在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

- e- n2 Y6 F% G g4 i3 X. ?0 D
2008-05-22,20:37:43
% _2 s8 R2 i5 T
System Repair Engineer 2.5.16.9000 M {/ T& p8 V) X, \1 E
Smallfrogs (http://www.KZTechs.com)
/ o9 `$ U; i; x* E& c" p# }
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
0 m6 o7 l9 H6 [2 ?
以下内容被选中：# i, b( \# E' t7 A+ B
所有的启动项目（包括注册表、启动文件夹、服务等）( I+ t& r$ c; ^! B3 p# \* P( z9 m
浏览器加载项4 J5 i6 B1 C% G& K. p+ Q
正在运行的进程（包括进程模块信息）
$ S( }0 A9 {0 l6 ]7 M
文件关联0 s- ]8 ~* Y+ H$ L
Winsock 提供者
% d' v" ]/ `7 g0 n5 v( y* D0 t3 v
Autorun.inf
1 ~7 H3 I E2 a, a _* N/ E
HOSTS 文件
+ Z, U% T1 F l4 B. k6 ?( }
进程特权扫描# Q e+ h$ r# T3 T3 W
1 U7 o4 C5 Y. c9 Y+ \! I n7 |
启动项目$ y# i/ i" Y7 m2 V* {' i9 D
注册表. V: i5 b3 R/ X/ M2 D9 Z1 h
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
0 k% g1 j6 p" s/ { b& U6 @1 j; o2 w
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
) e7 P) O/ M- r, |6 Q# j
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]# Z. g' ~# I) j: ^, D8 g
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
8 H# r& ]" A5 \/ d/ w
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]' b; G- M( }% l
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
" D9 e |9 X5 F7 W* ~% q8 s
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
. W/ U3 S7 b& E3 n* `- U
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]# r( o4 F6 X3 S/ M+ u' n
<PHIME2002A><; > [N/A]
* z0 |, Q r( X3 L
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
+ C8 W7 K2 f4 S
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]% {. M s0 v7 `: W7 E0 M
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]1 w4 c0 y( O! |
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]2 J' H( \' o. z, B7 s ?3 b9 J
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
o6 a5 x4 l2 @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
7 X' v" A2 Z% B( B9 G# x
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]. m r# O* n C1 L2 J! ?, r0 L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
. V3 F$ }0 A( v8 u K
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]1 b% B3 t% ~5 Z+ e. C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]3 T$ K3 E0 I" v# e& u
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]; [1 A" j. Q2 @6 v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
" q6 w) I, L/ B
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
3 J; n3 w- x2 |" w" c5 U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]! G$ X2 u! y" g; }" o: a
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]% z* A U. y- v- w6 J! l" t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]1 U E$ l2 B: ~2 @ o( k$ s" X
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
7 _7 M% d' A6 A( h) Q: Q! s% k
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
' l; ` X: x' q# a7 p5 [1 Z0 m
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
: J$ M) I/ E& L& v1 `; W- X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]8 y1 m8 Y) [7 z& U1 M2 K$ b! e% ]/ Q# K. I
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]/ B( }# |! P) Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
* b! p" W8 P+ g! w( c- z; F, U$ m
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
, `$ E# o! }% E: d
==================================
6 ~5 m2 }0 U) y* f# C3 w4 n
启动文件夹
$ J+ ]7 P" m" [5 |, p, ]
N/A
% ?+ i+ X% y- p. H" ~- P+ j
==================================& r+ C+ i+ Z* }* _% F) y
服务
( Q! s3 Z. k& S! a+ Y
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
4 J' U, |. s }
<C:\WINDOWS\System32\3wareSrv.exe><N/A>& p; N' j9 c5 w3 d* N
[Google Updater Service / gusvc][Stopped/Manual Start] W* R5 [3 b5 [/ N
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
; H* r. k @8 D/ k F) z
[Help and Support / helpsvc][Stopped/Disabled]
- K1 A! V2 u; h% c
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
& J6 ?% v1 r4 z$ g$ X& ^# \
[Human Interface Device Access / HidServ][Stopped/Boot Start]
/ X6 S7 Y1 [3 o5 q" `% P; z. W4 a, h
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A># D2 U, d! S, P' I. z, M
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
2 h& P& \) P% o/ J/ `1 f
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>4 E+ ]2 o/ l$ P H- A- Y
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
% l& f+ T/ ?& z. A8 e9 ?9 r
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
7 Q! K( c* l! L; p. o$ H
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]0 A5 E- W1 O) [( V' R s6 y
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
' C% w; W3 K7 `4 }7 ?
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
2 e5 T/ j% y, ]6 U e
<><N/A>) _# X) m* Q$ F4 c+ D) X
[Qvod Terminal / Qvod Terminal][Running/Auto Start]0 v, ]7 h( U" q* D |
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
9 y; D* j; a# }3 }
==================================2 R" [+ j; M. f E' j
驱动程序
- X2 ?0 Z1 ]/ `2 X" K* T1 R
[22j / 22jn][Stopped/Boot Start]4 W$ z0 {3 R5 A
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>5 n# X2 o8 I0 e# y7 @ E4 Q3 K* e$ A# H
[360AntiArp / 360AntiArp][Running/System Start]- {# G! e5 Q R/ k. ~% Q
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
0 `9 p' f& @" |/ G) a* T
[43ec / 43ecu][Stopped/Boot Start]
% B. I" z3 w" `2 s, Q, J
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>1 s% l+ z; O1 ?3 N1 D" S
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start], D) _! E0 L) i8 Z( [0 k
<system32\drivers\ac97intc.sys><Intel Corporation>
; ?( E3 x! ~" V* }. L# f
[Promise driver accelerator / bb-run][Running/Boot Start]
& g; H2 z( {( i3 b! ]
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>% M# _) C! I; B6 a6 @5 c# K
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]* h7 _" d. t$ ~4 j( o( b0 O8 A
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
, q( i ?. O# O7 g; C9 s3 w
[KAVBase / KAVBase][Running/Auto Start]
# J/ @1 [; m- w0 }
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
5 m, V9 ]) {- C- U+ L( ]' {
[KAVBootC / KAVBootC][Running/Boot Start], x2 a* G4 e: o% k/ ?$ j& H/ J
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
( X0 |5 {1 I) A' P3 w
[KAVSafe / KAVSafe][Running/Auto Start]
5 o$ f- O+ g% u0 X. u8 A
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
) Y# H, t: n; j) L
[KNetWch / KNetWch][Running/System Start]+ v: @3 v/ v& i, F! ]/ B, M" v! K) ~
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>8 A7 n7 s# k* i/ }' `
[KWatch3 / KWatch3][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>. I: B; q" @6 i% o/ D# x
[ntptdb / ntptdb][Stopped/Auto Start]* M6 v, | P" B, B$ _
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>2 v5 w# x6 L) w* z0 v
[nv / nv][Running/Manual Start]6 q" _. [# {* Q, c Y0 |0 e
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>) h: u* U, L `
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
+ ^! M' l" H/ }
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>* [. q( ?7 I. t/ c; g
[DDK PACKET Protocol / Packet][Running/Manual Start]
$ `; A! x1 I0 K# }
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
9 Z" }: i; c+ y' j$ o# l% B% p8 `
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
8 X/ u& U: n2 P: G/ O0 O0 B
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>) t' k3 A# A& M2 W5 {) D
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
6 X% n1 [; L: g: d. n
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
% g$ Z/ ~( s- \9 y, y3 K" N* d2 I
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
5 Q/ V; p' y* I7 W6 C8 W
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>- J; j) Z) o. h1 Q
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]& s/ X# @/ [' h' ?2 ]$ L+ {
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
0 C3 \& Q; y: S' P ]) X6 a' f
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]# n% O- b: A+ A+ s5 `+ y" \
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>6 T/ Y, c! {2 a$ x) ~- O+ R9 e
[Secdrv / Secdrv][Stopped/Manual Start]/ W- f) r6 j( [# X4 X1 u" G
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
% w) A( @2 p% m' O7 U
[SATALink External Device Filter / SiRemFil][Running/Boot Start]9 }& }( N9 v% i7 o& P* T) y
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>/ @& S; y: ?3 m. f+ w
[System Restore Filter Driver / sr][Stopped/Disabled]7 x1 ~7 m6 S9 w7 c
<system32\DRIVERS\sr.sys><N/A>
. m0 H) k* Q4 `$ e
[TesSafe / TesSafe][Stopped/Manual Start]
( C3 f: t, O. n8 R& J/ V" t; L9 x
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>' V+ u( f8 Z; }6 [7 a- L9 b! e$ f
[System Services / unzxzsrs][Stopped/Boot Start]
( A0 i$ x& b6 N8 v
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>: Z7 y) Q* @) P# l
[ViBus / ViBus][Stopped/Boot Start]
3 `1 S; h2 S, V" S. l
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>* i0 s4 h1 \3 R! p1 i' U0 `9 V
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]2 f- D3 B" [. Q% K
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
% |4 W! T$ B: g! R1 N- c1 n
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]/ p& |: c6 u% i2 q! ]$ W1 W! _1 u: }4 {
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
9 p2 }6 ^0 _0 l$ V' X
[ATI Extend / zhibmaso][Stopped/Boot Start]. m$ B) O w! p- s
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
/ {% l2 u* j: ?
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]; h4 u' }- U0 {. M: }1 d/ T
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
7 m, |6 n, {' {2 D; Y
==================================, O/ ]' P$ e! p8 E5 ~2 @/ w
浏览器加载项+ b7 N! Z: t+ B
[Google Toolbar Helper]
0 P' [( A$ o8 l" W; ^
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 _4 r# d1 {; n& i! A) R
[Google Toolbar Notifier BHO]+ M! I @0 [' @9 L
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
# e( a$ g, b: U" m/ G
[SafeMon Class]
; ^2 D% U- _0 o R" _" I; l+ Z
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>: B+ H# x# C% f
[kingsoft browser shield]1 x/ e! ^0 L7 J: i8 M
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>7 x6 u& }9 j) h( v7 o$ P4 B
[IEBuddyExtControl Class]- P, }& V7 D9 R5 H
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
; ]) w6 m+ d+ }* @- L
[Zcom 杂志], N4 ~6 P3 `4 h5 l+ R
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>4 U- l( E. ?$ g( b) A- k
[&Google]. A, [3 J" [9 N X: p% Z* U' g/ V: i t
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>" N* ~/ R8 r# e% E+ R+ V
[KooPlayer Control]) Y! n% y7 E& G* s# B8 K
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>* C; {# ?3 A, x3 Q/ h1 I: Q7 }
[Shockwave Flash Object]
# V: m" j8 o, n7 V) |
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
8 O4 N5 R, \' G$ s) H
[KUpdateObj2 Class]
" p! B" S1 B/ O) s" a4 w+ P
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>7 h) M, \8 e% g5 a3 I
[Google Script Object]
" W. j7 e% a$ R7 T e
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
$ M6 D! j% u1 z- I6 [ j7 R
[EWA Control]
& Q" }' p) w! Z0 E
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
" V0 f& b) ? \' Y
[Windows Media Player]
6 v& @( ]- q W3 y+ U! {
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>1 k" V$ D# |; Y4 D4 _% q
[&Google]% T% j; [, [& b9 I
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; m9 T+ s2 W5 m7 k! v7 R
[HTML Document]
4 b3 u, Z( f' A0 x. {0 h3 |
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
2 ]# a' c7 a! ~+ X" t% v
[DHTML Edit Control Safe for Scripting for IE5] O8 y$ e7 O8 c$ N2 u$ v
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
3 J. E- l4 O. B6 k3 h4 m
[RealPlayer RAM Download Handler]2 R+ n$ O" o4 ~7 X; a& o9 s
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>0 C/ K+ h, C6 _7 R4 b
[IEBuddyExtControl Class]# L7 s1 R4 ]5 z
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>- p7 |# m- A6 V! G
[XML Document]
- G( s( ^$ f! N/ j
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>* S* i* |! T6 T* U2 \! b
[HHCtrl Object] C5 M0 L: c/ _) Q5 _$ h
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>7 b! R$ Q6 U" x; l/ b# \0 g2 G
[Windows Media Player]
9 e0 M+ u' x& e* }
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
% J" E# ^+ e7 v& `
[Active Desktop Mover]) E# D0 R2 A7 k8 z' o! z/ U
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
7 F8 a2 x& m- _' o& w
[360SafeLive]$ G" ~6 {$ p. ~- l- E
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>+ v/ Q% @, ^( Q
[Microsoft Web 浏览器]
! O$ V7 ]: f' q7 b9 ~
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>' M; V' G0 i' D6 K( w U/ A2 x8 r$ F
[Browser Enhanced Objects]! ^) ]5 c$ Z" I3 M. S5 H
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
R! O2 s3 e% g N6 {
[Google Toolbar Helper]; D% U @/ T/ k( v; ]6 I+ _
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>/ I9 M2 F, W, Q9 J0 ~
[Microsoft Scriptlet Component]" m3 v; H& ^% ~, H& j' ^
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>6 j. J! Y( P0 y3 H$ t& I
[Google Toolbar Notifier BHO]
/ N6 e6 N7 j" N) U Y! X8 d
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>8 b7 z! h, r/ x! _
[SearchAssistantOC]0 g# B1 V. w# u( l1 a+ p8 |
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> {* I3 Y R, R" h
[SafeMon Class]
6 g* I @$ I/ b! u# O$ i* a u
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>/ i! m$ J, ^4 v9 v `" I
[RDS.DataSpace]
8 b0 e! j9 u4 B( s& P3 V* ~
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>4 h8 I9 f' N0 Z8 P% E
[KooPlayer Control]
( F$ N/ \+ V, A; Y% s( \! J
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
1 E6 B* w' ?" B4 O% B3 {
[AUDIO__MID Moniker Class]5 g: C u9 j& r; q+ i( v; J( I
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>$ S6 P5 f' [( {8 E1 N
[AUDIO__MP3 Moniker Class]) q; i" y9 Q; O& j3 U; o4 n
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" Q7 v1 }$ K; H. i# |) |" Y
[AUDIO__X_MS_WMA Moniker Class]( a5 B6 N- l- L) e
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. d7 p* q% M- E' i
[VIDEO__X_MS_WMV Moniker Class]0 g# |7 D& W6 X
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 F4 D% Z( ?# O4 n' P/ M
[RealPlayer G2 Control]
0 v+ `$ S1 D6 s( d0 n6 K4 N" x
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
C3 N+ K+ F8 A; c
[Shockwave Flash Object]/ v0 l' u3 p. d, I4 M
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
- l, U( h5 j q7 C
[KUpdateObj2 Class]/ L7 S: y1 e6 ~' J. M$ ~8 U* g
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
. T- P* e, \6 [6 j8 T' z8 ^6 \! |
[kingsoft browser shield]+ j' v! e2 y1 @' [2 a O, C/ C
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
* |+ d+ ]0 J: {) {- I! t: }
[PasswordEditCtrl Class]
, m. k8 k6 D) V! [4 f
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
* N) k; C2 n+ ~# V2 [
[QvodCtrl Class]; ?3 a k! u' ?8 @$ t
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>5 a, j# F# t3 ~: c# C* e
[&使用超级旋风下载]
# ]7 z* M( s+ Z1 B
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
( L3 `. L6 \% `( K) d- k
[&使用超级旋风下载全部链接]' d y% j0 }+ @+ `. `" |; s
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
+ H/ l$ h# c) D3 F3 X/ A
[使用迅雷下载]
( p+ L+ O* }4 \# I/ I/ [' R
<, N/A>9 [5 W8 |% ?% F
[使用迅雷下载全部链接]
9 [/ x) N8 d" Y' t- O
<, N/A>
$ J0 p4 E. x, B
[导出到 Microsoft Office Excel(&X)] e! R: N6 u" j5 j2 m& ]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
5 u/ A$ d2 I n2 `( m
[添加到QQ表情]
7 ~ M0 s- [6 k# w. _
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>9 \. y. z( I" M: e. ^1 \
==================================5 L l l. z; d( U" B! X Z) u) e2 h
正在运行的进程( w4 H. a4 i& z
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( H- T1 a4 [1 |! o# b
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 c8 N+ H' w K4 J3 ?- N3 l
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. Z' g7 [- R; c8 J
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]/ h P6 L; m/ ~1 b7 n/ a
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], A& Z8 U5 |1 g4 D
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 F: ]: A- i3 Y) X& j; q
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; O& O' ?5 t1 i# P( t' W; J
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! ?6 E" _4 v* p' k Y; z! a
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ i2 |+ U0 `- k& {* L0 ?; q
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ J" G: o- T; {: Y }
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 z! u3 {, s2 L8 k
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]1 ?& r& l7 ^5 e" H D- Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
- v* v' D5 `. Y O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# G1 S2 y' `1 l0 T6 Q% `: [
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]7 w0 i) E9 B K/ _* z$ @
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]- c0 O6 s/ Y: S" R2 w6 Y+ z; H0 a7 s: U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]4 c4 q) M! P. d# v3 h4 W
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]( _# o- N, `. ?% `
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]+ {% G* F' q' W+ B
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]# m: e# U5 @0 S J; j* X# B
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]/ K* w0 x7 G8 ^0 D" Y6 H
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 }" i C) H! v, L, j0 N( `4 W
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
1 h) S) A( H( g$ F- K) T, }
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
# Y& ~ k, B. X& M0 M( ?& l
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
6 e1 D0 f0 `! _: a
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
9 w7 d$ ^$ {5 E1 A4 s, q2 T
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
7 y9 Q6 U. [8 H' C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 @, b. B5 [8 ^: P) L7 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% B# t$ g; ?# u9 ? K2 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
& j3 |4 u1 S: a' |
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 Y: t$ b0 i- y0 s# g
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 m, W! ^8 E& {3 E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) i$ h' T! l: s/ B0 ]1 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 B5 x8 L+ X. u' E3 x" I- q: L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
; C, T) ]+ j5 D
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]9 J' K+ d% U' ?' ^6 i, M$ X4 N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
9 }7 M! O. l+ Y# @/ {! H; |* Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]+ o6 `) ^4 c* r2 w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 i$ N/ {% d4 N7 b3 K
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]! {# M! {+ i! Y7 u/ e, l0 c8 P6 Z6 p6 T
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]$ y( j; x. `1 [' I$ ?2 G) B$ L- O
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
3 D+ R) v& ~2 s4 H
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 d2 l+ d2 _) W) ^
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 O2 P& e8 t- k4 z* [& g
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
$ ]( m2 g9 N* T( Y9 F
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ S2 }- J) n+ z# T* X" Q
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; p7 f& \ T1 f) B) ^
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
# o1 M6 G r7 J' T3 R2 N% b s0 [
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]1 h. E# L/ P! c$ t4 m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]8 ~( ^; ]9 U6 e0 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# _ k* q+ o; l& M5 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& _3 |. E4 ]4 v) e. ^( k7 Q
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]+ |2 ?7 z, s' s/ }0 M. {
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
3 d, p, ~8 p) ]" }& ?7 i8 A+ M/ [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
( M9 l5 m# y, _ O X6 k1 y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
( i& P8 p: o9 w" V) n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
4 M( g0 l, U. w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]6 I5 ~) c+ _8 e E Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]! T/ p& k0 g% b
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]& F$ x: Y0 T8 E, O2 q
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]1 H; [0 }4 W& G+ M; G, |
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
5 l) I- a9 C, X* t+ X. Y2 |. O* O
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! p" _. D1 h5 ^- _3 Z
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]. K* @' k! n8 d3 m5 e
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] G* q* a, y- k3 d8 A) G
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
3 z2 l! Z: X. k' M
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]- \8 n% G) r# R5 h" |+ {5 [
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
: e$ m* J" a. N& m8 @, N
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
1 N( q3 N% M9 R& c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 a9 g P- C# Y3 l% N
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
1 j: j* A) @8 T
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]9 ~- q1 @) F1 r( L9 L9 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: L* Y, K0 f( J; |2 Z# a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 D/ C, U5 i _$ u: X5 f2 x
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" ?" [9 a( Z% J6 n" O' K+ ~, c
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
/ x$ |5 w: j8 q4 P+ j! e4 u9 G0 C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], ?5 D# N4 J! ]% k5 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
5 L$ x. Y' V. _& Z2 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]3 P$ ?% n* a v+ S# l( n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, J, G) Y: q( b" d0 p) e4 N
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
1 m7 c) Q# o! d
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]3 \* I7 T2 C5 b8 ~& n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ }& d6 Y% c" M3 Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 t0 O5 ^1 E" p7 R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* W* Z9 J; t1 Y5 U
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 p/ i. X9 i( T; J
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]% h4 L1 Z" K n3 w$ e1 v8 y
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
) C* h+ ]3 C- ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 H3 l& X( B5 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 T1 A$ |% q, K& u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ O* m+ G0 O+ C& A: G
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]- e3 n4 n: x$ u2 a- ?
==================================' F2 H. @3 ^6 N' k1 r
文件关联+ Q6 d8 N0 U* q: z/ \0 I# w
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]% S O! I4 A; D& Z5 \, D
.EXE OK. ["%1" %*] S3 `4 P+ I9 L% E. c4 w4 ?
.COM OK. ["%1" %*] K2 H( f" [% x- E) J+ A
.PIF OK. ["%1" %*]/ l! Z$ _7 l0 S
.REG OK. [regedit.exe "%1"]
% [8 y5 b- D# X# o: i2 r+ |6 V2 S
.BAT OK. ["%1" %*]8 k6 f& o# @6 ~0 ^' m6 z9 i
.SCR OK. ["%1" /S]2 w4 e. z7 _7 M+ {" c: }$ v
.CHM OK. ["C:\WINDOWS\hh.exe" %1]2 l b8 j. i& P5 [2 M- n
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]* ^3 O) V) V% W) b, [$ y: \
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
5 u& p$ L4 F. m$ O
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- }" y, ]0 v* G) b, a
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]8 U! M& N' n* S4 R
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
% \8 a/ ^" K# X; U
.LNK OK. [{00021401-0000-0000-C000-000000000046}]" _ W& E" ^ @( ]7 l% K/ n
==================================, i- D/ g) }4 G3 |+ v- P4 X
Winsock 提供者5 U8 b4 {8 ~* ~; e# V+ ?
N/A
% d* j$ w0 i6 W
==================================2 Q- o( {# K$ P
Autorun.inf& `6 w1 g$ q, q- J3 j+ P
N/A0 J! a: U/ ~! W9 x" n0 l1 c
==================================
4 q/ ?+ j6 u, K6 V- C
HOSTS 文件
% z. _1 x* a' s! J! D
N/A2 W+ u( W2 A& G
==================================
1 H: s' g! k* \/ l6 A( _
进程特权扫描
" i8 L. B1 b' R; ?+ ?
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]' L& s& \ Z: S* l! F& ^
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]3 ~5 r: A. b" t1 Q
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]; V$ z G" D+ U% a" W* }$ G( N% w
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
- [1 h- ]* a R5 v3 t- L5 I
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]# Y9 i8 e% }6 P
==================================* ^1 T1 N+ \2 h8 R+ U
API HOOK, m# d9 }, J6 H
N/A
* u* O: O5 F) I2 h1 y/ P
==================================' H3 i' @# l, E, D) w# l5 r
隐藏进程
5 q: k2 ]( e' Q; V( q: C
N/A2 n( S# `+ Y. O& z
================================== H3 F4 w3 P2 V/ t
/ S+ v3 w2 _5 ~- Q9 {' C3 a9 f9 M

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115