在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

2 a% j" D- [3 R/ b( b' r, N
2008-05-22,20:37:435 ?$ O& N4 R1 A1 z' Z
System Repair Engineer 2.5.16.900
' N3 w2 _9 _: I: j& g5 C8 p7 ~
Smallfrogs (http://www.KZTechs.com)
' p' P ]4 v4 v2 Q3 J" Z/ A
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能% V6 q( y& ^; A( x4 n! ~
以下内容被选中：
" C; u6 U; X# T% v. W+ A3 t4 ]9 b" x
所有的启动项目（包括注册表、启动文件夹、服务等）! m; l3 n; e3 ?" b3 c9 `6 e1 c
浏览器加载项/ n; v) S1 ]3 r, [
正在运行的进程（包括进程模块信息）
4 ]( B. b" Q3 b$ ^3 z
文件关联
7 R, u8 l* d' M0 o* E
Winsock 提供者
# S2 I% S- }5 t( W, W+ `* _ I
Autorun.inf$ H7 Y7 c w' h$ r x; m/ f
HOSTS 文件
- h, }% Z& h( O T& i
进程特权扫描
, L2 D0 b% ?6 t- y0 l7 _3 z2 |
8 S! X& O3 B, `" K
启动项目" a0 I& A& |9 j, c# U
注册表) G9 T+ s/ f9 y- P
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]) u5 z+ W# a. g- o0 o
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]4 w3 K" b# v( G! h2 m
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
+ o6 y+ d+ r* Y1 d$ k, o
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]! n# N2 o( G% k+ k& w" q9 h
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
1 v# u& u+ _7 ^9 l$ ^
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] n9 }7 b4 I9 {7 E
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]% z" u+ \3 `3 i1 b( {2 \* _( A
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
, C1 Y6 Q% p, l8 |5 p1 u: [
<PHIME2002A><; > [N/A]
9 B( {% l! P, R6 D/ f
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
3 \4 M8 `# f" j" N0 z5 s0 o) `
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]( G# i0 t! O5 D) W2 D) h* m7 f
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]# S4 i! p; [- w7 D2 t
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]( g4 n0 k5 a2 `9 A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
7 c6 ?4 {$ X) g4 U) t$ Q. P+ o6 O
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]3 U" A1 O* m9 p' s- T/ `
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
, y1 @3 X+ ?/ }' A, e
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]+ d% W: ]+ k8 d, H& b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
/ R8 T6 S8 R1 Z( {8 o
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]7 l& F* z1 E2 j# e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
" U0 u* {; A1 Z0 f O
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]" q, y3 X, ~: f% s) t" {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
3 i1 W7 ^. A4 j0 Q2 ]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
. N v6 | C/ |' s- s- ?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
+ }& \) w- E) {1 D, K. e$ g4 e
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
- Y, B) T" r6 L5 \8 l( s% \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]5 X# }! m! q. e, Y0 \+ k- h# ?5 ^
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
7 [1 A& U4 X: r$ `7 [4 O9 {2 R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]- [# ^& ~ x$ ~7 K- G3 A0 }/ a
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]. J: N1 `) z, y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]. g4 r0 G( F3 v" I
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
5 t$ y& {+ u0 t3 [/ O6 Q
==================================
- F8 c! E8 W% w2 A
启动文件夹' m) ?& W( h; t# _5 f* ]( l
N/A ^ g. w# _5 c8 @; \
==================================: O) b- d' _( m! S$ Q, d
服务3 ~! P. g% j! W' w
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]( [" F6 b9 a$ u Q
<C:\WINDOWS\System32\3wareSrv.exe><N/A>6 @% }* q1 b/ a9 z
[Google Updater Service / gusvc][Stopped/Manual Start]
3 x1 r0 }: o0 K$ y& z6 C/ U
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>* c9 B9 V) H7 z9 s" {( [* |8 Y
[Help and Support / helpsvc][Stopped/Disabled]3 L t+ ^, o1 \$ ^- W
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
& f H' @. T7 l; N" Y/ R1 c
[Human Interface Device Access / HidServ][Stopped/Boot Start]& n; v, i+ Q r! r) [
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- I6 Z; D! e5 S6 J
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
( @- [' G& H3 v+ y
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>9 A3 p; y* S( [3 F$ Y. H/ D) d
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
8 p$ t" u6 e$ ^) Z2 l) g- A ?2 ~4 ^
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
+ m2 Y# O% a3 M4 b- W
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
& z0 Q+ N. x h; o% C
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>: s' R* u! ~. R/ [9 Z' R1 X
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]( L1 E4 n M& X! r& _4 [
<><N/A>
# i: f: M$ C3 P- i) Y0 h9 v
[Qvod Terminal / Qvod Terminal][Running/Auto Start]/ x% [, a4 d0 P8 J, S( S
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
! _: D6 t6 o/ s0 T. o' _( X
==================================) ?7 W) p0 t+ u& E. [& n/ j
驱动程序/ w- y! b2 Z/ d( [
[22j / 22jn][Stopped/Boot Start]/ I4 s$ g# k6 j0 T. F5 O T% ?
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
, S$ O; D! P& e) ?( D6 g( L
[360AntiArp / 360AntiArp][Running/System Start]
9 l$ j0 u9 S/ U' f: u3 S1 I! a5 `
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>9 i/ N( |7 k9 q3 W5 J3 f
[43ec / 43ecu][Stopped/Boot Start]
; C) N5 T2 z" ?& v6 W
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
9 c' |; R; R* u! a* T. n
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
% A- s6 `2 }' F0 u h$ @
<system32\drivers\ac97intc.sys><Intel Corporation>
/ f# Y; D) A! g( j$ D
[Promise driver accelerator / bb-run][Running/Boot Start]$ l; t/ x: a8 c) X- n
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
: h6 X4 F9 N$ b0 E
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]: A' y+ ~, J! j$ [
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
. q5 ~, t2 r/ A. @# R9 t( z9 u
[KAVBase / KAVBase][Running/Auto Start]
( K$ I% U3 ?* ^. U2 O' s7 G+ s' T6 H
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>* O) T; K% y4 @( i1 Y. U
[KAVBootC / KAVBootC][Running/Boot Start]# v% b) c, L; }5 u0 A1 t
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
/ H0 [( z2 b& h% p ]4 O1 d
[KAVSafe / KAVSafe][Running/Auto Start]$ }/ r- ]5 }# ^' f/ V0 n* }
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
6 W. e5 f+ d2 y
[KNetWch / KNetWch][Running/System Start]
8 @- p; y* I/ h% F) F: i2 u
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
8 J, y/ d3 C3 S# Z# f
[KWatch3 / KWatch3][Running/Auto Start]
8 j& {, S6 T$ V- g% y
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& L2 H5 U1 _, T9 m4 f
[ntptdb / ntptdb][Stopped/Auto Start]! X) Y' D, U! L \5 @( w
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
) q/ s3 y, ? R) [
[nv / nv][Running/Manual Start]7 [ I5 m8 U3 W# Z ]* s
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>% f0 Q7 V& f0 x
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]" Y1 c# Y( }( T' R7 p( _
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
& x9 v d1 _ }, Q+ |3 ?
[DDK PACKET Protocol / Packet][Running/Manual Start]
2 K* u1 V; R. a( F; V5 c8 G0 C- n( j5 p
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
9 `- ~; m& o* p1 I( }
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
2 L/ z% s. W# d
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
% P* e: C# F3 k) S9 O% [
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]; u/ o' m8 d( B4 D
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>: g. \ {9 @" a- C
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
3 R; S7 ^7 K- `' K( n8 A ~
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>% v& W7 _4 ?; F1 ~1 g" X5 x W3 k
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
: P% w% O6 N! S
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
1 ~3 v- a5 e. D$ {, F
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
% ?+ E" y/ A" q+ R b9 n8 N( Q1 r4 T
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
( E( `) g: c3 F7 h4 ~+ Z0 u; K' H
[Secdrv / Secdrv][Stopped/Manual Start]
. c4 p" G1 S6 |/ ], v5 g- w$ N
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>! f) T3 R+ M' l7 [( N
[SATALink External Device Filter / SiRemFil][Running/Boot Start] h7 s0 f( v0 X" t/ H w1 G: m, V
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>( m: s. K/ u: V4 z$ T& r4 E
[System Restore Filter Driver / sr][Stopped/Disabled]
' `8 o8 _! Y/ e8 C4 j' l
<system32\DRIVERS\sr.sys><N/A>% L6 e6 b7 D; g( r; t! [ s
[TesSafe / TesSafe][Stopped/Manual Start]
3 L( ]1 g8 Y7 w, V, r0 b/ a" }
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
( ^9 Z2 p6 t9 f* m
[System Services / unzxzsrs][Stopped/Boot Start]( w, S6 _' z+ t9 ?, r A! G
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
3 n+ x4 |' `% u( B
[ViBus / ViBus][Stopped/Boot Start]
; ?$ N4 t( G, B3 l; [6 k
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>. h! ` N0 @1 ^3 s4 Z3 B
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
! Q/ n Q& \. o) ?
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> E) v( g: f& D5 m7 o
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
" B& M E ~% X
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>7 O" @% B A8 O/ N: ?8 `$ T+ ]) U* ?
[ATI Extend / zhibmaso][Stopped/Boot Start]1 K! ~; N3 ]$ ?: b
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
" ?1 H3 I2 m5 r5 T/ U
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
) N0 \: ^6 g9 |& z: F) X0 J' @# o
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
9 w9 {0 u1 D7 M- z
==================================8 w2 l! k6 ]- I. G. G( ?8 U0 Q
浏览器加载项. l P' b, J- {. E8 w1 b
[Google Toolbar Helper]
( R% e9 B0 i7 R$ L7 H( a+ P
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
! L. Y3 |" x3 S. Z2 {2 v; F5 i( X# Y
[Google Toolbar Notifier BHO]
7 ~9 @4 I2 z8 B* A
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
4 ^. L) R: E: l' q1 v/ ?
[SafeMon Class]& {* m% k" p7 |$ K3 s5 n6 _) j
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9 ~" W, f% [/ z: I3 s+ X
[kingsoft browser shield]8 g4 L5 [8 v) }8 T, X( M
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 @1 _1 ?1 E6 h+ d# Y9 g o
[IEBuddyExtControl Class]
* I! Z5 p& x0 b" q3 p( j9 U# Z& C
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation> ^7 u4 f& C& l9 r1 m5 [" Q
[Zcom 杂志]
; f! d, }& {; N9 Z4 u
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
$ J& i$ p- s1 H
[&Google] w* J$ }4 J& `4 K9 x5 A
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 m6 \& K1 F1 O9 t9 U' G3 }
[KooPlayer Control]" V7 F: h! u2 v/ ]+ ]/ W) v, v2 s
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
1 y4 h3 \* T- W3 P( ]
[Shockwave Flash Object]
! ~3 E9 s' A1 b8 S" P1 m
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.> i c) L4 F) V7 a N- e
[KUpdateObj2 Class]5 _: r1 T' }4 x- s9 l
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>0 t( O3 B) f8 k! J }8 N
[Google Script Object]
1 t2 }. @/ m$ z3 x
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>+ E, v5 K( D/ ^6 G* f8 S" ^; u
[EWA Control]! ^9 ]" }. b: f6 B
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
; T* \" S: f" P5 x1 O
[Windows Media Player]
- M! t" z7 a6 a: k8 f! o0 O9 b
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>8 f7 e/ j' \' H4 Y: R, `" f/ u' d
[&Google]* [% w$ a/ y }8 T9 B
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
% E4 F A1 P6 ?6 R
[HTML Document]7 m& |+ T; r; H* q* ~
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
6 t& G, M% x" u7 c% V. _% [" R
[DHTML Edit Control Safe for Scripting for IE5]
0 N4 O6 D0 p' y
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
* P# `1 `% x' @6 i9 `9 `
[RealPlayer RAM Download Handler]
9 T* s7 b% _! F) L5 {4 n
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>% V0 t3 i1 d" K z! w1 y& y
[IEBuddyExtControl Class]8 f4 [# g/ m! Y& s4 c; p
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
% D* P1 i& C7 V; p' c Y0 X. C0 b
[XML Document]8 P3 G( A4 ?( T2 B) |. [: e' P
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
7 R3 `# D( `! U6 z0 C# h% g
[HHCtrl Object]
% \) f6 c2 {- d; _8 W- i6 @# `
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>* Y! r8 H, d8 R* a
[Windows Media Player]
& V- K) q- l( d( p7 w% \1 |# j1 ?0 a7 F
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
% O6 j% ]0 e5 f$ G4 `
[Active Desktop Mover]
- U! g8 _+ F4 ~5 z1 U" M y
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
; s4 t, n3 x+ \ _" C
[360SafeLive]
. w* \) \) p6 l* P
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
1 G: a: n# E$ D$ l! @2 N
[Microsoft Web 浏览器]" A4 e' @2 b, [9 x
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
1 _; r( f* H+ q: w; l' S3 r
[Browser Enhanced Objects]' N7 C- }( o* {3 E
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>0 K1 `& T ^$ e- q
[Google Toolbar Helper]
5 Z- h: _1 B0 C+ q& h+ o* [
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
& q" ?+ T& \7 A
[Microsoft Scriptlet Component]
, B+ b# ]- R3 y A# x8 X% H
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
: D6 W* y3 \8 j" g4 o3 L
[Google Toolbar Notifier BHO]
* V& w- d+ p6 w! M: F. s
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 s. k6 y( z2 s3 e0 N* k. \
[SearchAssistantOC]7 i* D0 f7 g9 b) U/ E* A
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>: w5 J8 s& U* G" m
[SafeMon Class], E7 ^! J( r$ b5 S" y: z. s
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9 ^9 v% M, `8 t. R. k
[RDS.DataSpace]$ M) g3 g% v+ r+ L9 {% i( w
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
$ a; L& h% S2 Q1 O: ~% a# C, b
[KooPlayer Control]
, n+ [/ E% R1 W
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>. [% q2 C& o. y! ]' l) u
[AUDIO__MID Moniker Class]
" |* z$ V! }9 i9 _
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
) A' r0 s# ^- e8 z3 u6 K
[AUDIO__MP3 Moniker Class]
% T$ B7 C/ P/ O% n3 b2 w3 q
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>& u {+ I: ]; V" q# Z1 V4 X8 P" a( Z
[AUDIO__X_MS_WMA Moniker Class]
3 Z% _6 T/ |$ O p+ k
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
" z# s2 M! Q9 J' ]$ ~3 G( c8 x
[VIDEO__X_MS_WMV Moniker Class]! l' d( k0 l" D+ {8 X
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. L- D, [" @7 i8 k+ i B
[RealPlayer G2 Control]
+ U/ z) l. ?( g# K, ^
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>0 y$ b+ x* R" o! _% C
[Shockwave Flash Object]1 s) ~1 I5 n" \6 _" `( h: C
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
`9 F. p1 N+ u- _9 b
[KUpdateObj2 Class]8 M- p$ @. i- q- \
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
4 ?9 P% b8 B7 I! C5 j }; e. Q" P
[kingsoft browser shield] C. u2 Q3 n- W% s2 T
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>% s: a7 Z; z- C7 q7 }( A
[PasswordEditCtrl Class]) l' b b* U( I7 ~3 ?
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>" c, H) }- I; s6 k: @
[QvodCtrl Class]" `+ w: L0 k) r; c: S
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>0 Z# b0 d, F% [6 b$ e0 S
[&使用超级旋风下载]4 @% |# O- X6 b6 ]1 c- \! W0 O
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
' m- {- g3 l" T
[&使用超级旋风下载全部链接]
+ g: u2 E, `, u0 g
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>2 H1 b( P2 i) K$ M0 U
[使用迅雷下载]
& `; T( ]# i" f# H. J+ `
<, N/A>
( [6 d1 Q' h |2 k- E3 N. |
[使用迅雷下载全部链接]
6 D( ~0 r, C* ^4 o: @ M8 H
<, N/A>
; W; g1 s: F6 I
[导出到 Microsoft Office Excel(&X)]
* Z9 [8 P9 f6 x+ u6 v7 x
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
( D, u5 e8 k0 X/ D5 l I
[添加到QQ表情]
, c6 y2 \$ U- R G
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
$ S# [& y. Q$ b4 Q9 Q' P: b
==================================
2 c/ ~2 @" Y* f/ [" b
正在运行的进程3 e8 q' g: L H: p8 p9 H; [& q
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 L5 M: A1 q% [. ~' P( \" S5 K: d
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 Z9 F, W& ]2 A' d, h* ^. H
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 v% P4 i$ {/ }( C4 {" U) h; L
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]6 o* A8 N" H. \1 m, o; P8 r
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' m/ R/ T5 l+ |5 S4 J0 P
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 x2 T8 S' Q! O% O$ c9 M
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' s( u, J4 f9 F7 W# v, v
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' C- J) D: o4 [5 C5 j/ e" o6 t
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% n: T6 K& I$ g0 A) g3 `( U& n4 ]0 r
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 ]4 Q, D! W4 I1 ]: i* \1 t# j/ _
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! y: P2 E+ Q5 m" Y# n/ ]
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]8 ^4 ^" a- D6 _& l% o' x; h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]+ g5 \" z R% r2 l! L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* T+ X4 U2 ?- Z" Z
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]. l6 |/ s; `+ d) g! [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]9 G' P- C. y! t2 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]8 X5 X+ \/ M; W
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]$ j! D+ S; R& B& v/ |
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]0 i3 ?3 P8 b5 w
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]5 z* h# ]3 |7 b: F
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
: u+ T7 Q' ]& C/ H+ v
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: Y; l' t/ q# W- W
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
/ n8 U8 ?8 t; |2 \! _
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
?5 r6 s9 U$ o, ?. ?
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]1 s, u* Z& X+ w$ h- g
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
% |( c( |0 J0 I, e- v
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]" p" L' N" e# d% y
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. y/ D5 j- w& a- [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& @: V2 {* h3 j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" t/ b& ]4 l6 p2 w( {& z. l
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 h' }8 r5 f! ]$ _
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# `7 e3 M2 Y$ Q Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' Q+ S( n; S2 Z8 t) a: ?1 l5 m0 F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& j. j0 B- J( Y# J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. d4 L* B5 z5 {, t( a" l6 U7 Y
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654] L5 R0 ~) A! F2 P8 l0 x" x
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
- T) I; k: z) k8 J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
" r* b! l1 u' H* W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* b7 E, `" q3 o; b5 |6 I" o
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]+ X. @* H5 j5 V+ R# c
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
9 C8 @1 f8 J( m# l
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 j# E9 S" a! G8 K2 a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 o) U* w4 C! B$ O' ^5 p5 Z# v, A! i* ^
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. r1 V% E$ y: j+ I+ E; ~2 w1 T3 g
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]2 A, z' k. a. [# X" b# k8 D6 J
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ h A. w' ^' `* n; D3 q( n
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 I. n3 f* x( q
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
/ R/ V* M6 G) p7 ]" U5 e4 v
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]0 a) S8 \5 M; p) ], ~' }0 |: S. l
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# e) k2 Q4 k* n# g# f z* }( A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 R. C: X1 n* B X1 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 F, q) ~5 N0 V+ B9 G) D/ x8 ]0 z9 e
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
+ A$ D' |0 \" X, c
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
1 Y9 K3 w1 \+ @9 `& ]7 I) i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
- D' a2 @ A0 p8 Y. g3 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
8 W" p3 U1 r+ Y: W* {/ Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]: R/ S& Q$ R; K" b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2] h: m2 z8 {( z/ v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]' ~4 E$ k9 P" i1 M2 e1 y" y
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]' z4 x& O. l; u* H; ~, Z' _
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]" Y: B# l: }" k- j" K) U& F$ `
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]; e% F) h% m# q2 N$ o2 F
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
2 J9 [7 O/ w5 ^2 H* A1 i F0 u
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( V. g& @( ^: S* I
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
3 c2 |+ V8 T5 r: O
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]+ `( H* D9 ^8 @2 }8 \
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
# e% M! h4 Z9 o! F$ b5 k/ ]
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]! W Z! A1 }- p- I
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
+ \2 v I. u. U" J7 n6 y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# y% S, K3 E5 y
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
4 Q+ Y- f5 S. M. I# W D5 {" ~
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]9 d6 S7 q* }5 Z Z8 ?0 N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 H d: ^+ ~8 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) v! S! f4 ~) [' D7 V8 b# }' R. k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 J' K& p; I$ s9 u* ?4 e3 Q* A
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]3 F( M; O7 x/ y$ W( [. \
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 p7 h6 C2 Z2 g* r! W* w3 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 m& y) i/ B. A! X' w* O4 t+ \; b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 O2 ^; Y$ T; F, a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# O2 [: E4 Q* G& ~: j
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
5 Y) P3 n1 W( w
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
6 {" W' h, W. h) m, B
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
, v4 V; V+ J" @& ?3 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) Q% e. W( M8 `1 X U' @. k. ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( Q; N) g" @9 B6 s
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 O5 d2 ?) c- [. M2 e
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
9 ^9 F7 \, Y( \! s) ~! e
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
; J& N: J2 h0 [2 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 S0 ^$ a* M ]" |/ ~3 m; {2 `, R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 c3 b3 s4 s- ?3 i. e1 {
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& W! B6 k7 o( _. }5 Z% R1 S9 }
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
8 S; p) r+ A! j5 q$ J
==================================
9 P: S) ^ p2 }4 d2 c
文件关联0 r( `- x7 p% p9 k, G# ^- _
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
/ E' ]8 d+ _) e; R2 O
.EXE OK. ["%1" %*], k- k- v! _2 g( X, \: L
.COM OK. ["%1" %*]9 E$ [+ f" w9 ?
.PIF OK. ["%1" %*]
5 c) M! o- T. f) E. c3 l5 T2 j" b
.REG OK. [regedit.exe "%1"]
0 H `& ~, @. q6 s
.BAT OK. ["%1" %*]
6 O1 ^6 M. M/ E0 I3 u9 i
.SCR OK. ["%1" /S]* N" @. _8 ~# b5 |8 S' H
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
7 X' h2 B. w7 m4 ~
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]) ^' V% b( t- m" Q
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
9 H/ W9 u% U' P& V5 p% A$ Y9 q
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
3 m5 S2 r" S1 H& c1 N9 I0 F7 U6 Q4 T
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
% d. l. }3 v, S6 m+ u
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] n- _* | I V6 T8 ~
.LNK OK. [{00021401-0000-0000-C000-000000000046}]- a& p7 u `* e
==================================9 g1 A8 ?, I3 u
Winsock 提供者, ~1 q+ Z/ `/ H0 A8 c
N/A6 d" b5 b) Q2 @* ~& M! X# @
==================================
! j* W2 [" x8 t+ V: t4 X
Autorun.inf& |2 t. O& `( g
N/A
8 }) r, U6 F5 y
==================================6 r, s/ J z1 C8 D; j f
HOSTS 文件
1 `! k; q9 \4 o) g1 d/ x
N/A
0 S0 ~8 w! k: {- l
==================================: j9 n. Z* p$ ^( E
进程特权扫描. {+ z0 [; }9 E; N
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]% @- y X7 V; s8 `4 E8 e" Q9 _
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]9 w* V6 ]7 E- x" e \
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]: Y+ i1 V, q& j: S
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]; w; ]7 b- Q$ J4 E# G. i
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]& \0 @& _' k6 o& c
==================================, a, n y, M2 q' l# t
API HOOK8 S! S4 ^5 X8 a/ u6 p
N/A% l$ p* q7 d$ A u+ g% p2 Q* c% n1 I
==================================# C4 d: e" u9 \1 \
隐藏进程
, v J3 `/ F& i i
N/A* m6 T( N9 \6 p
==================================
( x i1 D) }$ e* q2 @* U& x
& p6 D2 s- B2 { v& C

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115