在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

& s& h- W$ i1 o
2008-05-22,20:37:43
( n2 _; |! U' h" T/ X
System Repair Engineer 2.5.16.900
. {8 ]2 P9 C a
Smallfrogs (http://www.KZTechs.com)3 e* h- @/ E, m
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能% a7 v# N( t4 ?0 g( t
以下内容被选中：# b" w4 a4 j0 l' l2 H0 r D
所有的启动项目（包括注册表、启动文件夹、服务等）
1 T/ c) c! ]$ g; P! V/ f Q# w
浏览器加载项
) G# g: v, T/ l
正在运行的进程（包括进程模块信息）, f+ A/ t7 S4 J/ {* i
文件关联
* b5 v7 Q4 T% g! B1 Y8 N( i9 Y
Winsock 提供者5 K3 M2 P( ]. ]$ Z5 A+ L
Autorun.inf
J8 h( q; V4 B
HOSTS 文件5 [/ h9 | A& d! x3 M' \+ Z
进程特权扫描
6 F' T/ G; }, O" c
4 z& a8 r$ l" a) c3 C
启动项目
2 W# k3 i+ L: ^5 X' ?
注册表( h( H( y2 l6 I7 O: ^
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
9 M7 ^. ] i" Z6 q' ?" c
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
3 T i. x2 v' U* h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]* G8 o( G) a" T$ F
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
* L; t0 u6 i `. Q
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]2 N! V0 |# @# G3 @" @
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
/ l0 ?/ b! O) W' m/ G+ l
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
# `/ `- d$ E/ o, L q8 I s
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]1 U1 x5 e6 z6 m, [' Y) N
<PHIME2002A><; > [N/A]. _- V. ?+ y! ]' `) @# w3 {% y& q
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
5 I2 n) u( ?( \1 Z3 Y
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
y6 ^) S& C" `3 c
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
M2 j F; T; @# L0 ~: w8 f8 U
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
; ~- @7 N7 I. d
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]( `. ?+ P0 d. Q/ n0 c0 d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]) V4 O& R+ b6 e' D: P% `
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
' h5 P' V. i" K# L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
( R0 ^7 _* k$ ~7 `
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]; U8 C4 s8 ?8 T$ p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
7 C3 x% ]( K6 ~( S N. ^$ D! q
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
& T% H3 l+ U2 X( F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
5 ]' @, K" S" Z' _1 E2 b' Q6 d
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]0 N. O# S2 S/ H% q" f- |! Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- l1 j7 K8 t! s5 H2 b
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
% k" p+ C3 L. `6 O& _5 ~1 o0 R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]% R, \! |8 L9 m$ C" p
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
+ t$ W1 }& G3 b( N: L( Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
! G$ N8 W2 j, C H; G
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]5 S6 e% H" I6 E+ N* Z8 G$ t9 `7 e9 Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]" n: r5 M1 n( q) T0 _, M7 E
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
: L; \2 T/ E' V+ j
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
3 M3 h6 d5 a$ E6 F* F
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
0 S* Y8 x! u; [+ y: ^( u6 f3 y$ H
==================================
9 l. g$ ~2 d8 U4 O3 m
启动文件夹4 b9 E1 m; y# c" {
N/A A% D" |) s7 _
==================================) N3 w4 S$ S' o9 u+ H1 {) x: w
服务
, L @! t: o0 P8 C: G
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
& s" ~; z# W! g7 v
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
( f2 t5 N/ c( A2 X+ ]" J
[Google Updater Service / gusvc][Stopped/Manual Start]* v/ \: m8 u/ B* `
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
! Z4 ]! u B3 I# u+ d6 _4 m
[Help and Support / helpsvc][Stopped/Disabled]
" ?9 ?" M! o; a z; z* Z
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
* y0 S+ U7 v' F, |) l, t# B) C- J
[Human Interface Device Access / HidServ][Stopped/Boot Start]0 C9 h3 k" s' l6 D
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
$ A5 ]" \* Y% M. M
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
3 e; t6 v" g; }+ I" S
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>( q& t- E4 O! n4 [, P7 x2 O
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]5 t) S- y: M+ E& y/ R& P7 q
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>& N4 S2 m' ^0 J4 ~/ H" f; j0 o
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
5 k1 g8 R9 {( v( h. w% V
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>' |4 V) h2 h1 g3 W% W6 x
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]: B/ E2 \. a C' v8 s
<><N/A>
, x3 _2 H7 o+ V, e) @9 w$ E
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
F) D9 Q( J. {" l" j* h
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
3 D" p- \( Z6 _4 {6 o6 F5 S
==================================
' U; v8 E: N; S! D6 T; @
驱动程序
& n, b( k0 |9 i+ N
[22j / 22jn][Stopped/Boot Start]; w, B j6 C2 O- n: |. y5 u7 L% Q; z
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A># I; G! O" x7 x |0 m+ w
[360AntiArp / 360AntiArp][Running/System Start]: z: R6 y3 x9 x9 f& u" A
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>4 M' ^! [, k0 D" I a( m' ^% w
[43ec / 43ecu][Stopped/Boot Start]
0 I! Z3 `3 ^$ n' I# ^& I
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>7 g5 n3 p: j8 c' h# _3 x% j
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
5 v ?) f, B7 I1 x* D
<system32\drivers\ac97intc.sys><Intel Corporation>) u) }+ ?6 G0 ?* K
[Promise driver accelerator / bb-run][Running/Boot Start]
: n* ?" T7 Y1 P$ p
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
+ C) Y* c- Y* ~) k2 [( u0 B8 t
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]+ f Z1 \) ~- L e/ i& H: n' _
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>0 @' q+ I0 V5 _; S0 I
[KAVBase / KAVBase][Running/Auto Start], l# r( z% ? }6 y/ E2 B. ~, _
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>0 E; I4 z+ a/ B( A, Q% L# e, e
[KAVBootC / KAVBootC][Running/Boot Start]) d% p, O- c2 F( z5 r/ N% M& H
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>& M" w1 M7 _$ f4 q4 l1 m5 t1 y
[KAVSafe / KAVSafe][Running/Auto Start]: f M9 y1 c) [ I
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>+ l8 g2 R$ W y# y# g! f3 s- j* s
[KNetWch / KNetWch][Running/System Start]( v% R! G% Z: r% k( v6 k; X+ z
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
) c- o% n* d9 |: I- o x. ^
[KWatch3 / KWatch3][Running/Auto Start]
6 f3 r9 M8 f! a' W
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>; p9 `! T. j3 a, y4 R* @
[ntptdb / ntptdb][Stopped/Auto Start]& O. F [$ V. ]0 [& r1 v% u
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
; u9 Y# k$ t* F9 N6 r8 H' Y
[nv / nv][Running/Manual Start]
" q E# O7 W0 X& f9 ^2 r! n
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
3 c6 z* y% t$ M- [7 r2 Z
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
1 g) p" [9 ~7 E& u2 q& Q8 N6 e8 M. X' d
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>' O9 u$ f1 F8 E; n( J+ }. O
[DDK PACKET Protocol / Packet][Running/Manual Start]
; Z7 N J2 ^! L( R3 c8 o
<system32\DRIVERS\ProtoDrv.sys><360安全中心>' {7 g: Z2 E8 n+ x k; H
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]: J* b, N( \* j& }
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>5 z" J7 A( |& @( a, [
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]2 C3 D' s( |( A
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>+ V% K) D- L/ @" N0 a/ p: V* n. ~
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
4 z0 O5 i j8 J. j, ~* L; L
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>$ _ P, l6 W" y1 a. Z) T, O
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
; d; G' e+ v4 j% L* E0 M# _
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>! j0 C5 ?$ C" r1 @$ O
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]& K D8 H, v1 F/ t
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>( j" l% r) Q4 R9 F9 _! K* m
[Secdrv / Secdrv][Stopped/Manual Start]. C' j* K+ R C. S# x
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>2 T r- y- K& p* b6 ~6 E
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
/ S; r+ m9 r D/ z) f6 ~; B2 w
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
9 \- n2 H O# ~! r
[System Restore Filter Driver / sr][Stopped/Disabled]1 y0 [5 o) K- M9 C' \
<system32\DRIVERS\sr.sys><N/A>
/ l. R0 R9 H, @ T6 O
[TesSafe / TesSafe][Stopped/Manual Start]
$ {& {+ }: @* x) T6 H" L( B
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
6 y" i2 V6 }. d+ {: T
[System Services / unzxzsrs][Stopped/Boot Start]8 E5 }% d x; i1 n- B! H, @/ x: p
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>3 n, e/ _: s6 L9 Z; c- Y
[ViBus / ViBus][Stopped/Boot Start]
5 c4 E. V$ [% [: N' T1 S/ O( o" R9 d
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
# O- @) f( u% \
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]; r* g+ ]# z# V& E
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
) A( ?7 y, a [
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
+ k. d: R/ D' i' l) b! s
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>+ P/ D" Y: x- |
[ATI Extend / zhibmaso][Stopped/Boot Start]
0 Q: z1 Z) g( N( `( V2 c; l9 o
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>: S" i9 O! F' E, f( ~$ e; {
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
6 x$ A% ^3 ^: ]
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
3 r9 R% \; [$ y) p$ y8 k
==================================7 c; \7 x( S7 o8 j3 h: y8 ?
浏览器加载项 D* ^& o6 F6 `/ {* C" V
[Google Toolbar Helper]
! E# t8 V2 ? N# B; O/ `% e, V
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>! M+ r. U% E. V: {# w3 s
[Google Toolbar Notifier BHO]
: u( ?, _8 H: ]7 a% d2 _7 U! c
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>* T+ C, ]/ \) P; j0 I
[SafeMon Class]9 d; ~5 I3 F8 v6 U* ]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>5 F3 j8 ~* t5 T7 Y! r/ T# K+ v/ b
[kingsoft browser shield]5 {. }: p5 ~, u" r! W
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>0 i9 z/ Q4 D7 |8 L
[IEBuddyExtControl Class]' s7 P9 |- C+ T8 W$ K1 h
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
* p! z8 Q: r+ c3 @
[Zcom 杂志]+ M* g# u/ n5 ^! i( T3 w+ @. P, ]
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
u6 ~& z; B7 P* g! A3 q
[&Google]
, U, u3 U, R1 p! k y
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
) ?% E) |" B4 |
[KooPlayer Control]
, }/ p9 c7 l9 S
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>( M1 m5 }: y- u
[Shockwave Flash Object]6 A2 v4 o; ?, v4 l( I2 e2 |/ z
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
1 c/ A$ W% V t4 u5 ?( B4 d
[KUpdateObj2 Class]
, D$ r A* N* d
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
* q, h% A! D7 P/ N b
[Google Script Object]- {. l/ m2 s3 @- C
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
6 S p0 w4 ^# _$ s
[EWA Control]
$ s+ ]. O+ B" G% ?# a2 |9 t0 k6 \
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
% T- S4 U% C. k
[Windows Media Player]
4 j$ M1 u! E$ {7 C4 B& ^
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>0 V6 [8 f- N9 \
[&Google]( z& g% c' M6 {; T( z1 j
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
- Y2 v* P$ S! f) F! l8 e
[HTML Document]
, I0 E- q- m9 O6 K
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>+ S; g5 x% x9 D
[DHTML Edit Control Safe for Scripting for IE5]
* L2 J8 ^* c6 j0 I, R
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>3 a/ n& k& e& v0 C8 J( T& R
[RealPlayer RAM Download Handler]
, x& c* L/ _6 P4 g+ [4 r8 z9 I6 d
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
3 e8 a( x- Y- }
[IEBuddyExtControl Class]5 }6 M7 G- d) }. d: f, l+ ]( q: u8 r
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>0 n! s8 f9 F( K8 J& I1 \! s3 l
[XML Document]! k0 V! J$ T: l' c. f2 T
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
1 k* g. x1 ^8 k6 f4 G8 ], y6 @
[HHCtrl Object]
1 Z& M% f% V, u
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>( g$ m }5 D3 R/ U" ?
[Windows Media Player]
; T, @$ O, J* _
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 g6 `% q% s! d/ F
[Active Desktop Mover]" I' B4 Q, Z+ e* j! { ^
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>$ r1 C0 d' e7 _/ w5 ?# o
[360SafeLive]: i; W; O- }' J$ @( \" f! ^% M
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>( R* _! w& T" V* Y# N& I* o
[Microsoft Web 浏览器]3 U7 u7 |8 o% j" @8 e$ ^
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
$ Z8 Y+ F; L2 G' ?" F/ r
[Browser Enhanced Objects]
) U7 B# u+ B4 M+ q
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>7 Y" i7 S# M H' }9 I
[Google Toolbar Helper]
& E' e1 E: R3 n- ?% D! s( L7 @
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>; [; Y7 m4 ^* s% A. S7 p
[Microsoft Scriptlet Component]
! Y5 ^' M& o1 g" j- W$ J: w, N
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
, A n9 V4 H1 U- ^; z
[Google Toolbar Notifier BHO]. I; n1 o! i2 {; L% W3 y
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
/ E; R' Z0 q( e1 S& E$ C- s" `- W! k
[SearchAssistantOC]
; j3 j0 @* d/ j6 _, R4 Z5 ~- ^! ^
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>; G5 ]: V) F; }1 e1 V
[SafeMon Class]
! `9 C* s/ H9 _2 u: x
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN> \- I! z+ P8 d
[RDS.DataSpace]+ j! o6 V6 c& f. i# g0 p
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
( P9 C2 ]- L( Q l. @
[KooPlayer Control]
& V. t i3 j$ S# u' Y
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
0 M3 o" T' h/ {4 b/ b, c( o
[AUDIO__MID Moniker Class]7 G+ j* u, @& h# Q! t& f
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>. G: ]( E! p7 x
[AUDIO__MP3 Moniker Class]1 k4 s/ D/ Z, m8 y
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
+ d( Q. h# e; m/ k7 M
[AUDIO__X_MS_WMA Moniker Class]
7 |9 |8 J7 ^( z0 X1 W3 }
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: ~, O: A& r) k) u- U: x
[VIDEO__X_MS_WMV Moniker Class]
, L# y; f0 i- D8 ^
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> w/ S6 Q' w( w8 d3 d2 O
[RealPlayer G2 Control]
9 Y9 c& p/ [0 ]- D, |
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> q& k! S1 J% N( \$ Q: N" o- H
[Shockwave Flash Object]
1 I2 F9 d( z& ]" ?' c
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>/ D/ g# Q4 k2 D
[KUpdateObj2 Class]1 T1 _9 G# U! [* A6 F/ B" \
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>- m. K8 |8 u% D4 R
[kingsoft browser shield]
G# u, i! \- f) W, O5 q( U+ e
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
$ |) ]1 d! |! g1 x) x8 K3 ~7 I( |0 ~8 r
[PasswordEditCtrl Class]1 d6 U. U; w T! w% a( z* ]/ ^- ~
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>- {! J. S# a% h9 R& a7 I6 C
[QvodCtrl Class]- _) j( Z4 J; w8 V! k2 C O2 X( T
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd># m" v- y. x& _9 h' W
[&使用超级旋风下载]
( @2 b: b% z4 `0 f3 P' T0 p8 O
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>) M+ D9 a( [ r: C0 h
[&使用超级旋风下载全部链接]0 k% B/ W/ a! X9 p
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>9 e+ J% U" N, ^
[使用迅雷下载]
/ e) b$ W4 R* I4 A( k1 _6 H
<, N/A>
0 o0 K' H' K; ?
[使用迅雷下载全部链接]$ {" G1 H1 f& p
<, N/A> E# j4 D/ G1 o/ Z" Y
[导出到 Microsoft Office Excel(&X)]' o9 s4 z/ w5 L/ l5 K- e( M
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
$ {1 I5 u K4 w$ R3 ]3 {
[添加到QQ表情]# s* N2 l8 ?# f& C; d u
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>, Y x h6 Y3 [9 D4 c, i( c" z: r6 h
==================================
3 t0 b% i2 p9 w. l
正在运行的进程7 ]* N) m) X* w4 W; P- X) E# @1 v7 m
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
M/ l7 P) E; B$ W
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* F( C' ?+ o- b. Z1 ]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 l: T5 e. W! ]# S1 r# R5 B
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
; i9 I* b. Z# E% [5 u" N8 ~
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" j2 @4 d0 d4 O# m0 S1 o/ l
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" F# ~! F, t' v- P- F' X
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: E9 R0 b7 u A" f1 y
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 [+ x% v N# b7 G
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& U0 A. _ z7 X1 ^! Z! e8 ^
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 s5 X6 E7 H$ s4 {6 Z3 E: O5 `
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ ~0 K* p9 b: F6 _6 P! q2 }
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
' J. J8 a* ]1 u3 N6 |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( [3 S! u! Z% v+ D# w1 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- q) b1 W1 ~& T$ W5 e, i
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
/ z/ N4 z" Z ?" o8 F: [/ P" o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]( \7 }% ]) _# [/ j' g4 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
1 `: u: h( J. {6 J0 w# i
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
* i4 S2 Q u# Q/ O7 D
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
) Y% a% p" w1 E1 i, X: l6 s
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
5 Z% g' y2 h$ r( e8 w
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
/ a, F. a9 M1 M8 [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
; B0 p6 G. ?+ M, P8 v5 p4 [
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]" a* T [, W* E' N" U3 Z
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
* l0 v! ^( a8 e8 g* _+ d4 c( J* A
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]0 c4 b& q! B- D$ w5 w. p) t
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]8 Y4 X3 r9 J w1 l
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]& k9 l5 a- A: K, w7 ^8 y
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
, J# L4 j6 D( M' H, S0 S, V$ K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
- e% x: c& c ?) Q# z, K+ V7 @! r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( D/ V: k# t) d' Q4 V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]) w8 F0 N6 }/ y+ s0 S' W+ B
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ e' b, k2 ` c7 B) p8 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 v; n: v* N2 [1 P/ N+ e w" R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]3 y4 c4 a/ H* |/ I. T) s
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
: E, ~0 q% ~6 z9 ` i# [& x
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]* g, d+ Q, s/ C% r% H
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
. z3 r7 {5 y! Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 o- l/ _" d+ m2 k* R. }) @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
W$ v7 {# ]( s# O G3 V) k: k9 f
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
( U* V+ ^0 z( K
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]1 o5 a# h% y; Z3 K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% i+ v; |, v2 J" ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" w7 q0 ~9 E9 Z% d9 D1 u, v
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 Y- Y9 M: ~0 h8 s
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
, ^0 U% d' l |3 Q! h9 V
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 R. U, }+ o+ W9 g m& z
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 c% u" N- @. {
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
- Z$ R! G0 L9 F, W( ~
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
/ `; D/ S( U. i
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 m" T4 p5 G0 t& [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# R3 W; M7 W+ f9 a. o3 Z% v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
# e$ [5 q* R2 J w4 r+ d
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
$ Z3 I# [ o m) K1 a$ ?7 G
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]% o- y! x* e2 U9 {7 M+ n6 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]# P1 k1 S% Z& q5 x' D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]. ]' I* `6 u2 F4 O# t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
9 R2 @( `: o, D) ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
3 }: @! s8 m3 Z+ {- }' n( s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
5 E8 G4 |# T* A Z* b. d+ Y+ B
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
5 B) a6 w6 {2 |/ P$ u: h
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]5 E" d7 O, a. x1 E0 V
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]* i1 c# Y) x$ Y1 L- o" v- b
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
9 k: R8 R$ [$ w) C+ @; P) d+ u
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
2 x) y3 t* ^' B; m( U" c6 G
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
6 `" {4 j0 f8 R, X6 Z8 ?
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]9 l5 B/ L: z, ^3 G
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
+ ^6 X* E+ E& i$ ^: Y: a, E' U
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]+ ~0 v" h% [ c9 _
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]8 w5 i! u6 k( J" Q- F6 t
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% |1 v i. V: y7 x8 x7 N' }
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]$ j1 W( E+ R! ` L
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' P7 _ ]/ J( e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]* ]; ?0 I8 e. E0 n- B6 J' X. n B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
n. _% L) z7 K- U g4 z# f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 [; P+ S2 \2 `1 {9 a' k9 i; l n
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) [7 ?, Q, o- y# b- ~: E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, t, N# w A3 h$ v/ B0 C3 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
_3 K: ? |8 Z# k( J( i
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 L: s% K {6 Z0 ` w
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
/ W( J) S/ v/ V p, P4 z
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]( u% S5 |3 s+ z5 y7 X4 k
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- K r4 Z8 c( A4 B- h/ P% O+ d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
: o a5 B5 d, k4 x5 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
% l" \) i) R# Z6 J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& I6 M; w+ |3 ?0 S
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
' X, l& E8 g5 W9 j$ ]; @) E. H6 ^. q# h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# m! V2 n% l6 e4 X0 W" l; {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
3 m! b. ]# J! p9 g" z$ q; A1 `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
$ V7 v$ N- ]- ~# }& o( |9 O) L4 I
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 }" L2 m3 q3 ?
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15], |; P# {9 L7 \
==================================! a* A7 E7 t, D% X9 ~
文件关联9 e+ ?" _2 Z9 X& {
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]4 }: D! Z9 {' k5 i
.EXE OK. ["%1" %*]
& ]* l& ~2 O$ F# b
.COM OK. ["%1" %*]# o5 ^9 E+ e$ O# w3 w/ y/ N( t: j+ c
.PIF OK. ["%1" %*]; |1 C6 @( b; j4 Y' W2 z# n. r
.REG OK. [regedit.exe "%1"]
1 j' ~) ]9 a$ b
.BAT OK. ["%1" %*]8 E! \9 O; p! r+ Z
.SCR OK. ["%1" /S]# I. M/ o/ ]' N: X! Q( C+ a: |
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
. A7 a- A3 D1 t1 w
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
3 @1 X, m4 z% }. l' M, T: n
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]6 Z: \' l6 q5 r& V8 I
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
( S: M, D @* d8 `+ {$ j! E
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
. ]1 e% |2 w2 ?7 N4 ]' d0 Y4 w( D
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]0 K6 w& |4 @' ?
.LNK OK. [{00021401-0000-0000-C000-000000000046}]) h W8 r8 ?( S3 U6 n
==================================
3 d8 _/ e$ A2 x9 ?5 X
Winsock 提供者
9 g% X7 ~: ^. g5 v; L% a/ t
N/A
) Z* O' X; e) z
==================================
2 u9 j* }+ O" i# u
Autorun.inf4 U/ w& }/ e( L2 {5 ~, T
N/A% R3 u" l! {+ W0 Z4 e* r
==================================
! ~7 q0 P G. J6 y+ S
HOSTS 文件$ w1 a; L% x9 G
N/A6 k. X( ?" F7 l$ F8 Z
==================================0 g0 c' n: E$ p- U4 U: b
进程特权扫描
9 W. X( ~# r5 k! |& t6 L1 x k
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
P8 q( y8 \+ T4 L
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
7 j- ?$ o& |0 B x
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]8 [% [: Z0 a5 N/ N5 P( E7 v
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
& @" G# ]# d6 Z( C, j
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]0 O$ W& Y3 U* x: \& U
==================================
& _" _* o, A0 g6 y
API HOOK
# F8 l: g: Y- k" t# t
N/A/ K7 R. c8 i/ v* S m* ^9 c6 b
==================================
4 y9 ^4 J0 d% @, [/ Y2 Z/ \
隐藏进程/ F: o/ Y- B8 F/ r( @+ @% q
N/A5 ^0 B6 v* `% }
==================================
$ D7 B. \+ `1 W/ F
* h3 h, Q6 B1 D. i o4 c. ?/ `

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115