在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

0 ~" x( l1 Y. U$ @9 e
2008-05-22,20:37:43
T# f& f! X. f3 I- S* G/ I" g7 R
System Repair Engineer 2.5.16.900
% z2 o5 m, m, d1 J7 X/ k
Smallfrogs (http://www.KZTechs.com)" x9 r3 j. u# b* q, n
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
& {; r* ^# x2 m
以下内容被选中：( v3 h" M% c) ]! ~. f" A, |$ x* k
所有的启动项目（包括注册表、启动文件夹、服务等）9 j$ B8 P4 \$ E; @- I. V
浏览器加载项
8 q8 d9 y& t1 c' F
正在运行的进程（包括进程模块信息）
+ j: u8 S, W; c: _* a+ s4 J* y
文件关联
+ [1 M _0 L; o6 L3 N8 Q6 j* G
Winsock 提供者
- n, V' U6 x( o, s: K
Autorun.inf. v1 M8 B, N; W: K. q0 ~
HOSTS 文件! s& Y6 S9 F0 t1 ]8 |
进程特权扫描$ i5 B ]! v/ |: _1 j7 d( P
- y& [' Q8 y% x* k
启动项目9 g) {6 Q4 m' a! H8 Y- e) n
注册表 U9 o* z6 w ?9 v
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
Y; s5 T+ y6 {( L" j+ s0 N" E% j
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
! H! z, Y; K: P+ g# w. \
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
* q& Q) M7 h0 g
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
; I D9 F1 y9 X
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]3 I0 X/ z+ R$ b1 P5 o) `
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
) C y0 x/ a- l$ I# ?
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]3 Q& V: g& |7 a8 f1 X* t7 ]9 D _
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]+ C* l' ]! \+ a' i; I9 o
<PHIME2002A><; > [N/A]
# p( r) d% g: [
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
1 d% W. f& e$ J$ S
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]. P1 z9 Q% y/ S; w% y/ j$ v7 E% P
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
3 I7 E, _9 W: h" C( p# W) ~, _$ B
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
; ]: ~2 y# U* o, }
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]' k$ U, K9 [, {! B0 U$ s5 N2 }
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
! X1 |/ v. T7 K) J& O# [5 V
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]* X: e1 |2 K q' y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]8 s; z3 q% a2 a; j% A
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]3 o" g! U6 M8 Z& T8 g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]: H7 S7 C G+ b8 J9 F
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
; T" M6 H+ L! ?& X( Z; M0 o0 z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
' b+ I: s0 Z1 O
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
" t% u, A* Y4 l$ w6 R q! j0 R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}], g- Q5 B$ z6 i8 v3 H, G, b
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
1 T, e; ?5 C$ b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]1 r: }% X3 o* _# t+ z: ~
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]2 Z6 Q$ C( W9 e7 B; J8 L8 X" k/ `/ ?6 [
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]) u& _5 A3 N* v) V: ?/ u
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
. L( |; @7 r. G: w. ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
. y* y l* {9 K
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]& U z6 O" Z1 a2 m" n# l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]$ H0 e( O, k) q9 I) C
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- d! h% e4 U) f4 Q5 M# u5 c
==================================
" b8 z }# l3 W- E5 d$ X( J
启动文件夹
+ F+ N H3 r# {, c3 b2 c8 o# c
N/A/ n: D6 j7 Q" }* J5 J
==================================
2 d6 D5 x- {6 ?2 J
服务% i, T4 d7 \" G& ~
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
+ t9 T; F/ @' v2 D
<C:\WINDOWS\System32\3wareSrv.exe><N/A>6 Q4 O) d" `. {, d4 w
[Google Updater Service / gusvc][Stopped/Manual Start]' \% e& y o/ Q: F# D
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>4 C( t/ j5 k+ k' W/ ^/ H
[Help and Support / helpsvc][Stopped/Disabled]( I$ {* O- D+ f0 a+ S; G
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
, u" L I( K) _2 r3 Z9 B Y6 ]/ r
[Human Interface Device Access / HidServ][Stopped/Boot Start]
+ r3 L. o e" c1 L7 z0 Q5 @% ?
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
5 H( ]& `' L) a( ^3 e* V9 e
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]+ ]9 w& R8 s' a* G+ |
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
1 ~* c! _& A8 N" N: R
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]4 G, z4 W2 W+ }, b# ^9 N
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
g; {& t+ t! L1 E( A6 I" V
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]& L: S/ X# K$ I: l h
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>' f& g3 Q# z2 s' p) z4 q
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
/ |+ L |+ M6 ^8 x
<><N/A>! P i5 p7 L8 M" ]
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
) y$ ~; u" n- n# U
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
( m7 w. y! }, H4 H3 J
==================================/ `6 M- A& [$ A& y0 l
驱动程序6 ~# u6 i; P) _+ W/ r0 M2 Q
[22j / 22jn][Stopped/Boot Start]
/ ~6 c6 g J' [- q
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
, w* @! ?- u* i5 [
[360AntiArp / 360AntiArp][Running/System Start]
. A+ Z! N/ F! q8 Y' G, o
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>! Z- d4 x' R# O$ u Z) o G( Y
[43ec / 43ecu][Stopped/Boot Start]
) P6 H( I* E& F3 X
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
& n* O2 \: S6 D
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
: ]: r3 u/ q5 Z2 F
<system32\drivers\ac97intc.sys><Intel Corporation>7 Z9 Y- e+ `0 R5 y8 h9 d8 S, Q: B
[Promise driver accelerator / bb-run][Running/Boot Start]" ~! s" v. F$ I* n
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
1 D% S ]8 Z- S" ?6 y% G% \
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]7 T0 M/ @( U; l7 @% _
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>, {/ S2 p2 Z* G" d. K" U8 W- j
[KAVBase / KAVBase][Running/Auto Start]
. |6 Q& K7 N# q5 z
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation> J" G# L3 X: U- U
[KAVBootC / KAVBootC][Running/Boot Start], O% v3 n( {+ c, z- v1 G
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
. E7 ]1 w+ D3 L4 B6 T# ~
[KAVSafe / KAVSafe][Running/Auto Start]& a/ f2 \; P( \( G& b8 n' k
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>; B* o3 C$ o7 G. y) d) ^
[KNetWch / KNetWch][Running/System Start]
3 {& @3 c1 u2 J! @, @( }1 a
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]5 |) V1 i# p2 g I$ x
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
0 F$ Q- f; l0 E; t; U
[ntptdb / ntptdb][Stopped/Auto Start]
4 t8 X% f: W1 Z" R6 p1 J% d
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>6 y* e0 X3 a0 `9 U+ [$ e
[nv / nv][Running/Manual Start]
7 U, [: M' K% o+ k/ _+ b9 i
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>. X0 @/ m5 x* L* [
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]6 O: v ]+ ~0 ?3 r
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
& r. j2 f. h0 d) {
[DDK PACKET Protocol / Packet][Running/Manual Start]
0 u- c0 ~5 r5 F' X( A
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
7 t0 _0 ^6 [% C; z
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
* A7 D- h$ \) N; x+ r6 e
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
( T/ q) U* v6 Z+ G
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]& ?5 ^" o$ L; u) f9 F
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
3 G6 N/ r4 y7 O' F0 R0 e M
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
, ~3 I5 F' m- y. X: `
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>4 e3 F- U( K. p, \
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]; f" S @. P0 S" F1 ^; Z# c
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>1 i O9 r. W; n
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
# l" o* f# j* o3 z5 }8 S/ O1 M
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>4 J/ v5 g9 n: s. @
[Secdrv / Secdrv][Stopped/Manual Start]; Y0 a& x' ~# g4 O
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>9 V) h0 e0 Z0 @' T+ G4 w! ^
[SATALink External Device Filter / SiRemFil][Running/Boot Start]9 R8 n& t! K( m# a% }
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>/ J+ \) {* o) Y) }
[System Restore Filter Driver / sr][Stopped/Disabled]
* W( \& V9 k7 C- v
<system32\DRIVERS\sr.sys><N/A>$ t7 c0 P8 ~& P1 ?6 X9 e
[TesSafe / TesSafe][Stopped/Manual Start]+ B5 k I+ E7 D! A* t% _
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT> h9 \9 s. j' ^& p# `; z" x* D/ W; ~
[System Services / unzxzsrs][Stopped/Boot Start]
" k5 A7 ^% S% A+ l& e% F6 Z8 R& ^! ^
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
" z- m9 {7 ^8 a/ w6 ?
[ViBus / ViBus][Stopped/Boot Start]# `# x: _2 }* Q
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>2 l2 r5 M3 U) |! B' y- m
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
7 | _8 {% J; \5 Z
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
) h; W9 N& Q: w" C3 _: K! F
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
5 y0 |- T5 f {2 a+ r0 O7 C
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>, x) X6 ?) O# w6 _% U8 z
[ATI Extend / zhibmaso][Stopped/Boot Start]
- R9 p* D. E& N0 K
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
5 C' R5 G" e# }( t* R
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
5 W1 Q2 D1 K1 A6 X
<System32\Drivers\usbVM31b.sys><Vimicro Corporation># s# H- c7 s0 m
==================================, l- \% s, X% F [
浏览器加载项4 j; B5 Q5 D% q3 E* E# G* [
[Google Toolbar Helper]
- u# u& g2 ]0 p* k
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
7 ]! j; M- o/ ~; x5 k0 J( H# O
[Google Toolbar Notifier BHO]3 r% R" Y/ D/ U7 I9 y2 J
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
& e( U" r+ c" I0 \# M/ F
[SafeMon Class]
; E# f# Z+ c3 z! g I0 [1 Z# y
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>* d5 s( ?) o' W; p
[kingsoft browser shield]
1 Z: K/ C% N, S
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation> W- O2 P- W' @1 U8 E# o; U
[IEBuddyExtControl Class]
0 \! z2 K* S6 H2 ^
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>+ Y* s% G3 p7 c+ O
[Zcom 杂志]
8 N* H% s# o+ K# L1 H
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
; ?) M' a6 s# `: q$ G
[&Google]& s9 M- t& g7 L2 l8 n
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 e Y+ Z+ p7 U* }3 z. b
[KooPlayer Control]+ W& |- Z, U/ F" ?! z5 N& _2 Q/ [
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
7 Z: w+ f5 e3 D+ P3 x/ W# g- h
[Shockwave Flash Object]
8 I* p. y T& `& k1 a$ I, g
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>+ b8 e6 {* e6 q
[KUpdateObj2 Class]
; R% F2 e d8 F" {" R& h2 k
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>9 G2 y9 r8 i! A3 _/ f( g9 r# L6 f$ F
[Google Script Object]
* ?- o; i' y. ~- U: C2 x( ^
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>% R7 l! W/ }2 u* [
[EWA Control]! V# w3 X2 y0 w# I
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>% h+ T7 s9 Y3 ]
[Windows Media Player]. W0 U: J3 c( ]0 K& V0 V4 e
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
1 n* m3 K9 m( E- M4 I
[&Google]/ P- c- m4 k* C5 Y4 i: \# \+ }) c
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 w8 |) E O+ k% g
[HTML Document]
# o) r" w9 H- A# L- C9 a
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>3 P# l* N- K7 T6 C" y6 a
[DHTML Edit Control Safe for Scripting for IE5]
' y+ t1 v9 O5 B7 c8 }" x3 |( a9 [
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>4 O+ s5 K* d$ F! h7 @, g
[RealPlayer RAM Download Handler]
+ h) ]0 S+ y% b. s5 j
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>2 w: \, f% H; @1 V
[IEBuddyExtControl Class]
3 W3 p( R4 g4 D+ n5 r
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
6 }5 X$ X3 a. G( p' p/ [5 w! y
[XML Document]
) I6 n' g5 r9 A+ ^
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>8 z6 F1 b0 O' e% i. d8 i
[HHCtrl Object]0 h Q5 }1 z" Q+ }- p% i
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>2 K; N$ n% g- c2 ~2 `& b* m
[Windows Media Player]
/ O/ ?: k a3 F1 |- H- b, Y
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 n8 |9 Y' s% t
[Active Desktop Mover]
4 \9 N' x6 f( _4 L
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> \! f8 t9 q( E* i$ v
[360SafeLive]
: E; W* |5 }2 k' ~! i% l- L6 `4 x" O
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
. R$ M% v, M5 s
[Microsoft Web 浏览器]+ r8 u1 G& p- ]' [/ R' A
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>* K$ P5 y$ P" M
[Browser Enhanced Objects]5 D% r8 s/ U; V2 g9 ^9 a
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
2 r- f3 V8 y2 u6 Y( T8 y
[Google Toolbar Helper]& u- |+ c' ^5 c' F
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>% x% g7 W& z) S* P5 ^' r, B
[Microsoft Scriptlet Component]% D- I4 P& _8 L
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
# c% D, `5 a/ ?' o7 Q
[Google Toolbar Notifier BHO]
8 {9 K. G/ S* l+ F
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
c2 {9 K8 A" K2 C3 `: H6 l. }
[SearchAssistantOC]7 g5 C+ k, K* C: l
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
0 k8 A s( Z9 P, m- W/ Q
[SafeMon Class]
: n C+ n: E9 J1 R" M
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>! G/ d6 w6 @6 B( [% x) _# R
[RDS.DataSpace]
) m A' Q; P" c+ R/ k1 Q
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>: T8 Z9 d2 V( u% e; p0 e b
[KooPlayer Control]
4 ]) g4 g$ j# O5 N6 J; w
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
+ v7 e9 c3 s9 G) E$ }4 W) Z, M1 V
[AUDIO__MID Moniker Class]& i4 {$ G# u6 ]3 \
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 N9 D6 [3 A6 W8 k
[AUDIO__MP3 Moniker Class]! q; G, M0 G# A9 u/ a, n
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 P. x& T9 h1 ?1 v7 M
[AUDIO__X_MS_WMA Moniker Class]9 f/ l% J4 X6 ^, G# r, q
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" A( E4 k! Q9 ^+ k' V, M o
[VIDEO__X_MS_WMV Moniker Class]
' ?1 I, l/ r: [1 o
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 G x0 [/ C$ ?0 H+ ]
[RealPlayer G2 Control]3 d7 I! J) C! s
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
1 x3 i( h- b2 ]5 d& k' b
[Shockwave Flash Object]7 X# I7 z7 [$ _' T
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
4 t. e* n. o5 ~' \: y
[KUpdateObj2 Class]
" e. C' L( X; d' f! s2 {& J" j
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>. G2 d( ]' \( H" E4 Z7 n
[kingsoft browser shield]
) ^0 N% p( C; o6 f7 m# }
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>5 ~# T3 K/ U6 @$ L2 g
[PasswordEditCtrl Class]
) x. N( E$ A$ v- k1 h. z% A" \& ]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>+ p. y5 b4 v. c4 `' {% ~
[QvodCtrl Class]/ S/ K( Z6 _6 W. i3 b) \0 R D
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>1 L/ L3 |' N6 s( [4 z: y9 y# v
[&使用超级旋风下载]
+ H) R- `: R' E, {: w; K
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>* `; a, i. n5 x) n6 k6 N# }! I/ |
[&使用超级旋风下载全部链接]
9 I% d. G8 {* V# j2 D/ U
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>1 ] g* @$ M3 s4 n; k: W* y
[使用迅雷下载]
9 |. a3 v. d6 X8 D6 d4 B! r
<, N/A>. G7 ]6 Q8 T5 m; A# v
[使用迅雷下载全部链接]
% d$ i& u- P; f1 F) w3 {
<, N/A>
/ E- |5 L' L. O* J3 {
[导出到 Microsoft Office Excel(&X)]; H: q& A/ T+ Z; N" n* z+ ~4 M
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>6 O2 `: E* S+ U/ ]2 Y" E7 P
[添加到QQ表情]
% \% F- l3 }# }9 i* U" b* K7 b: n
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
& q9 s7 h0 I3 z- q- K+ `
==================================$ U* V; a. {3 [5 Y; y
正在运行的进程1 z/ U1 k) i2 ]8 k, H
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
s, e, i- M, Z |2 s
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- V8 o# B8 G+ l D( X5 A
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 g9 \( o/ n; p* W) _* h
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
G: [0 m( [8 h2 B* v5 ?# ?
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ X& @ y/ b2 w1 n; v* j% Z6 P$ g; n
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' y3 V- A! m! l$ Q6 @
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ X$ [0 ]$ E7 l" b* D+ G
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* G2 p3 _+ C& h7 S
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* ^, ?' V. d3 A' q! M- r2 z
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ H* d+ C" C$ `. O
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' F* G/ L$ e1 i" l$ X8 k! B
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
. l) N: P& n. c; Q4 N3 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% Q1 T, H3 f4 s( z0 b" h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 K# x" d6 G' m, w0 \- L/ ~
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]: D" Z$ Y% d- A/ {
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 i, T* R9 b0 Z8 p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
5 _" x9 x! ?! O& [, I. J( ]* T9 u% X
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]% f7 _4 O( P$ ^8 I6 p3 k
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
" g1 B7 o% [+ F9 u8 b0 h
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
, P4 _+ L7 i7 w5 y
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
( N; K' a. O) S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ {' ~5 u: C6 `7 h! Q7 b5 \
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]0 Z' e2 J, K" L8 G1 a% q7 |
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
7 w3 Q' E* V1 H3 o- B( v: Q
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
1 C+ Q6 f4 f9 O2 w8 B* E( \; q" ?
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]( e- G' S1 O2 h
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
4 F2 J' Z/ v5 t C" N
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. t% `% d9 g4 L, }) D4 r5 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: _& O& N2 T$ ^7 q9 T* }: y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
8 q# e4 f- w7 D+ K: J$ W# ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 O' x& h4 r& s" T9 T- B
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 `: W" w3 J9 z( Z0 E7 f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 P& }. H P9 Q2 p: v9 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
2 @8 Y3 Q3 j/ u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: D8 c# p: |% w' I: C3 M* m
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]+ r5 e1 Z1 C4 C1 w0 }/ `/ Y
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]4 d' U- f# d& |) U* d H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# [) m1 k9 h- P: R1 d$ z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: F7 V8 H* O, @: V4 @) l( f" ^
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]& j0 }2 d6 s/ G2 e, r* e1 |
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]2 q V7 y: d8 J; g
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 I6 X0 \; L( Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& x) I3 H3 N5 U; m& }
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
+ t% u9 L5 ]( C0 _
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53] u+ l: F. L m5 I9 I5 `
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 l$ w& D) E/ D9 q: S, D
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( E3 V0 S3 ^6 @& `, a" y8 J
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]$ } l/ c0 P5 W3 q3 P; t; O
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]+ }3 r( i: ~7 v Z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 h8 B: t% _, x4 ]" ~. O1 Z. x" i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 x6 c7 ~( G8 a( o& W3 v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]$ v$ d* {5 {0 y$ r' c' o' i' S
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
# O# D2 ~, q1 |! ^
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
+ I4 S- ]4 T9 k, p# W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
9 I9 Z" \2 F7 L$ U5 i, L1 u& ~$ ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]4 ~/ X5 W' d( q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
$ j: }! _8 G( c+ T, l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
7 O2 z7 S, z( q [1 [* L7 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
% ]) }) @9 u$ z1 g3 ^% }3 ^
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
5 _# [- j6 ~% i( k4 Y6 m- G
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]4 e# f- g$ H/ D: Z; L5 } O
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]: d; {! c3 C n# I8 [- B
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1], h: \/ d" A& w
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1], i: v# a1 K" R
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
1 U3 V T' y/ {5 ?) A
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]: c2 Z) i% [2 D1 X
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
$ X4 A4 a: D P
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]% M6 l/ E' F( m
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
: P" e9 [3 Z1 e' N. @2 K6 w# O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" \1 v! G. M$ r1 m" I! I% D
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]7 _9 v) ]% H' P+ R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ e! [2 m" U5 e! |) I1 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& M' p. x' a1 t0 t( i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 |$ B6 {. `8 n m1 l6 s1 b& _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 t$ v# Z3 h$ f* s5 v4 d
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
8 v0 [& K) x! T: p* A0 i
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 D0 b9 o" n( g7 B# B0 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5], b* w! G9 J Q1 J }) Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* P ]# D% ?% y0 {' F
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& [1 |: [! U* y2 s' f5 X
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
# D7 J) q9 u' V* ^
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
# u; i; y4 `( Y: O: b! W
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 k* r4 g# J/ ?( j% D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& Q" }% m9 o- r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 m+ V; k6 ]( h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ Z7 [6 ^) M" Q: P9 E! ?) c
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
. e4 `) X: G. H* O0 M @! H9 A2 M) F
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% |! Q0 I$ `" _1 d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 z! q% |: b! |3 U% K$ r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]3 E% ~; F% m" n$ q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
) n6 b# H4 s, F+ w! P
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]: K1 Q1 c* d* e6 R! s6 F x
==================================
+ U" A( a, t$ C
文件关联
" v" ^* o% u: \' h ?3 D
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
9 p; w' M1 S( q! M g
.EXE OK. ["%1" %*]& `# @ P- r9 z F
.COM OK. ["%1" %*]
8 X4 |4 K) i5 ?2 ~6 Z0 Y
.PIF OK. ["%1" %*]
& l" C+ y" d& X P( |
.REG OK. [regedit.exe "%1"]) n0 w( l; `$ v$ Y i6 o& J( S i
.BAT OK. ["%1" %*]
8 B5 ~# I4 _0 K- E
.SCR OK. ["%1" /S]
' ?$ }1 u& ?5 F2 X
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
" L3 s" ~1 }% J) M
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
" e& t' ?, x9 r3 M) d
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]- I+ m% N7 g G$ K, w1 J! c
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1], I2 k2 x# g! ~' |3 Y7 P* f
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- `8 x" w( Z+ X9 l; i1 m
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
! y# P" a2 f$ o, o
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
% s* R# L# W, c! Q8 q
==================================& w, C% t8 G) y! t) k) u' r
Winsock 提供者
1 }% P# E/ O' `. _ a3 I
N/A
3 v% P4 Y1 d2 n m/ Q
==================================1 }4 o. Z' i, S. T* g
Autorun.inf6 ]- R* j6 v" ~7 a) N, r5 p$ r
N/A
& X- ~0 [9 ]* S1 U9 d U ]2 W9 N
==================================
( {: B2 g$ K# d# S: [* z4 \1 e
HOSTS 文件5 s" |5 b3 o4 x5 E# _
N/A _' Y' t3 y4 B( ~2 ?. f3 e
==================================
4 z% y5 x# p$ _
进程特权扫描1 Q8 c/ q) f7 h" i+ Q- e
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
1 i+ Z: e- r' J! v
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]2 p6 D5 O& K( J9 {0 \/ s
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
- J/ Y2 m+ o, ]+ c) C
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
3 o3 s( h! V7 s2 t
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
I/ D) J9 `7 p9 Q3 h/ ^, j" T
================================== K5 w: d# o* o; w* V& m
API HOOK/ b4 }8 R. ^8 M% Z8 Y
N/A
. A* g9 k, u' Y4 V
==================================
7 o9 f* h2 s2 Y6 j0 P
隐藏进程
. U: @. X, y- Y5 ~' C' x+ U( N
N/A
8 T/ ?; K0 ]3 F ~
==================================2 u) b" a; H1 N1 I# L- z; ]# D
1 d5 Z3 b% N% M/ {0 ~7 x9 l8 e

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115