在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

; K* C* ?* ~+ s9 U" y
2008-05-22,20:37:43# R: W- A+ v5 E1 `! t. Z1 p- w
System Repair Engineer 2.5.16.900
% B$ ^/ ?* \; |: g/ p
Smallfrogs (http://www.KZTechs.com)
L* Q2 t) d4 P$ W* O
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
" E0 i( [, H( ?1 m
以下内容被选中：
. P8 t9 t4 W, d# ?# h5 f
所有的启动项目（包括注册表、启动文件夹、服务等）2 b- E: r1 X1 l. w4 y1 d1 Q
浏览器加载项3 G( q* l" m- K- Z6 ?
正在运行的进程（包括进程模块信息）1 l( C5 c# G* C! w
文件关联
% t7 F3 H7 m5 n; {
Winsock 提供者- t* ?, m3 T V7 R% h( T9 R9 x0 ~! R
Autorun.inf1 p \" X1 T- x, A5 Z
HOSTS 文件* E' C% Q3 d' r0 A2 B2 D9 a
进程特权扫描
% w. n' r4 W' d2 d
. g4 s v2 R2 W; A5 R6 [
启动项目1 V% _7 V9 t6 E2 u" N- {3 L
注册表. P1 \+ S! D* l9 ]" R% i# I! S
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
1 E2 @$ K+ k! S# U& s. R0 U; X
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
b# H; u& L3 J4 Z7 h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run], Y1 t4 `2 x! O- r+ e: v# C
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] [7 t4 h |6 J$ E6 e! f- s
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
" ]: ]+ F) r% j1 s
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]4 N- q" o/ i8 C3 V0 S- d
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]% C5 C0 t' r/ U# K6 z/ a2 c
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
( q! B+ }& @# I* R8 U0 _
<PHIME2002A><; > [N/A]
6 l0 }/ {0 P$ C! S: L
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
/ w0 k6 Z- ~# ]( {& h2 d1 Q% m
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
0 F6 o$ x3 o4 C
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]' @ x, m' _3 [* F
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
. S3 }, B( v+ h4 F0 L
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
3 i+ P1 }% [2 P" }
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
5 ^3 V' q1 {* `
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]( e: e V% U- j0 @4 ~- x( T, g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] W2 K1 o7 x; u; R" y; n5 n
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]. Y: b9 e% |& t+ ?5 D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
$ i! Y8 v3 I) F. B7 }
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]) [. G, [" l8 t0 c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]- o& R* o) N- z" z$ R, u
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
9 c1 H) I4 q. q3 ^1 P* ?3 r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] X4 J( T2 v/ s5 V o0 X" N9 F% k
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
2 P* { j! r+ y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
8 p; o; K }3 u, @) F' X r
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
& b2 I$ D) w' w1 a _% }$ e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- Y/ r, r; w$ N5 X
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
3 w0 Y8 g3 S. E: M# B; l2 w
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
; n& ?6 S4 l0 `/ @/ }0 A7 M V. Z, W
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]9 W T0 k! U' |1 R0 l2 E2 p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]7 @! K/ d5 R9 Z0 T& S' @
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]- \# Q a- v: I; v0 b+ e2 w
==================================- b f( D, V, t4 a' a
启动文件夹
5 N3 W+ H, P2 `$ e) R: H* D
N/A) M: u5 ^$ b8 p2 V5 O' g' }. u; l
==================================5 d; ]: C. \1 u5 M& c3 w
服务! N {/ {6 y1 s7 W9 J
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]1 G1 a6 O# S9 [$ }# o; E& c/ I
<C:\WINDOWS\System32\3wareSrv.exe><N/A>; J" u8 A3 ]' \% L2 \
[Google Updater Service / gusvc][Stopped/Manual Start]
6 V( o. `' m. F4 n$ {" x/ G' n
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>- u# [4 Z5 E" p. k% a5 ?5 D
[Help and Support / helpsvc][Stopped/Disabled]* N' {, [ v& y$ H
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>. m7 M2 D! e+ c4 x" ?
[Human Interface Device Access / HidServ][Stopped/Boot Start]
8 I" U3 n9 C' t
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
. B, |- {( f# h3 _ a
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
+ c7 q9 e1 ]2 J( @
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>6 l# F5 ]& |3 M( c
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]$ m* J0 d+ e' R5 t) _
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>8 v- x8 [, y7 S6 B. Q2 y9 ?
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
/ S6 W9 Q" X# P4 K1 U5 M
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>! u3 Y0 y+ ^' h% \* C* u
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
6 n( _0 \, h: K$ M: O% f
<><N/A># v% Q1 u9 F, `/ E# z& I
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
* W# \6 _" d4 A0 @. S
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
. Z, a7 D0 y% K9 F( r
==================================
5 O2 q( N8 Q0 T$ d
驱动程序6 y. B- W$ U. ?+ A0 o
[22j / 22jn][Stopped/Boot Start]
# C; A1 l3 L4 W- i8 r4 c
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>5 b7 ]' P+ J% k& o2 B! p. k
[360AntiArp / 360AntiArp][Running/System Start]. r+ |5 V( x0 D4 V
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>: M" v. D4 i7 X( w+ b$ ^' S
[43ec / 43ecu][Stopped/Boot Start]
4 H$ s4 f0 O- p) ]
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>5 W; x+ C/ I0 u1 t3 d* ^% Z6 P" w
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
; i$ W6 t1 n1 j( r) \
<system32\drivers\ac97intc.sys><Intel Corporation>
/ E4 l4 k3 I( L3 `2 @
[Promise driver accelerator / bb-run][Running/Boot Start]) I) H2 h; r/ ?5 x
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
1 Y' Q w/ i7 t1 H9 y" ^) u/ `
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
; m$ V# I5 C& `1 K) F
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>' }1 @ j8 q t2 Y. u1 n3 z
[KAVBase / KAVBase][Running/Auto Start]& l/ e+ V: R- I# v0 @+ }) Z* Y
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>3 t' K$ l2 [9 U9 W! a
[KAVBootC / KAVBootC][Running/Boot Start]* ]: d: J* X) r: f& X! h% K. w
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
3 ]+ D, m+ A1 P4 E
[KAVSafe / KAVSafe][Running/Auto Start]- |( W' U+ I( g3 `& G, T" k: \
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation> _9 f* R4 l( U0 i a' i
[KNetWch / KNetWch][Running/System Start]
( @) [3 g- w/ p( U% R6 `
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>; J7 P/ h* q! A" G9 }/ C) \# ]
[KWatch3 / KWatch3][Running/Auto Start]
4 S. o6 h' x3 w$ Y# S
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
# n$ L" s9 S: h
[ntptdb / ntptdb][Stopped/Auto Start]3 w7 `& F* T. U
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>9 Q( p% j2 ~' _5 L: ? r9 b
[nv / nv][Running/Manual Start]
5 g: M# ~6 P( {4 y) ^
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>( P" \- _. e* d" }& i/ f" X+ M
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]5 j$ U8 S' g& x- S! N0 f
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>( ^3 M7 v% P% f" ?. U4 V/ V) j
[DDK PACKET Protocol / Packet][Running/Manual Start]0 e( g6 `' O; }- S
<system32\DRIVERS\ProtoDrv.sys><360安全中心>$ @7 s5 U" h& p# {$ m9 B
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
& s* Y' O m8 }% b4 Y( V7 }5 v0 D
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
+ r' S7 V) I9 B1 H* \- e W
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
4 l9 j% M) z( B
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
" c7 t! c1 U* r/ U6 B' S
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
( v( H6 F6 @ r2 T( ]7 ~% t
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>2 J+ Q. S2 ?7 b: y4 B, {( @
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]$ t9 [/ T$ ?; s, [* }- h* r R
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
X+ v: b( Z8 Z
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]) Z1 k0 R4 B ?4 J/ Q8 I; d1 B q, w1 T
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
% X. Z B, J8 R+ |9 _( d2 M m. L
[Secdrv / Secdrv][Stopped/Manual Start]4 S$ X% |/ |! B1 W
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>* \0 U% k5 H0 ^9 t1 y! b
[SATALink External Device Filter / SiRemFil][Running/Boot Start]0 X) z0 L7 A# y# x) Z- h
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>7 w( n( U* c: ]' x' g9 w1 ^) ]
[System Restore Filter Driver / sr][Stopped/Disabled]
, H( ^& ~2 K; I# f/ M1 H
<system32\DRIVERS\sr.sys><N/A>: J$ _! K( `- k6 _# @- G* z
[TesSafe / TesSafe][Stopped/Manual Start]5 K2 @7 d* g! ]( a# q
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>7 ~. l$ u; a/ L+ V
[System Services / unzxzsrs][Stopped/Boot Start]* M8 g8 D5 [+ b0 n
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
' t+ s: N$ D2 R8 f+ D6 Y+ p
[ViBus / ViBus][Stopped/Boot Start]" e: o0 U: H8 W5 j3 z0 n- q
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>0 y; R- D" m/ r1 q3 L
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
; W2 @/ g2 n7 W4 J4 Z& Q1 S
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
* V4 t4 S; G/ n! a. I( y
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
; Q) X( ~0 m* P5 F$ R, p `
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
' L& W2 r/ n/ N& u2 F
[ATI Extend / zhibmaso][Stopped/Boot Start]2 m3 h4 U& Z0 b V8 c4 X$ I, c
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
0 O* h. M1 y6 `+ P4 w
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
, q+ |# k8 R2 ]4 m/ F
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
1 u \6 t9 K7 P5 f- h# Y6 U
==================================
; h0 ^' H- B" h& y Q
浏览器加载项
; G0 `9 E% L3 j9 H7 ]$ `7 }
[Google Toolbar Helper]9 ]: A7 C) `$ b& l$ t, p4 }
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, s [8 L: @5 J+ e
[Google Toolbar Notifier BHO]6 X- B& U" i9 w! o) g+ l. X
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
3 _. v& s% @% Y6 x
[SafeMon Class]
8 c% Z) y/ |' h$ H6 ^
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
8 H/ x' F- D, @# g
[kingsoft browser shield]% ^" t- ~: S, x V1 J
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>0 e0 t6 Z/ j6 L+ _
[IEBuddyExtControl Class]8 ~0 b# Z3 o# c4 w. t% N
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
' `" b# i, i, O
[Zcom 杂志]& _9 b8 x2 O3 A B. D& R( m
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
- q( ^) t( f& W& J
[&Google]
9 d* P4 s5 d! Q4 \9 g0 T" m/ O0 p
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
7 h: n. `# G! w1 a! B
[KooPlayer Control]
5 p+ f& s5 F# s' u* [6 f
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
! l( W# v; A7 v* c" x l/ R+ X
[Shockwave Flash Object]3 T/ A- U& v3 V# _; u5 p
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
& p! M" W/ V- F( m/ V
[KUpdateObj2 Class]
; ?/ H# A$ G) i: d0 u& q
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
2 @0 p/ a$ x: e7 @( U
[Google Script Object]
7 K, x1 H8 {+ ^9 ?! v/ f! x; ?
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
" [* D. |7 E$ O; Z
[EWA Control]
6 }& p" f' ~; n i# j6 @
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>7 `; {9 j( Z9 l- Z( X$ C) B
[Windows Media Player]9 O1 ?# u4 ^ h) }
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>& V* z; o$ z) O. K x
[&Google]
3 y; K G7 `$ ]+ G( }
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>1 L! G2 c. B+ I, S
[HTML Document]
) ~, U; W( S7 V2 N% p1 v5 b
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>- K- ^8 |+ D I3 b/ _: E
[DHTML Edit Control Safe for Scripting for IE5]
$ X {$ P+ R) B. D3 R/ C
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
1 w3 M W/ L p& w4 K n* M
[RealPlayer RAM Download Handler]4 f) d! f& b5 ?8 G h/ D
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
7 d; t9 U+ ^% y) |8 R4 t
[IEBuddyExtControl Class]
8 _9 X( i: N) j% n* j0 Q5 r
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>* x! B& G) |0 _0 _, F8 l
[XML Document]
' a2 [3 z+ b0 ` E
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>+ E* I" {. o9 A5 Z
[HHCtrl Object]: O; c5 G/ V% C/ B; c4 p
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
" z. ?! t) Z% ?0 o. J) Z! [. v' T
[Windows Media Player]& ]& o$ W- i8 m2 M6 g
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 m6 q. ?. T* ]
[Active Desktop Mover]
$ _" h" J: X/ h* f6 J7 U7 `
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>6 u3 Y6 O* m2 h9 D. a, f! }
[360SafeLive]( `/ x7 c' A+ g/ u# L# Y; u% n/ b
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
: W6 A( x) D& P. `4 r
[Microsoft Web 浏览器]
/ I- [( v# R8 Y: ]! |# x/ N* N
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
0 q8 r. |+ a6 v I$ h2 V
[Browser Enhanced Objects]
* |9 _2 j3 F9 ~7 d% O
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>9 U+ W- p% m5 S1 m% Z
[Google Toolbar Helper]
' J1 t6 A# z5 ~2 [! N0 l
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
5 R2 r* e4 g- l1 b/ z( u1 w
[Microsoft Scriptlet Component]
3 h6 i4 Y% @4 d) ?7 K
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
3 X* m" X0 i3 s
[Google Toolbar Notifier BHO]
' I7 {. J/ d$ ]" D6 y
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>4 D* @; E8 i& V" U4 t& X2 A
[SearchAssistantOC]
3 F$ g! w- H+ R' l+ W
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
5 ` R8 M6 ?8 J. ^2 T
[SafeMon Class]$ r, }7 A* S" g2 w( e# L
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
2 I9 x' P; g o( N! N: n" ]
[RDS.DataSpace]5 ~! {2 W6 G6 t1 @
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
) o' V9 X' w# N7 P
[KooPlayer Control]3 N4 t5 Y8 Y9 c% |- y
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>( f2 B: m8 {% j- y% S+ `+ |
[AUDIO__MID Moniker Class]
& x5 B y# f$ c% b5 q4 R
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>& { x6 V. A9 f. K
[AUDIO__MP3 Moniker Class]& ~& Z* V2 }3 W3 u
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 t) g# a. D; t2 w( _- L1 p! P/ X
[AUDIO__X_MS_WMA Moniker Class]& N& a4 L, m. e1 Z8 g6 [# I
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
V/ @, c# X9 o2 ]" f3 N, l
[VIDEO__X_MS_WMV Moniker Class]
5 S$ \* }8 ?. z8 D9 p( H+ p0 P
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* a2 [8 q0 f/ p
[RealPlayer G2 Control]0 Y- A+ \ g! i; e
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
5 j0 ?9 i# M2 x$ X
[Shockwave Flash Object] O6 h+ T9 K6 Q) w: H
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>9 }$ h0 k% t' o6 m! N
[KUpdateObj2 Class]( ~" @7 S3 E4 a+ H. m- U
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
n5 m/ e6 y3 y# d: p$ ] [3 Z
[kingsoft browser shield]
V' k2 m; J7 {
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
- r( Y6 m. m: d; T/ u X. |6 s
[PasswordEditCtrl Class]
' Z$ }, H; A6 R; V/ d. P
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
6 J L+ D" ^' s$ b& {
[QvodCtrl Class] }' @. Q! Q; t) I" h2 S, }
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
7 I: H2 W8 c* b
[&使用超级旋风下载] E* a' w% a$ h% e
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
* | M3 {6 I9 `0 \. t
[&使用超级旋风下载全部链接]
1 l) f& K' Y/ P; U, B
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>- i* e3 \1 d; P- u
[使用迅雷下载]: H* n5 ?$ f9 m- ?7 G: @4 e, c
<, N/A>% y" }* O! h3 \
[使用迅雷下载全部链接]$ M) H% |4 G1 Q c' ~. H% x
<, N/A>5 W/ M1 b0 x. v' G4 S
[导出到 Microsoft Office Excel(&X)]0 B2 w4 g7 p }3 N1 D
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
* O& j; m& s1 F; ]- Z
[添加到QQ表情]
5 U e( ?* `& X9 s/ }
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> `2 W( _$ P- B, h0 s, w& e2 [
==================================' J" G, K& S* F, C$ A( ^6 `
正在运行的进程" z1 y7 R( D X1 }; y
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], G. ?6 d9 X! h6 N3 G
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
+ a) R, s9 s4 Q3 H. c. X4 D( ^8 u% I8 p
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' g6 N; k. N! }8 w) U& T4 {
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]3 J1 _, I2 M0 k( a
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% ]( n$ L4 r* ?$ [
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* ^3 a. u' T' S) G( N( Q+ o" J
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* \" o5 G5 L1 R0 f9 K. D3 C# G1 |( o, G
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], f: A. k" e0 Q( g
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& V! p) F% M% F! a, t6 l
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( }' q5 c7 C! ] {3 N2 |
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) C7 u- W+ v5 _& d
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]& [* A/ H e+ f2 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% B8 \% H4 d; V( q2 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 j) t5 o( T, E, |, [
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]0 E+ K* Z9 ?* r& z7 F9 l- k
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) p* G( |0 T8 m7 H h( M E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]$ g, w) T8 S, K2 W0 d* E
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]* ^: T7 o7 o1 @+ Q
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
/ U. t% f1 t+ Y; G" n
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
( c1 K/ j. j: _/ K1 g4 V: s
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
( f% m* j( O' N7 r
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& L6 s' w- X8 l) T# _7 ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]9 `% q. l% l' D
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
) K) r* ]6 a3 N, s9 Y
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
7 s1 b5 d- ]9 F* l
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
3 j" e* l: N2 p/ e1 H* }8 W- p6 U
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
, n3 C) {. h+ \% R$ Z( s
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
, n6 P `5 f A( l6 a- q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 M5 M5 }. {; H: R C4 `- c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* v$ S8 e0 ?6 S- m5 k6 Z& V9 [, Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" a9 z7 n9 k* L9 N0 D: B
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( ~% ]$ e2 F* U6 j2 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ ~# Q$ M/ }$ A0 U7 J$ N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: S1 |. ~& P- J) S& y7 X0 \( c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" t/ A$ {# ?, M
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
2 n0 A. H% Q! @ ~. e
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
* L! M0 o, X# I) F' `( X/ _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 R( A1 i" p$ `. u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 g0 F! l! E/ a/ ]7 C, D0 z* c
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
8 M3 r7 V' ^% Y/ V- K' A: n
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
. e& n3 Z6 `6 x ?# m- t
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]9 w9 O. Q) ]! Q9 a5 `
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 F4 Q+ V& v6 L! X% t3 K
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 y9 l6 }" Q8 ]) l( G" N5 A
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]4 K8 k( ?' ?+ w) R+ N3 `
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- P+ d. w' B) t& m% ]' g, F
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 M7 Y+ G+ ?: a& ^
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
8 t- ~3 o: H1 f( ]$ C( O7 f
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
! F7 O& B+ Z* G1 ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 z# ~7 p% y- P( B; ?4 t" A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 O [1 }+ ^) l+ V' S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 g- k( A9 c5 J* o
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
4 _) U8 n$ ^7 c M1 e9 \
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
E( N8 V4 U- v" J$ N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]7 F, ]$ G1 p. Y0 c. V/ ?' p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
7 M! i) {' A' ~; B( Z/ x5 V4 Y6 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
" V, g2 s; p! G9 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
) A. n& B4 t( {; C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]6 U8 G8 W+ H' S8 S1 |
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]- O7 [! B/ n X2 G4 |% O& w8 U% g
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]2 U+ c, B) g, j( a, w0 Z8 q
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]' }& P% c) d( u [
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]0 V2 ~ A3 s3 W8 c2 X
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
8 s/ \) y* ?6 z" v* e: f$ w
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]3 K$ n- \0 y( X$ Q5 A: A% t: z# ~
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]( v" ], d4 ^2 x% I
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]1 Y% { y; v$ Y4 T+ R3 _
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]7 U2 c! ^( j" C" h
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]( k3 z! S3 f- ]# N4 k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- z7 `8 o Q' u2 a& A
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
! ^- P. ?3 k- h9 O5 j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- M9 P% R8 ~1 \( O' B) |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ f5 b: v9 X( Z' j c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' l' c4 @6 [% w' F) w/ g9 W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]! v; U" P: c( c; t8 p
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201] A7 D9 l- p# u+ D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 Q' i. b+ h. v* N6 |/ M5 M' `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, U$ s8 x4 N" X' t8 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" p4 g, a- o/ g& K4 k9 A" A
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" M$ R8 ]6 R* a* C: E
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]. i i8 M* u: u
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
* x$ z% T c G' _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: I) T0 O; z; o" \7 n* d6 c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! _/ u' X, U. Q% k8 v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
0 l+ i+ d5 s/ O4 L9 z+ G) P( A
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' x& s; z* B- P- ~1 z( X& N, Q* k
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
7 Z; J; B- g) }$ a* ]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% F9 P2 ~5 f/ g( E" ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
: {( e' ?$ y8 j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 S' W( t& y3 b. r4 ]9 _! }& r: |; k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. z. N! s3 Y( T: U" x
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]! G' u& W% h3 W. d4 q4 P; c% N& Y! D
==================================0 G: t3 M& n, p6 \
文件关联
7 w0 H( ~5 Y9 \5 I
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
$ H0 W* p z( k; M
.EXE OK. ["%1" %*]$ {( [& F# k5 Q9 X$ n/ |" ?9 U
.COM OK. ["%1" %*]
+ j+ o+ |$ M+ d: {
.PIF OK. ["%1" %*]
- G% A8 y8 f) O9 L
.REG OK. [regedit.exe "%1"]
& j3 Z1 D! q, _5 l. ] R
.BAT OK. ["%1" %*]' X$ `. U" O6 o3 G- ?9 i) k% U
.SCR OK. ["%1" /S]
( n |6 S9 }# m$ h/ F
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
4 o3 s9 M7 S, I3 ?7 q
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
* T7 w/ t. U; ?, C1 P& Q# |1 c1 e
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]/ O. n- D7 h: x" a: d
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]! @. i( s/ k7 d4 F5 }$ ~8 \% D
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]9 D. ^$ W( [$ l6 s
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
! {, b- u# S6 J9 Q
.LNK OK. [{00021401-0000-0000-C000-000000000046}]5 b- @7 L- a, @( k: } g/ x9 m
==================================! y% ~# E7 X0 Q- @
Winsock 提供者3 z8 x) y! Q8 F- I% A
N/A
& _1 F! b' v& `: S
==================================
: I, d0 ~% m$ b( ]) Q
Autorun.inf" x" {8 y: u* ?3 d
N/A) i9 y' ?0 Y7 I# A% L8 {5 C
==================================
" H0 k: G2 l$ M3 p3 V* K, X
HOSTS 文件4 j. k" F5 E; M
N/A
" f4 i, K! @9 m. f: m
==================================
. I; W* k( S/ D* o. o4 V
进程特权扫描6 u! O6 D# M: R5 C6 M
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]. g' G/ F6 ]. g
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
8 p( F4 q/ F; d* a. V1 q( O
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
5 b& x$ ?+ h) p2 m0 d. q
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]1 T$ m% Z( D/ d! l; R( o
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
& h. v9 L/ ~# D8 t
==================================: _% b! D5 }$ s6 z$ _' e
API HOOK2 i6 @8 K8 A) e
N/A4 b% r' J# q3 u8 D" {
==================================
6 }' Q# N* {. C6 q
隐藏进程/ V% e) u! Q9 O4 a0 {
N/A6 a' [' T; X1 J. [" j
==================================1 {4 I9 j! D4 h6 k8 z6 ]: ]
& C0 b$ R9 D: ^1 m" a) s

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115