在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

2 N2 I' y2 O* z+ h' S0 r
2008-05-22,20:37:436 @7 E4 u2 E' ?0 T+ k7 O& }
System Repair Engineer 2.5.16.900
2 ^2 B( R. ]( s+ _# U6 @* J; f( n
Smallfrogs (http://www.KZTechs.com)
* A+ {0 O P% a/ b" ?" u1 Y2 H+ h
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能* Z2 Q6 U5 L+ _5 _
以下内容被选中：- O0 \" m; C+ w/ D: ` B- J
所有的启动项目（包括注册表、启动文件夹、服务等）
7 T2 r* G4 v2 r6 k
浏览器加载项
' I1 I5 m# @1 |) Q
正在运行的进程（包括进程模块信息）; L. m$ D, j- g1 V# t1 e
文件关联+ X% q3 ]& U. O! O% G
Winsock 提供者
+ f7 i+ H7 Z- {# M$ x
Autorun.inf
5 f: |! i1 G5 C) Q
HOSTS 文件. D' [4 {5 C& T& ~ P9 m% V
进程特权扫描$ H0 T' ?! b/ X: \9 b: X2 ]
\0 R/ _5 Y. ~1 c, m( k( R' ~
启动项目
6 O$ t0 |) ]; Q( N8 ]( e1 k
注册表
' `, I% p% Q l& \: `8 c- O
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
' C# P% f3 w) w7 u6 i9 ]
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]- a3 I. V1 N) t! @, l# O3 |1 W5 g
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
( e2 l3 T8 g3 k% F0 R9 o* E: p+ Y
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]" O5 T% S% P1 |1 g$ L
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]$ l4 ? f5 C ?8 f- H9 ?
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
* R9 Q' e/ M8 b0 @ p
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]- |* K) p# m0 Y* ?7 {* B( T8 t
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
) L9 T% ?! n& \5 Z' e2 l
<PHIME2002A><; > [N/A]) H, V" ~3 w! Z' S' Q+ Y
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
" ^) W& D% Q/ C7 z6 n
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
( v" i) K- M' L
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher], T$ M$ i* b7 ]" _( Q7 n/ v* `1 ]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
9 H/ J) c: f) E3 i# s5 J' Z* Y3 D5 N
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- e+ S" u" _( D+ p0 p1 k K: d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
3 s9 o' A! V& s
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]% l! e9 ?2 ?7 n) m4 V [# A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]6 R0 s' Y$ M4 ~/ q+ T1 [
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
4 i1 V! O5 n4 B4 X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
/ F; G$ E6 W: Q5 b5 E) x7 p- y
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] Y3 M$ F: x) V; P# c. M! d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]/ L L2 R" ]7 Q( W! _' M
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]& Y8 \. a7 S+ N
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]3 F0 M; L. c: Y, q' A! {
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
& q" k; q e! L* M9 T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]1 R4 U6 S! D ]: t& a% w0 J6 g
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]) Q9 ?$ p: B# d' b* |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]) k7 i! p! k$ |7 u. n* _4 q
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]0 m. P. n$ v+ Z; N
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
' ^& r, a8 R8 ^) C& |4 K6 j, Q
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]( m6 ?2 s9 b3 T; b% e) {9 z, r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
% K9 K' g2 z! [/ N# k
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
% E+ l6 \$ p+ H
==================================3 I+ t3 M' z! R' X
启动文件夹6 w! H8 A! @/ m. J! J0 ?
N/A- X5 O- K( [& |% R8 x# a5 n& R
==================================' I% H$ P7 p1 t8 ]/ \/ F. e
服务) b# M% I g3 B6 Q4 D4 w4 J& D
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
8 h; S$ q1 S# \& Y7 [4 U
<C:\WINDOWS\System32\3wareSrv.exe><N/A>8 ] l* p0 v, u
[Google Updater Service / gusvc][Stopped/Manual Start]
1 K3 p6 L: I1 |8 z7 N3 l
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>/ w; ]# d# _" z9 k# O$ N
[Help and Support / helpsvc][Stopped/Disabled]* E3 M9 X4 b# J$ l) m; S+ K
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
. m/ [ j+ `3 R% S0 B) i4 H- b
[Human Interface Device Access / HidServ][Stopped/Boot Start]1 F& A- c# @" Y0 y; M) l
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>. U, U' p. @8 T) i0 ~( z8 D( \" g
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]* y1 n0 T" j" U1 P
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
( T: k# L6 z, Z7 S8 j4 s9 d
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]; K8 y" p \& M& S
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>! X' x* O4 u# ] N( Q! j
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
9 i% E t8 E5 S' A9 S
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
- D6 s- J v0 L2 p" M
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]* g* t$ v& j8 l/ V3 W+ }- p) M
<><N/A>
- g! o! X% R+ y/ d$ e
[Qvod Terminal / Qvod Terminal][Running/Auto Start]9 {, X7 t1 u5 H& d1 k
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>2 ~' ~4 b8 Y F2 p* C! i
==================================
0 H+ l7 x+ g8 [4 H5 _' h- A4 ?3 U
驱动程序" W6 S9 t3 Q9 b
[22j / 22jn][Stopped/Boot Start]# x2 y" k ]) A" L! L
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>3 c: H) ?% ?2 L" R, [2 _
[360AntiArp / 360AntiArp][Running/System Start]4 Q) d2 K# m# o+ t$ K/ R
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心># N) S9 t3 [) y' P9 q: A K1 T- X
[43ec / 43ecu][Stopped/Boot Start]
4 Y0 I+ l0 p: \: @
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>9 S0 ^+ u2 _, `. A. ^; G, F6 N+ v
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]* y. m! x8 V1 v9 Z3 B
<system32\drivers\ac97intc.sys><Intel Corporation>4 N& W3 J7 D6 w. o
[Promise driver accelerator / bb-run][Running/Boot Start]
4 z2 o: z" j" e4 W/ j8 a+ }* s
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>3 H; Q h! C2 t8 h; L8 d$ B
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]% L* P& ]) m. g; S2 I
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>" `1 B$ j0 _& p' U- q! Y0 q% g
[KAVBase / KAVBase][Running/Auto Start]
; s8 x+ R% n# F# ~+ \
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
; e' M$ Y# Q' F; l9 i
[KAVBootC / KAVBootC][Running/Boot Start]
$ D. ~4 y5 Q5 {
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
- _1 B4 v, E, O: G1 U6 K
[KAVSafe / KAVSafe][Running/Auto Start]
$ f8 z; H \' e, I6 b+ l+ u
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
9 v4 Y7 F# J3 b$ Q: ]% R. x5 X f
[KNetWch / KNetWch][Running/System Start]: X4 f' a/ m' n" R* U3 h
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>$ w, E$ D' e, k5 B- Q; {% G
[KWatch3 / KWatch3][Running/Auto Start]
6 N9 V6 D7 p2 r( X
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
# m5 X; L3 [9 T$ S- ^5 U3 V
[ntptdb / ntptdb][Stopped/Auto Start]% O3 {. X! b1 c* e1 C# O, M% y
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
; m" Q4 t. r; G* E, ~
[nv / nv][Running/Manual Start]4 }7 H, X/ o" [% {% y, W
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>; k1 b" o f, ^
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
# V* d: G+ ?$ f2 C% @/ Y+ l, M
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
3 F9 J- l+ k1 K ?0 D, |; t- p
[DDK PACKET Protocol / Packet][Running/Manual Start]4 j* W8 R) S9 ^/ e& {8 ]
<system32\DRIVERS\ProtoDrv.sys><360安全中心>5 M' D w. {8 q+ n$ ~2 D
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]# n- ^; s$ K0 p: u7 @# Y f3 i
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>3 u1 R1 }/ ]! K1 P
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]0 F. u- _% m8 c4 C1 G
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>* w' s7 O' J4 N) `* e4 M
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
* C n* c$ c& E8 Z$ g$ w
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>. p1 J! _% k* F1 R) ^" S8 c
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]) t9 Y$ i J; l5 Y+ ?+ \1 y
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>! D) F5 }$ z% j2 ^
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]2 Z7 R3 N8 L. T- A# F5 [8 w
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>: _4 T8 M" J) p: k
[Secdrv / Secdrv][Stopped/Manual Start]
& S3 e2 g( d4 s( m+ `7 ?# N
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
8 X8 D$ k6 v/ x0 _
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
. c' c( G# g& Y% Q* t! o
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
3 q/ A$ k4 M2 T6 c
[System Restore Filter Driver / sr][Stopped/Disabled]; V0 {/ l7 z" I7 n
<system32\DRIVERS\sr.sys><N/A>0 v& Y$ j5 h. t" m1 @& _& g
[TesSafe / TesSafe][Stopped/Manual Start]( j0 a/ h' `3 V' y/ l, V1 i6 z- h
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>' d( K" I- r7 ?
[System Services / unzxzsrs][Stopped/Boot Start]
% U# V# M$ h4 }3 M8 P, ]
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A> p6 P8 y5 F t
[ViBus / ViBus][Stopped/Boot Start]
" r. c4 c/ k! `6 n
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>4 @" P$ w9 O9 Q7 N1 z
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]2 |0 ]1 \+ \% d. L- ~
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
+ V2 _4 ]2 J2 b
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
) @: s& b O+ C' w
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>0 Y- U! m% ?7 k" X
[ATI Extend / zhibmaso][Stopped/Boot Start]
/ [7 C" ?$ j- [1 m6 n1 \0 I: A
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
+ ?% j( \- Z- s1 Y; L. R- _
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]$ r) P+ q4 D, N
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>7 f( \4 D6 ?. E: S% S4 n
==================================
4 U: f; @2 K t2 d; x. C
浏览器加载项- h6 o! c/ t0 v6 ^/ y( W
[Google Toolbar Helper]
+ ?3 e! \( c+ P1 C1 K
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 Y* q: O" M' y0 u5 e" o6 k+ e
[Google Toolbar Notifier BHO]
$ N4 g+ z: j2 i/ O! q! s: H' K- A
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>% [6 f: ?" l/ ?; k z6 H
[SafeMon Class]# K% P" q3 {& [; e
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>1 W9 A% }/ n, K" C+ K
[kingsoft browser shield]
6 W' s# g+ _1 l8 b
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>: J2 r7 n& {: e* o. v
[IEBuddyExtControl Class]
& V8 F) D* h& Q( E1 ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
& `$ w+ b! x' X8 Q
[Zcom 杂志]& Y/ @# Z9 v3 j" H; d9 X
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
* ~ |* n# Y) S& C& I: U
[&Google]/ M6 [. {( a" Y4 y3 W" E {
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>4 C* x, x2 v9 D8 `( x h2 |! |1 s; n
[KooPlayer Control]3 Y3 F7 F/ C3 ?
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
+ y: ^8 ^# E% _- x+ D! {. I
[Shockwave Flash Object]* R2 U5 T1 J: i. ~
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>- z/ Z: n. ]! z" d7 d" [
[KUpdateObj2 Class]
- `5 j# V2 ?; K
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>+ R, J, z3 ?0 h. p
[Google Script Object]
, S5 ?6 A$ s7 ]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, y" m7 r) K& I3 _. Q
[EWA Control]) u$ g/ @& F' \8 P
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
3 L; l- j; X/ h2 q6 n2 i" w& p
[Windows Media Player]: ]. t* P5 v. v9 X( x" I w: v
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
& a8 D k' `. u7 Z: c
[&Google] E' u/ s7 U4 n
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
- X9 G5 `* k! G. }4 @
[HTML Document]3 c8 [/ k% i3 l* X8 z
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
- n/ e6 E3 x6 P: D- V* V
[DHTML Edit Control Safe for Scripting for IE5]
! j1 N3 z) b0 C; w' e
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
* g2 i( z( m6 q/ ^& V* B$ v
[RealPlayer RAM Download Handler]
( x0 C! N" w8 D) T, e8 h. ~, p
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
8 Y1 n" I6 W* r( |- W4 F T
[IEBuddyExtControl Class]
2 F: J6 C/ J: V6 V) m% e
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
" t1 O. w2 F0 _2 ]: B
[XML Document]
5 }: ]+ i, g- S* e
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
2 s, U) q4 N( a
[HHCtrl Object]
# _+ G* ?) `8 C5 l; U4 Y
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>: O3 U5 ]& x% }
[Windows Media Player]& W- b6 h0 U! ~) ]/ g2 x4 f
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
t/ A0 W+ F: d% A' \( K
[Active Desktop Mover]
x; B/ }/ k8 ~" P4 x
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>+ E0 c) c5 K& e) w2 Q
[360SafeLive]3 {; Z/ N) z+ c+ }, v
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
% e8 `8 H5 P* z2 f3 g
[Microsoft Web 浏览器]
. Q9 v' ~, N, \: N, j
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
/ V0 A. l3 T* b J
[Browser Enhanced Objects]
! {( B6 U* ]9 Y5 }+ ?
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
7 k7 ]- N# w9 H, I3 F' l) e
[Google Toolbar Helper]" q8 G$ @* b. q. r7 h0 N
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
0 F# V; x; L; G/ p) n2 V1 ^
[Microsoft Scriptlet Component]* w$ Q9 ?3 L# `3 J
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>( p- [% U; c4 y r8 c3 d
[Google Toolbar Notifier BHO]
/ u$ g% _8 s3 {4 a9 H5 Z! A6 t0 j3 r1 W
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>7 A: [: b% J4 Z3 |
[SearchAssistantOC]
: E7 V0 g- F5 @& v) ]4 g
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>4 G; C, l. \" d0 n
[SafeMon Class]
0 V% Z" @$ [# ~9 B
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>$ w! P0 r# U: r* y& h
[RDS.DataSpace]5 a: |- [4 _# a& N
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>* j! L& s6 f5 ^. K6 c. @
[KooPlayer Control]
$ A3 y2 ]8 ?7 d
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>. y' b+ W N9 z/ \) _# }( L
[AUDIO__MID Moniker Class]
+ X6 O, Q6 K' Y) C+ y6 Q
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>/ a: c+ l3 l+ B& E
[AUDIO__MP3 Moniker Class]
/ l: }: s3 \$ ?/ s
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
1 x, n! W) V1 s& Z5 F# s! B+ J& \
[AUDIO__X_MS_WMA Moniker Class]2 d9 F! x, k) U2 v- i+ P
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- ~) }- l& ]" D5 K `* j. E
[VIDEO__X_MS_WMV Moniker Class]0 W' }2 v* e* b V. V, X5 c: j7 r
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>% ?+ e" k% m5 Y( X* |
[RealPlayer G2 Control]
6 G' _4 k+ J2 W+ c4 ?9 l4 r& W3 d
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
; ]7 \& ~* n' m6 l% Z+ @0 Q( A7 c
[Shockwave Flash Object]
/ R# x7 d& L; z
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
- c0 Q! ^, |) d! l! ]
[KUpdateObj2 Class]
1 _& K( q+ {% j( M! y6 f( i
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>$ V+ f/ C; ]& |" G
[kingsoft browser shield]+ i' v4 x1 z! ?; F
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>& h" s( ~! z- e) R6 u4 X
[PasswordEditCtrl Class]% D8 p% R/ [- L* l
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>" H, f$ p" h+ y# X- ^
[QvodCtrl Class]# j- F$ ]/ [& r8 ^: ?
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>; Q- W3 P/ H! L% [
[&使用超级旋风下载]
) l: w* V. k8 L4 C! D
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>5 [) b3 D1 k/ T. C4 ^
[&使用超级旋风下载全部链接]
5 e; I2 e* n" n" V/ j* [
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>) r$ J/ \" d7 m
[使用迅雷下载]% \! g3 \" _5 n, l
<, N/A>+ m# S" F1 Z0 q; w
[使用迅雷下载全部链接]: g1 K& O, v( p7 M$ N
<, N/A>5 X) t' Z& u( f# `5 t1 l7 S1 O
[导出到 Microsoft Office Excel(&X)]8 g/ G# z+ Q) z8 W" R* H
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
/ q# M. t- d% y- \, B5 L$ w8 U N& T
[添加到QQ表情]4 F' w! B8 H; N4 n4 H, d3 b0 e
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A># X+ [( |8 \" G0 M
==================================9 u2 m. |" U! v0 P3 @( c
正在运行的进程: Y7 v( ]' K+ @8 @' n) `+ P
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; Y$ b4 ?/ ~& `5 @6 h
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" }8 h# C8 `) X/ m3 K
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 D( X% e+ Z: ^
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
: g' ^6 s1 Y3 E8 \0 }4 |
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 J' p5 a# t- ~6 W9 w4 h
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ f: e9 F8 L" s- Q8 \9 M6 y4 B- D
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 a2 d% F/ ]4 C6 n" r$ a4 f2 `
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 ^( N' f8 \' [" D* S: E, I
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 t. c4 s; n+ P$ h' h. q: F
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) r+ q6 ^$ Y3 o# W: A
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
+ c0 M0 _$ v8 }$ L$ A- U1 Q
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] e* F8 G& G, S+ {, P% q4 _) S8 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
3 \ K# I& n9 E- f, O( S5 d; s* f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; A# A1 g3 E% h' G% i- M6 y
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]6 B" r$ V- `) O# f6 o# a
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( E& |; P2 }) F4 k3 S, h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]' T" H) a* ^8 _4 ~* r
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]1 z7 A! l) W. Q' i2 M) Z
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]/ W" d% w7 o) N$ b' p) A
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]! T2 u8 m2 v8 J) E
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]9 N4 m+ r- T5 _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 X$ B7 [' C9 E6 R" |1 N* L. Q2 H
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
9 J$ _; U5 C K
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]' o8 a$ `0 m- I; w* F2 O
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]. R- K5 C- m& w u/ {
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]1 V- D) K) S/ g, z! c# j# r( X
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
, j& K8 W2 R) t7 C0 P
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( w5 P) N! |" R& B) I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
. ?+ }0 S7 q' w5 T7 { L* x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ x# O6 l- E$ o1 k- i; [0 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( r3 ?7 W1 P! v% w4 p
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 n5 U% r6 s- V- O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
c4 ~8 z+ |7 b9 X% A3 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* |& e/ B5 W- y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& o) s1 U! |2 @' M5 F
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654], b \ i- @% ?
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
$ }* _- H7 t! w1 G, w6 {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 U+ Q& E3 L' O: M3 I) |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* F1 [7 g7 e# S8 n6 u4 e4 @
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]' R! y, @( e- j4 ~# R
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
: \( I7 T5 o" l2 _6 L1 H$ u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 V3 V% W8 k/ j5 }% S& ~
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 w" a3 | \ b' T1 t/ i. y$ L
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' `# M0 s7 S. n( i
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]0 B+ z' U: g7 O! M5 p
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ ]9 x7 r, C( J$ Q8 |! Z# `, n
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! a! L$ |8 u& b5 ?
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
6 \6 g" H2 U- b/ } T9 y
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
7 ]. L: E( G$ v2 Z' {- [" e
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 b+ n1 {, {) o' c* X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 j V$ A4 e- w) x, `5 \" E; p* e9 f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]2 k" l& n6 Y# r8 s l
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]! W- _1 D' ?" x: \/ G" n* C. P
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]$ w p( q0 w5 p- G; d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
/ `* _0 m" O5 C% i+ Z2 j- d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
& {* [0 s. E- y2 k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]; g* f$ d4 c# p+ @; g( q% g) A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]( |# ~6 M1 N8 S: h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]4 \# `1 s* {2 {
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
9 s0 B5 Y" N6 q9 T
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]7 Y' X; A/ u# }5 w$ v
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] w: j+ c* L6 {. W5 K
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]3 }; l8 L/ G' ?" q( h
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 j* f! Z, p# r- o$ L
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( k1 f! b3 H/ M: t
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]4 g1 {, F% X9 ?1 l" I
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
- [, S& I0 p% S6 A
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]% Q9 E2 \: x( z9 ?$ {3 S. x' F
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
7 D0 o, Z1 y! T1 W4 D* |
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 {4 F0 |3 Y7 m& o/ F& R
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]: B+ @# J" C' x& b: ^2 m F
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]8 F" W+ d# z* S- y6 u; \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( Z! X" _2 F, C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- K7 K) p# h' r9 g0 B
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, {% T( d0 u$ i) }( J
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]5 @/ }( ?; X" d+ S0 n" |& r/ `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]( B% ^$ T3 r/ ?! G2 R' e$ I3 t" S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ o7 y) V2 f& w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 A% n! i5 W7 U
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
; n3 o9 l2 }1 @3 y+ ?
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
9 {, l$ Y; W" {5 m
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]$ M2 l; ~3 O( I( f. }, \* I3 C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]; ]8 K1 w) L3 U7 K- ^% m) O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& p; r7 t9 z% W' O- P n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( O/ `0 m" j, T5 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] w, ?4 P5 }$ s
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
5 ?% P+ q! {8 A9 W* m( k6 ~0 M
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]5 @& ~8 r; A7 g! M' T3 q, _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% l8 t6 L* o3 X! x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ F8 F' O; S9 z+ ~
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]! C- `" R R: J. a9 E- G
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
; D. @. o& V4 y: I- E* f
==================================
. E" H1 _6 i* L- f+ V- U: `
文件关联
/ c6 A5 [7 v2 Z
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]8 j8 Y$ }1 e6 b9 a: q, ~6 j7 ~
.EXE OK. ["%1" %*]
% a- C( J; ?4 `
.COM OK. ["%1" %*]* i: m0 k4 A8 f* G) ~* @
.PIF OK. ["%1" %*]# q2 F, P( ~3 b1 p9 [3 t
.REG OK. [regedit.exe "%1"]
3 c. |8 W# `) E0 d' K
.BAT OK. ["%1" %*]6 j4 E. V2 y; _) d2 B
.SCR OK. ["%1" /S]
7 ^4 f! h/ h1 E1 H7 t
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
1 [! {! L2 V# a3 y8 I+ Z7 b* Y) z
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]& W! ?7 G! u% G6 d
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]7 `. c: j3 D9 I K" Z
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]7 p/ \; g! H c c' t
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]$ ]! S4 @+ ~* x
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
+ U4 e8 s6 A7 k7 K
.LNK OK. [{00021401-0000-0000-C000-000000000046}]. @0 D( [* x" U/ i
==================================1 _3 \$ O) m" B5 j4 R
Winsock 提供者
7 E/ i8 Y' C0 I( n. ^) o3 k% t6 s
N/A
2 w! W v) D/ Y* j+ y% D0 n& r# f
==================================9 _ D* b4 L$ Y) g& N2 K
Autorun.inf
& S8 y% a- x7 p; k9 [5 r4 t
N/A; o; X* k3 j* z, z8 V
==================================2 X6 w5 a9 h3 F5 p2 }3 c$ `: j
HOSTS 文件
8 d0 p7 `/ F I: \# M* r. x
N/A
( f @5 `4 s8 Q- j
==================================9 s$ A4 o2 ~) s1 k
进程特权扫描& q; `' S, B! c& H+ I* q# d, N
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]; j7 E) v$ p% P0 @& N( Z% s
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]( E. r- k1 `( w% z5 }3 W. r( `
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]+ n3 R2 ^: T) a# V V: S
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]# a6 b4 c! G1 |& Q7 g
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
; Y6 o+ q9 i7 _0 k
==================================
- x, p+ ]% @; a* m' U$ Y
API HOOK
$ K7 \, N' d5 {+ r# \. d
N/A
( q4 |9 v$ M" s* B8 {9 @% H7 G
==================================
4 i/ g/ z- B$ l: Y* v
隐藏进程
/ t3 d5 J2 I6 J; r
N/A( [; e: y) U& a7 `- Z- `3 ], j
==================================2 E+ o' @2 ]9 d% o5 M0 O! Z( ^( p
9 l9 o+ h' D8 |

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115