在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

+ v6 L: I' p: a& n0 p. ], Z
2008-05-22,20:37:43
7 i9 | w3 u& u _7 p a
System Repair Engineer 2.5.16.9003 p3 S# d$ E% i; Y" x0 b# ]
Smallfrogs (http://www.KZTechs.com)
& g5 b% H! a) M/ B( a k
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
+ V- U3 A9 k0 w, C# l3 ?
以下内容被选中：
Z8 F# U% J; J( G! R- F
所有的启动项目（包括注册表、启动文件夹、服务等）
" M; X; ~) Z( E4 R
浏览器加载项
9 ^! K" X1 ?& p& ^
正在运行的进程（包括进程模块信息）" b/ c2 d- `3 {
文件关联$ q- l- ^. ]$ _+ M* P! x
Winsock 提供者
4 U* f& ]" i9 |1 {9 T
Autorun.inf4 ]( x0 }! k; j) i/ q9 }" L" V
HOSTS 文件
6 D4 P B6 O1 F8 z v% n$ b
进程特权扫描
" g! r; Q+ [- m/ E& y+ Q
" w- W& g' Y7 o6 E! m
启动项目: y" [. y; J" \( l3 r5 h
注册表
- A+ h. a1 t' E, u; F* v3 E. M
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]% F% Y f& W3 J$ u) a, G( o" V
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
; q5 N/ T/ g0 E: F# O
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]5 c2 W9 y/ v' X% l
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
: v3 {, G; M( ?* C
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]4 k/ {7 h# M7 k! g0 [
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
* q1 m$ R$ n2 W( U. ?. `
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
' s& N `, M, C" N$ y: ]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A], f* ` C" v+ G7 T% f8 R8 a
<PHIME2002A><; > [N/A]
( W) @+ r; j% ~+ A
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
, ?. q& D; j8 N9 d4 u
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]: m/ C" O2 g( e) n- O; Y! s; ~
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]8 v- x1 M# O! w# g5 o
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]) \5 Q4 S d' T- k* Q8 C
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]+ S6 g$ D. u- H5 i- i! l4 N$ n
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
! I! x7 ~7 Y7 E5 U9 |
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
8 s+ v- w/ B% P- i1 m3 ~; Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] ~( L+ e5 z( ]( d2 {' T
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
: ]/ s2 Q0 T# F, u; H! |' Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
/ j- J# X% }# M, ~) ~2 n: X" P2 y
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]+ n; z$ p& g# |3 j @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]: N: G$ m+ C! A! J! ]1 ]; B0 @
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]+ r7 x" \# Y* ?3 ~9 q0 G5 g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]6 ~) ~. t: N" o/ @( H; v6 z
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
! T) D0 L' f: O
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
0 g I3 J7 v6 K: {4 u
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher], ~5 X& E6 v" v; `4 A; Q) R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
+ p5 ?$ d; y" a" Y; {/ M/ {. v
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]8 ^! T: e0 l+ t0 y2 z2 W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]" H N% V' J( @* k
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
+ m0 |) J, n' G: X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
% G. Z7 \. n; J1 {5 ^$ ~
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]! f% J/ ?# F9 b4 i2 w0 W
==================================
, S) { @3 z* A1 u
启动文件夹. k, Q' P J7 b) s2 ?
N/A; T. E( M3 D, F# z6 s* i
==================================; Y9 {8 }; a4 b; I% \' u
服务
H) l: L# C5 q3 v
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
( ?4 ~& e; k; j% u+ Q3 s
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
/ P7 c9 F, P; i
[Google Updater Service / gusvc][Stopped/Manual Start]
* U9 w( ~3 c. J* e3 _
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>: }9 Q0 G% p3 ]
[Help and Support / helpsvc][Stopped/Disabled]
* ]0 @$ S5 u1 L# P$ e+ v3 z
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>; l3 _) q. n& _& P" }' K( s
[Human Interface Device Access / HidServ][Stopped/Boot Start]
# I. a5 }( U1 Z! |
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
1 i# N: G3 y6 }4 ?# A
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]9 U" b9 O' c4 n( Y* g5 s6 [
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>) W! i( T' N, n( D6 j$ p* X- n# A
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
+ g- ~: t. b4 C6 w- ?
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
7 w h5 a# Q' Y, q+ N: P* r" \
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]) M+ O) i8 x+ o' N* S
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
" D( d. T3 y% W, v
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]! s: [& O2 A; Q( \8 ?
<><N/A>, |. U8 y, w6 W0 j
[Qvod Terminal / Qvod Terminal][Running/Auto Start]* |& h( {0 E6 X" t. d
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
: A& ~" _# b- a1 ~: V4 k& g
==================================$ K6 S0 w: ~: l$ n
驱动程序+ A0 t3 _7 ^8 o
[22j / 22jn][Stopped/Boot Start]
0 n+ k8 P# m0 `$ F% `( c* F
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>1 N) P O' E7 j3 q* B0 c! J
[360AntiArp / 360AntiArp][Running/System Start]8 d! v0 ^% b+ ^- L4 ?
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
. [6 w7 o3 g7 n5 C0 T7 _+ `
[43ec / 43ecu][Stopped/Boot Start]
" J; Y' |0 {" ~ P+ N0 I
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
6 W7 l: `# ~ x9 G' Y7 D4 \! G
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]( C+ g# q2 {, K7 s
<system32\drivers\ac97intc.sys><Intel Corporation>
9 V! e6 y& m+ o3 @$ a
[Promise driver accelerator / bb-run][Running/Boot Start]
0 ^, f( f& J+ [1 f- v7 o
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
4 ^) @* @. V- W
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
+ n, j+ [3 S2 w: v" G
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>4 x8 {% t) R* `" {3 ?
[KAVBase / KAVBase][Running/Auto Start]
2 i+ `+ ^# ]5 O' y/ ~+ {4 u7 _! ^
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
* u( h( k- j- D( U9 g" u
[KAVBootC / KAVBootC][Running/Boot Start]
" c' n/ N2 g( I1 H4 ^( W& D" |
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>; }+ E6 d; N: l3 f9 V
[KAVSafe / KAVSafe][Running/Auto Start]
2 p( `; i5 Y5 k
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>8 K- Y c# J% |3 @2 S. g; |( a3 y6 U; F
[KNetWch / KNetWch][Running/System Start]
7 I. M( @* V- U
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>) h' w- ? [7 W/ m+ ?
[KWatch3 / KWatch3][Running/Auto Start]4 |5 L: `" T& i5 j& } f
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>- f/ [, |2 W% e/ u
[ntptdb / ntptdb][Stopped/Auto Start]
! V# I5 G1 P$ C" p f
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>" i7 y, |$ x! Q. U% ]7 W) U$ ?
[nv / nv][Running/Manual Start]5 B$ }( v' _* J" t$ Y9 O* j
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>/ s, E# S$ O) T3 C2 o
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
4 Z' e: e. T5 r6 J! M
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
) ^3 q+ h) g$ ~( c* y
[DDK PACKET Protocol / Packet][Running/Manual Start]
' E7 p5 h8 g1 S- ?' g+ j
<system32\DRIVERS\ProtoDrv.sys><360安全中心>0 s, ?$ q- h( V" ]
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
C7 f' H' z* k6 ?, \8 \7 K
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>1 |( W1 J: G2 C$ e
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]% M/ B4 S! `1 ?% d# m! e( Q- `
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>, E, `. \' i! t1 u: B8 z0 F
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]5 C; f9 ~: y/ a. j. T2 v% q$ N2 a
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>7 O" L$ N8 k7 T' s4 G$ _/ ]2 B
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]& E z& S1 J! V4 q$ s" j+ Y l* K
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
$ j1 g5 E; L s, x0 d
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]. t6 R/ ^/ V! {* e0 E
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
% _+ {$ z# p9 V1 x$ B
[Secdrv / Secdrv][Stopped/Manual Start]" A% ^9 J5 _5 T, ]6 n0 P# Q
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
! }6 u4 i4 _* C& n% L: }% P
[SATALink External Device Filter / SiRemFil][Running/Boot Start]; V$ j7 {* R- y/ W, R: k* r0 i" V
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
/ y% y- U- ~) J$ b* A/ H
[System Restore Filter Driver / sr][Stopped/Disabled]
7 t4 A+ v0 K. ]
<system32\DRIVERS\sr.sys><N/A>
]* I1 J2 `- C, g
[TesSafe / TesSafe][Stopped/Manual Start]; t6 Q) ~4 N2 t3 t- p
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>8 s, Z' c- Z/ m# t+ Q) r4 [
[System Services / unzxzsrs][Stopped/Boot Start]+ T# p8 E% k# Y
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>0 _# C3 m7 g/ A# N* {0 |
[ViBus / ViBus][Stopped/Boot Start]
8 ]7 H) T# y! M7 P8 _* H, d! V
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
3 q" [" @3 s0 H. t4 Q9 ]1 H, E
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
{6 m% ]4 `! g4 R
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
7 k% |; H( |1 w! J3 |3 p
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]& Y3 e3 O0 X* S3 @
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>6 {6 A7 K- ]) m; W/ C
[ATI Extend / zhibmaso][Stopped/Boot Start]( t M2 m1 w" S# M* `
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
& U/ S2 h1 m2 L9 ]9 _: ?8 p: Q
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]) k7 N, N: ]' z* u, v6 h
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
5 `: i' Q' o6 E+ `% f
==================================) h- x& }& x: E1 a( ^; S
浏览器加载项
[Google Toolbar Helper]
( w! m8 R* T' U) j1 M$ R' H. ^
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>% u, X( s( _% D2 t: ?1 B7 ~% H
[Google Toolbar Notifier BHO]
5 S& m- }0 d! X4 A! a" y# m
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
& n+ _8 S* n* I2 H2 K4 |% l) ?, A
[SafeMon Class]
: j2 s8 I2 {% X7 Z2 ` s6 e: V
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
( X4 u% t- o9 c. m
[kingsoft browser shield]
* {9 h) `, d- M9 @, D4 b. T, Z
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 a, W! x1 x/ e$ u
[IEBuddyExtControl Class]; l3 q! |* U: |) O
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
! n u% l$ |. c6 O: T+ q5 Y
[Zcom 杂志]
8 m3 t$ E# M) ]+ t0 K% k
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
`& @8 U4 o8 Y7 Q
[&Google]* [9 e7 ^% K( U3 B, q
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 f# Q- W( e C/ p7 r+ F
[KooPlayer Control]# y+ P, s) l- {5 V: B$ x5 \
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>* G1 _. U& i5 V5 ~. ]1 P! I( b4 C
[Shockwave Flash Object]
# T3 |$ F9 M& E p8 u7 ~
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>: L3 Z J7 K! Z: O3 f3 _3 F
[KUpdateObj2 Class]8 q- S D* m- ]& M
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>1 |4 f- ~, Q2 a6 V* M. [1 O
[Google Script Object]
! K+ p# H4 d6 D( X0 K
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>: d- {- g: _. f4 I- i
[EWA Control]
' G K( u% V" `# M W( Y+ l
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>! f1 D+ ^' Z+ z
[Windows Media Player]
6 U% {& w$ O% u2 N
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>5 r) n" X5 K$ e3 I8 y8 ?( Z5 w
[&Google]
$ V7 `. t: q7 k e, e
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>/ C9 S: ]' ^/ L+ ^; ?
[HTML Document]; s f3 J1 G$ Y# i, H5 J
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>1 M' S5 i: V/ ^% j/ F2 o
[DHTML Edit Control Safe for Scripting for IE5]: ^% X, m! _% X c8 t
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
. G" q: w, g) H/ F7 z+ @# S
[RealPlayer RAM Download Handler]
! P! t, j. B' V, P; c0 q
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
% r4 b% T6 |* O! G. ^
[IEBuddyExtControl Class]/ p* z( X B" ~9 F( l
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
( U. T; H' s0 J! J$ r9 s: O5 e
[XML Document]
* i% Q5 w& f8 J+ p# h; q
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>! b% {. r# K0 Y5 Z; `
[HHCtrl Object]
1 a8 Q$ ]4 B6 G' B1 f
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>. e$ U {4 E) C6 Q
[Windows Media Player]
- p- f+ [' n' w- p
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
: O4 U5 t7 }5 ]( X; G7 }4 }
[Active Desktop Mover]
; E+ W9 r6 a( \* ]: [
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>4 }4 ], F* r8 J0 Y- c0 J* H1 l/ ^
[360SafeLive]
7 J) r* d& B2 E9 `2 A
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>, a3 C* c' b. f# R! W
[Microsoft Web 浏览器]
+ p6 G: i. ~5 [7 Z6 u* j: X
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>0 x! K$ a) h4 x" X b
[Browser Enhanced Objects]
B- `& |: i% Q9 Q) w! ] q! J
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>5 P$ Y3 g! P- w7 ^/ p
[Google Toolbar Helper]4 G# c- y# K& ?$ u! f m( C
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ ]* t- \, V! Y$ J Z: \( `7 N
[Microsoft Scriptlet Component]& k9 J. @, m) m- `7 l5 v' Y
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> i {# P. m9 @, V
[Google Toolbar Notifier BHO]
8 j0 T0 ^' M9 Q
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>9 L. J& @: N: n+ ?
[SearchAssistantOC]
! g# W& [0 b: _9 ?& M# \, j6 }
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
3 S, |7 G" b/ A+ U3 C0 g4 t+ G; I: Y
[SafeMon Class]3 T2 L" W- j, F; e
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
! J1 ~1 ~5 K2 `: l4 E+ R
[RDS.DataSpace]
- n9 F: J$ _: L) v2 b/ W2 s
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>& v6 w, S! N! z" W' W2 ]' m& Y) j
[KooPlayer Control]/ R3 [$ p/ m6 n/ Z H: o/ S0 F' n
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>$ x, l% T* p6 \5 y) Q# G
[AUDIO__MID Moniker Class]
8 W0 u% }( Q' R; l
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 L N9 S5 H+ R$ E
[AUDIO__MP3 Moniker Class]
5 ^7 T3 i q" C- W5 d# o/ t1 s
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
1 y/ M0 o3 J/ a6 @% _
[AUDIO__X_MS_WMA Moniker Class]9 M8 |& T% G) H
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>+ O! }& {( g* S6 E s0 \& L" \$ u& J
[VIDEO__X_MS_WMV Moniker Class]+ d7 S' y* j" e' V1 Z& T* Y; ?
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 g: n! G/ Z* K0 E% w
[RealPlayer G2 Control]
7 F' k! `. `& M/ [) A& \
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>* f0 D! X7 P6 t9 E7 p7 m/ j- {
[Shockwave Flash Object]+ |& A9 E; n* _! f0 l/ I
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>0 C3 t; U1 L" L+ r- @
[KUpdateObj2 Class]
- d" J, B+ L1 `& N; W# e# t. H$ {2 O8 K
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
* t5 r3 X& o7 {/ D8 @: W( m2 ]# `/ X" X
[kingsoft browser shield]8 g: g* C+ [- Y. Y2 r
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>$ S5 D3 o4 d5 z; j/ q
[PasswordEditCtrl Class]
, t7 h7 H8 d6 C0 p
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
6 h8 T. ?; t7 j) s! w z' x
[QvodCtrl Class]
& e+ r; ~ m: e
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
3 z& _7 n3 n0 ]7 U% O
[&使用超级旋风下载]; e5 g( a1 K' C
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>: I: I2 E! R$ D H" ^
[&使用超级旋风下载全部链接]
; o% H' z( `8 w8 B! B. _6 U
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>2 I1 [8 d% L3 [+ Q
[使用迅雷下载]
/ X3 w: c- V+ {8 ~
<, N/A>; Y- I: u* t; w
[使用迅雷下载全部链接]4 k& h' A$ S9 O) [
<, N/A>
9 e* s& d' S$ f* U% c% g7 M0 ]
[导出到 Microsoft Office Excel(&X)]
) V% ^! M7 ^% z1 ?. q
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
2 ~3 e( L0 J7 K0 E7 u
[添加到QQ表情]' u+ [. A, ?4 e" ~
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>3 G9 j, I- M$ j& \: S
==================================2 t* @* |1 A% z% T V+ ~
正在运行的进程6 d2 ~$ q6 c& m2 `+ `1 a9 j
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 R+ s! M y+ B
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [; S/ B/ O& @- }& ^* j
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 b, ]; }$ v6 d( b# C' s/ z
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
" ` L# @& n8 P& s( S9 G
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 u2 ~% a5 k+ a+ ^
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 P# A5 x1 ^3 w5 d l! ^: J( b
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* c& c; u! S$ n# H2 ]
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 ~% Y3 ~4 o) I2 H# L& ~3 x3 X
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, j7 ]! C. n4 R% ?, k+ I- n- m
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 w+ F/ w8 i9 y0 c
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" }3 ~* k/ d$ y/ V' O5 z
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]% ?! t; N: Z" M9 U* L3 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ V# t$ U, ?, X& F! f" k" c5 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]0 r! Q: f( g4 P- Z+ C" e* F
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]$ c1 M! E6 a K. W$ k
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 Z3 w4 t1 C7 z$ ?* C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]& i+ d/ d' r d2 \" D8 M5 b
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
& b! Y$ e" Y. ]; m: [$ e# p) m2 Z X
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
4 s2 h {8 z# Y6 V: x: V
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]9 R7 X3 q# s3 N+ g1 j! U0 _
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
5 G% Q& H9 e9 ?) h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ \. v/ I. z" D* h# `. M
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]2 z9 v( `9 [( I% {; z9 d
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]3 o' ]; T A6 x: {3 K8 o
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]/ W1 r0 V( E/ }2 `& ]9 ~6 \! W
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]: _9 u. `$ Q$ Y$ @8 C
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]2 d& g" |' }1 w1 o) N' E6 f, F
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& D+ i$ b: b) ?$ h/ o1 x8 p9 B6 F3 E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% L) f4 L# ?5 U% }0 H, t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 p# y5 S7 }/ L' m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
9 p8 f1 O& x' T( y: F! [5 X) g
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* Q( ]5 M; X% I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( F- c* u. m( a* U! o4 S! ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 g( `. R" u3 [6 a0 C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]2 Y" e8 v1 O/ \7 }
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
- R+ \# J" l2 |7 Z8 G) W6 M
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
# h& W u' S3 w8 H6 E M; X, O6 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]+ m! o/ U7 k) O+ A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. N% a7 K0 w% H1 l
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]) n9 L& r) ~/ V/ h5 ~) \
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
+ }% g( [7 p& H( x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 j; @6 o; h0 i- ^1 Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& Y! |$ i4 M+ d* h
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ h9 f& E3 M; o% T+ M
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
/ x6 z! A3 C* `
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# u2 l1 h" a: f
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 }- D( i+ `& q; B0 W
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
, H' d6 f, E& f6 ^% G
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
1 m- K1 P3 a* }6 b: M$ b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
: L$ w6 T: G* {% d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ C9 h8 @) y8 R7 i5 g: k* s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* [* @# N5 ]- l& j* J
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
7 P# L6 `2 d7 K& a+ F1 x6 J5 i
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]) ~" k/ F* `* k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]" p- T/ Y' z# G$ j$ }' p' O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
! l' n8 s$ ?; g' e' B) I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]( [7 J% ?; ]- }+ U N7 i9 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
4 M$ g# M! Y' g V( q( m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
$ ~5 e1 \& z) m, B- S
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] f1 Z, f! e" i
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
( p7 C% Y; S% N& D) y. V- t
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 Z1 H& `6 n$ @. n/ d
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( ]# w9 l/ Z# w B
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]+ d; g- B$ u9 r# S& F- m
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
# L( \5 c6 n; }/ Z$ n9 ?
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
4 o: K9 Q& L6 ~" |; T
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
& E: W: Q- a( F5 A; b2 \; r6 b# I; o
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]7 A/ C- e2 K( P- K6 I
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
2 F: u8 j- m+ t4 Y: { r' @+ m( G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( s1 P# R6 z6 o7 R6 P* C9 y; f5 c
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]: { S9 ?, \+ T/ q( d) B
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( e! c( K. s i4 i" C. f; y: g/ [) L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ b/ T3 j1 L% X% J6 V- T' @& z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 U7 e( A, ], z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ N2 L8 n5 Q) j% m0 @2 W3 u
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
( w& u# [% S% `5 Z" M$ c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ E1 J! `8 a) Y" `/ _9 J9 O6 `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ G) p4 d1 s; L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& r0 D( |) w- Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 `7 N& M+ n0 h7 Z q# g+ @* t6 G
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
9 E$ N2 s6 d" V7 n" S
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]6 T* }3 ?4 a! e- j! O
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ K! \6 H8 l! F8 A9 j7 I. G2 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 ^ w0 @2 ?8 l. `# w7 ?" A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 X7 Y9 K* E. F' g" ~
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% E& b! J/ W {$ C; `
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
( P3 {+ j' O* H
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ d# I( b, q2 G) p, ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 d( T S5 ]: _' k5 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 Q2 b6 j' t' |- U' r% M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" e. a' v' l5 b. e0 E
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
) H' [8 Y( a; G6 l- ~1 ?; w
==================================
9 K4 N/ ?; a- y* S. s E
文件关联
. o# a" R& P% T% n3 t0 ~7 J
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
" ~# Y+ [2 L2 h$ t+ O. O3 P
.EXE OK. ["%1" %*]
7 h: B# {3 G$ f6 ~5 m/ I
.COM OK. ["%1" %*]2 ]0 W" J+ [7 b3 q
.PIF OK. ["%1" %*]3 F+ g' v, w% t
.REG OK. [regedit.exe "%1"]$ W' k% y4 o- m* v0 {
.BAT OK. ["%1" %*]$ T% U1 Z- Q; c I3 H! Q
.SCR OK. ["%1" /S]3 `( ?, z# ~' N7 L$ z
.CHM OK. ["C:\WINDOWS\hh.exe" %1]* q# G" O) ?/ q
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
" [2 \: x* C! R6 \/ x3 I) t' I& w1 |
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
3 h- i! o: s/ ~3 m0 }0 S
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]) y4 D; a, t+ `$ L( D9 c% |: S
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]% c, Q2 `; }: {
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]$ V. g% `( e& t
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
% x" _8 y: s x5 L7 i- `* u
==================================
7 ?% W! \* m i: _
Winsock 提供者/ C' \% i7 g( |, T/ O
N/A, i' s/ e! T7 h; D: g
==================================
6 r- W4 \1 p7 h! S \# a. v
Autorun.inf
3 f8 e D$ Y& p A+ t- D
N/A/ ^$ Z* y2 ~ P. ?
==================================. `6 R8 k, Q' A; z, E
HOSTS 文件# J2 ]+ }" p2 Q
N/A% a$ e u1 U% W: e
==================================
) ?1 n0 [2 o: ?8 V
进程特权扫描
; j" R) V( A& x% S; \5 `9 G
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]* I% x* r) Y. x: Z
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]& Q9 \) |: F+ F7 M0 l/ m& K! t' E
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]9 t# h' o* ~$ n$ Y* M
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]4 G! n9 e. @2 ?/ x! p7 @4 h" o
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]. v O# d: P# `6 S
==================================
; {# d, _: j. G& r$ f) {- F+ S
API HOOK: ]! s- g: ?6 U# p3 w
N/A
: J% o/ _9 J7 x3 @2 Z1 ~
==================================9 P; n" T+ l) s' S* z) J$ e4 J2 V
隐藏进程
3 ~5 R0 z# Y6 K) p- {1 g
N/A; _( F! u, @7 D3 d; H3 F! F
==================================
" s8 A/ i& A7 ^: V4 U7 @4 \0 l6 k, P
8 S2 h7 O |5 r2 \1 x7 R: O

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115