G: `% C; z
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>. m) O* H+ @* q2 ? j$ v2 x3 }: |5 |
[Microsoft Web 浏览器]: a$ N# m$ R0 C2 B
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>2 e$ W* U8 z# I" P5 e
[Browser Enhanced Objects]
4 X; ^& `4 a+ y9 Y, p
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>0 a9 O) P @: j. s$ p) @1 [
[Google Toolbar Helper]
' l9 a1 X" c* r9 S# g+ T `2 [
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
1 E: z( H% x' T$ i! a, m* F6 ]
[Microsoft Scriptlet Component]
# q/ C0 a- {3 q9 ~* @( D) `
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
8 q2 b8 h' Z4 G$ L
[Google Toolbar Notifier BHO]% g6 E/ R/ z6 Y7 b, J& u
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>- q. l4 b/ B" Y9 e7 A( x
[SearchAssistantOC]
- y$ u1 r9 {% @3 |! m
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>. w( j3 z0 r/ i4 Z0 H) ~$ B
[SafeMon Class]$ q* J, Q% t! d6 X
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>- q5 `# ^$ e7 I) b- c5 r0 J9 ]
[RDS.DataSpace]; Y- N& S$ Q; q0 ?
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
& ?3 I& C: |4 q; A7 i
[KooPlayer Control]: I$ c: Z$ m$ L, e
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>( _$ q4 `- \2 p0 k8 y6 i
[AUDIO__MID Moniker Class]! Q3 q9 [+ C! @& Q l
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
7 j* T3 n/ ^2 J3 W. ] @
[AUDIO__MP3 Moniker Class]3 W; B8 Q1 x9 s ]( i
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>- n; H+ V1 _7 {0 `
[AUDIO__X_MS_WMA Moniker Class]3 W$ v+ O/ ?: c& J2 \8 `+ P$ V
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>, S' O. L1 V i+ v; `6 f
[VIDEO__X_MS_WMV Moniker Class]4 ^# x m" ]' o
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! p- ?. H7 p4 |: [4 Q2 t5 d
[RealPlayer G2 Control]" F" H$ g$ Z7 w i/ i& U) u4 T$ F
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>& ~0 U: }, b: _) k# @
[Shockwave Flash Object]. d9 _2 |/ L5 P" X- @1 d9 ~
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>3 o& S. X# R. z, P: m) n( @+ }& g
[KUpdateObj2 Class]
8 B$ j% k2 o3 n9 B; z
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
) ]3 M+ ]: U- s3 U4 Y+ l. F
[kingsoft browser shield]) c+ F3 i6 g; I6 A
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>( V9 B# C- W5 B% O
[PasswordEditCtrl Class]3 |: Z, o! u; h; S5 t% Z' ?
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
" m) _0 ^! H% @0 G# l0 P. p
[QvodCtrl Class]
* j# S4 K6 w# F$ O% ~5 I. |2 X/ z
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>: L, K8 a2 }: L; r4 Z8 n
[&使用超级旋风下载]7 y& r s% _; f0 J' w7 Q
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
8 q' }$ D& }- Q z6 a; [
[&使用超级旋风下载全部链接]( j: h; M! ]; j$ H0 D) i
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
: F/ D( X" B& |" n, D( O
[使用迅雷下载]* m, J6 R+ c! C2 Y9 C
<, N/A>. r" l9 }- [& d' u% @' `2 y. ^
[使用迅雷下载全部链接]* k) @4 \- I5 c" y6 z: u
<, N/A>
( p4 l+ h3 \6 h
[导出到 Microsoft Office Excel(&X)]
' }- @0 Q- K' Q4 ?
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>$ Q: ^5 Q+ i0 B7 ]2 W7 N
[添加到QQ表情]' S% f( u- F: \( }9 |6 L" p! ~
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>% i: Q. {: S& e$ V
==================================5 p+ i/ I" |& x
正在运行的进程
# m+ {0 ]4 a9 {. z# y
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- N* X6 D7 O4 ?/ V* j& Y$ E
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 S s$ s( c( Z
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" R# B; X0 Q. `5 \8 E/ c: g5 H7 }
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]1 c" {% P! M' X& r# v) d
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# I; b* p& Y: V
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 h7 {4 {/ Z) W1 n) b
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, `0 a" ]* r) A4 r5 R
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ u8 z/ s Q0 L
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ K9 e# F( t$ w. k" i! F
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% j. D1 f% g2 B7 w4 @) y x
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; [) s# I1 j7 ]/ J2 f9 B; `& p) c
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
1 n& e7 M6 S; o- A" k- `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! @( C2 e6 G8 I# G/ g$ s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
6 z6 ~5 o# R0 W, L4 d5 B: L
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
. J" O5 `. f G m7 ]1 }
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 D# P, y3 q5 q% t5 c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]% Z& P! r3 t% a$ q+ x% n
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
( z) {; S" V% ^- _4 Q* Q
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]* A$ W# w# l7 ` w! v# \
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]. t2 _. \% ?/ f, C6 d0 H: p4 D
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
- j; k. }* m! {( F- u. ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], e$ l& k- H+ I2 O" \
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
9 [: M% `- d! g1 `0 t* { D
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
5 X m0 I! D7 B% o
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
* r4 ?$ m" P9 ^- H, m3 S9 D
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
! _# v7 Q; x# v) `5 S
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
+ E5 P; M2 W9 y4 B% }
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 G, h. R6 t0 I6 Z6 g7 R+ U R. E" X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ @* F& a% x; W; X3 U; f! N: U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) v# b& _1 n8 b( o. ~& N. v
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 M, c6 J. Z! X) b7 i/ f9 \
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ D7 `' _6 l, u! M% B4 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 r2 x+ d/ z4 Q2 [& d8 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. X) s% P" Z" R1 b5 H5 z! c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 R; o- L; L3 r2 U: p
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]1 E" ^# l2 S. s4 C
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]7 S7 [) s! o% [# @9 n, p+ M/ J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 k( a! ?! m: `4 |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], ~: K3 W7 g! |0 H3 T, B; f
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]9 Z( l$ V0 `2 x4 y' \( `7 h
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
' _7 B% ]9 d# m2 ?! _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& x* z' i" y2 ~! C" P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 @3 m' v2 A Y2 U% [6 Q
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ x% v" c2 y/ l6 _0 ]! @
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
( V: u) y- q0 I1 R4 C8 \
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 d2 u1 I$ S8 H9 ^9 _) K" v
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! f' z5 D$ k8 G" _# v s1 t
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]. M* [6 u( _1 u3 P4 `. _
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]5 A& M6 H% m! e9 ~
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* q$ y5 F# ]; n9 D" {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 ^$ z# n9 ]' r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. {3 h, Y# X4 ~
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
# Z9 T9 \( U# Z* {% Y6 _
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]5 |/ } S6 G6 [. n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
# O& [4 S5 ~% M/ o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
{9 Y% L+ G- f! T8 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
. S# \; n5 i- ~) b2 r8 C9 u! D5 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]( X7 {5 |. ?, A4 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]4 C6 t6 i0 L6 x* @
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
5 A0 e. C) {% _; D' h3 I! M
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 `" x/ F: u# }- |- B
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 @" n' s& L3 m# p/ f5 r; O* `
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]* C: [0 w7 r0 T/ V+ r; Y
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
4 E2 g+ m. {& m3 f8 X( J
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]0 _: W& e. j1 I; a1 E$ s, _
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
) _1 z& N' k7 C) U9 g
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]' h6 k4 }9 V& W" b* F; a
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
2 ^) F7 s* e; }: p% J/ @4 H- J
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
7 |/ c+ \6 U- V' G% N0 ?/ S. h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. L& W' G- }; Q7 `
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
; t3 J, v* G, o# ~! _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. v" z1 R3 @: k5 u6 u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% q' x, ?3 V( l Z+ m/ K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& F( J1 O1 L$ s- ?+ G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. L6 B7 c! ^1 {1 `) x
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
" X; o8 @* N# ]8 B- u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 E$ ^$ Y" K0 z+ i) J S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
! F" l7 n& \1 Z0 b7 e }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- h; F0 e3 q, o$ ^! q% h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: e) ]' \4 y/ ?- m6 j
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
% |0 E4 _3 r! k1 W) b
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]5 S) I- D4 U. H
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% K; ]- y+ c, i+ i9 S: @- B, ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
5 ` V ~. M# _# b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& q" Q: X' s+ S5 w5 c3 E
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 y, ~$ Z' }! ?! C" a' }# |; g
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
$ a D, o6 N# O( a7 Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% P0 S3 l8 J _9 Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& m Z& f) x0 d0 c8 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' {5 |0 ~' z7 ]& O2 i/ _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 H [; E% w! [. i7 u
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]7 V- c5 `& b' {0 _: ^
==================================2 }( C- I& G8 m3 Q
文件关联
: Q$ a7 B$ f( c1 V# u. a5 i
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]" q. k" A6 Z& V& k' u
.EXE OK. ["%1" %*]9 m' }& S' ^' B( i3 m6 {+ O- r
.COM OK. ["%1" %*]6 M3 `6 q$ k( ]. w. i
.PIF OK. ["%1" %*]
+ e+ k5 w1 g1 k" e# J: B: m3 l @/ E
.REG OK. [regedit.exe "%1"]
6 L6 o( r' U e' G
.BAT OK. ["%1" %*]
# s- u* J# ]* n$ P% t5 i
.SCR OK. ["%1" /S]7 x4 Z! N. k4 [# y/ @3 E! w
.CHM OK. ["C:\WINDOWS\hh.exe" %1]& m3 J" [/ n, g! m Q* F2 @
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
, k- \2 ]8 O5 Z2 ^9 w) M5 s( c
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
Y& [& J1 o3 [$ A0 i/ _ A* H
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]# F/ q I( J4 r0 J/ W
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
. x7 Y& r) M. g( M
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]/ n( }& n2 H f, ^5 I
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
' ]! S2 s1 A2 ]% c* `( R+ A8 c
==================================
3 J7 `5 a. \, K: C1 F! g/ s) u+ q
Winsock 提供者: [" a6 G: g8 C' S6 r
N/A
L' w; E5 }7 v
==================================) b; {1 L. J3 L- J
Autorun.inf! S4 F, c- y5 D; u% l. R
N/A
% U$ A2 j" ]" w9 k+ K9 x; Y- @ z
==================================3 G6 ^, M/ Z0 Y0 S
HOSTS 文件
* B! I$ _! R# E3 c' p* D6 v
N/A. K+ f- ~6 }0 R o
==================================
8 i: p1 m( C0 V3 q9 Y
进程特权扫描8 R5 Q' \2 R$ ~7 _6 `1 T& Y4 ^
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]7 }8 j& C n. |; z! e
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]* A7 P: X4 y9 u# v; r
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
4 S- ]; R; n) \2 Q
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
. C0 k/ l/ C/ K5 H. F% z
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
% w6 U& {5 t+ E6 d8 h, V
==================================
" h& [* Z/ F3 ]' Q0 M( \/ f; _
API HOOK$ ?( C& O6 I3 Y2 I2 z
N/A3 s" A4 n0 d! [
==================================8 c. ?/ R( ?( d' a% v: K
隐藏进程
8 ?) J" C( x' I4 y, y1 [7 ^# T
N/A
7 S d) i$ f, X; P6 C: f/ Q2 i
==================================
' g" ]- }/ p. x/ f+ Q
9 K% x6 Q& N E _" [

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115