在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

; ~: S |/ B' f# Y
2008-05-22,20:37:43
% M& K8 O9 b9 M9 b& I# U
System Repair Engineer 2.5.16.900' N5 s9 ^- f/ z
Smallfrogs (http://www.KZTechs.com)4 o" t0 l& X! G3 w
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能- i, Z, m2 u9 r% F/ Y( _
以下内容被选中：# a- q& {$ G: V2 C7 X4 b, k; A$ A
所有的启动项目（包括注册表、启动文件夹、服务等）
; M+ ^: Q1 b) ?% J" }
浏览器加载项% u# A- R/ ^6 a! u) z
正在运行的进程（包括进程模块信息）, B" ?0 S" D( `! F. {2 e; y
文件关联
$ q2 {! x5 ?! Y( @; v }
Winsock 提供者
. R& t" d. O% [" V% S
Autorun.inf; A' \$ Y- m2 r
HOSTS 文件
. i3 d% T; n! O9 r1 U9 ~/ d
进程特权扫描/ c/ b4 j7 I h
' x: J- S+ a+ r4 r# b( |
启动项目
! E8 J% e6 ~7 F8 L. i1 D6 K
注册表
$ O$ ]. q w& D7 v
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]% b3 z* r+ i+ Z5 l Y/ Y" N
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
7 w$ d0 b" z% Z0 {
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]. \( a* n! ?- N
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]. p) a) t9 l' @: ?) y
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
$ L2 F J3 j' X: E: r f
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]- c1 y, f6 r7 M
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]' U, T3 s7 F, n ~
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
) q: u- R h# B3 t* x0 E0 r
<PHIME2002A><; > [N/A]! C' N$ U5 P1 h C7 i) P1 l3 N6 A+ `
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
t# i9 a, a+ Z( |# w
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- L7 ~' g" v& m! I4 f- m) ]: [& i
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]& V- a$ W: C% L9 s
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
" V- W4 K# b4 Y/ f
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]; P8 I2 F4 |1 _3 n+ l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
5 I. O3 s; E: z. m ]/ J& \
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]& H* I7 i5 A* J2 Y3 K" |1 Q1 T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
4 d" D9 z8 f2 a& P8 x
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
6 S4 r, |) w% b% P2 s+ g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]5 _3 H: d" X! k8 x/ X9 O! f- w
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]; @" p9 j: z; U9 w% n6 Q8 D+ T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]1 ]3 C$ A) R6 Z8 \& l5 v$ h; I
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]5 ^1 P* R$ z, D' m1 }
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
n- Z9 E" U/ w/ N2 ]% `6 o$ K
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]8 X6 M4 R7 s5 D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
$ s9 x7 b9 L* Z; D% ^% A
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
9 Q0 }# T7 F5 Q( p5 K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
: Q5 d; W6 X+ x1 J' Q
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]6 ~: z8 W2 Q1 [: v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
4 ?$ _6 g: ~) L. ?( O
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]0 H n& ?* E+ s% W2 c$ i5 z P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]/ \. z8 K: |* j3 v* D# r: V- ~
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]. X3 s( `* v4 o. d9 T/ k6 G2 K/ x
==================================- q$ ]! W" N4 P& m# W
启动文件夹5 ~# V; D# h4 g" s* K* p9 w
N/A* d; }! i4 m6 A# Z+ a# T* ^" D* q# \
==================================2 V. M. D( r" p$ x; F5 L* X6 ~1 \
服务
7 B6 i, U! k: _1 F
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]% R+ L% @4 N$ S$ W3 I6 d0 ~: b. i6 k& f
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
& t! I" T L F% J; d) L3 u/ ]2 w
[Google Updater Service / gusvc][Stopped/Manual Start]' w \9 g w4 j) u0 m
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>0 `! C& b E( e; R
[Help and Support / helpsvc][Stopped/Disabled]
c. D! H, ?# \8 }3 C
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>5 T4 p+ q- x4 S) V8 _
[Human Interface Device Access / HidServ][Stopped/Boot Start]) z3 g# r& t& {
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
; Q. ^2 O: H" B
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]$ ?* z- I6 p4 _- ?5 k
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
/ Y* \7 ?" |9 j8 |8 S; l4 S
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
9 G" }: C, o' r+ O4 G
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation> p$ V# s3 f5 U4 D- r2 h3 g5 A' r) _* a
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]" X- Z. J1 _6 b# y. i' D% O
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>6 |" D, A+ u9 M5 ~0 ^
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
( m: X9 q6 V9 T; x5 l# L: c
<><N/A>3 o1 X4 h5 n; @: M
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
, A% L1 F3 b( s+ T7 T/ Q
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>; ~, G2 ~2 N: v& n; }1 G
==================================
, C. e0 g) v6 C7 h
驱动程序4 }2 a4 R; a6 q
[22j / 22jn][Stopped/Boot Start]) S; \. {; K; R/ u& P6 g5 e
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
' v5 j+ S0 w& O
[360AntiArp / 360AntiArp][Running/System Start]
4 X& G, ]4 W0 x2 Y
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
; K. N$ l/ i4 V4 F
[43ec / 43ecu][Stopped/Boot Start]0 {* R$ f" m2 l' Z% J6 O
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>1 v2 r6 |! B* y. }& t4 j: s: I
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
9 m: ^1 G. L; P, N
<system32\drivers\ac97intc.sys><Intel Corporation>
+ i( R7 q/ l$ \+ m4 s
[Promise driver accelerator / bb-run][Running/Boot Start]
1 F! |( u4 f) X, M4 _
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>+ Z3 Y1 p; k1 ]8 W4 E; M
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]: T9 L, ^: r9 {) y& {6 _
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>* B1 S" K( D0 V; e! B$ S6 C, P
[KAVBase / KAVBase][Running/Auto Start]
e. z5 b- a* J5 u5 D
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
* x8 X" J& r: {; R3 c9 Q# F
[KAVBootC / KAVBootC][Running/Boot Start]
0 s* ?: q/ F5 @5 a
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
" ^+ y% a# ]4 F1 L' Y
[KAVSafe / KAVSafe][Running/Auto Start]. ]4 s- }. }& }9 j
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
0 d# K1 ~% t) c; R6 L# V$ `
[KNetWch / KNetWch][Running/System Start]0 `* |( o. Z) f8 {3 z8 X* o
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>9 \% G: T- w' f: y% e
[KWatch3 / KWatch3][Running/Auto Start]( w- Q3 c- [2 ?( T, u. Z& ^
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
9 K% _. @" E5 L4 p' l
[ntptdb / ntptdb][Stopped/Auto Start]% }, B2 _; l8 J9 y
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>$ W- \9 W4 p9 v, { I
[nv / nv][Running/Manual Start]
4 n: _# b, F' g
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
5 e T% v# J' w o0 o
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]* ?5 ]+ U, t4 L- m+ I- |
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>+ P: E x2 m( k9 ^9 S3 K
[DDK PACKET Protocol / Packet][Running/Manual Start]* O: A7 b% U4 k) M- p& I1 y) ~6 I
<system32\DRIVERS\ProtoDrv.sys><360安全中心>, S7 j5 u3 x0 D8 }
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]" M, M# A+ X! {* |7 b
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
2 ~9 p x8 h2 ~' p. F. X9 V
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]2 z) B9 y9 N7 v( K% b
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>4 e; N# q! C& @& e2 O4 ~5 @ Q5 n
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
: _2 G7 M$ a- l& m8 P! Z
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
. b- l$ q4 H; ]1 ^9 ?; O
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]& [+ c$ l8 h% @! Z
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>8 D" g# x3 F* {- A
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]4 n; ]& S0 u! D; p8 M9 Q
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>& P% D6 {1 s" l
[Secdrv / Secdrv][Stopped/Manual Start]; E7 \- M3 U) Q, Z) W
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
1 o- L) [1 t7 @* N" V' `
[SATALink External Device Filter / SiRemFil][Running/Boot Start]8 L" N& f% s" H9 K- _3 s
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
2 ~" s6 z5 v7 J, O
[System Restore Filter Driver / sr][Stopped/Disabled]2 u( C6 Q, {5 s* T
<system32\DRIVERS\sr.sys><N/A>
" c" L2 K; [8 |- Y
[TesSafe / TesSafe][Stopped/Manual Start]$ j9 w- W- q5 A0 y- y1 Z% v
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>: |* `; u- G2 I* l9 \0 p' {' a* h3 }
[System Services / unzxzsrs][Stopped/Boot Start]' v% i4 p5 y, v
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>) J4 L7 |- E3 h) U# m2 l
[ViBus / ViBus][Stopped/Boot Start] L3 L. A2 S( a4 n; W! x$ y
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>- H" t4 i/ d. j. G8 J" q( P$ l
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
) P+ |/ _; J* ~
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>& v5 P7 u9 ]' x: c2 D4 j9 g& E. p5 `
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]3 z" Y( E* I7 c
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
; R+ X/ B% U7 p3 \1 \
[ATI Extend / zhibmaso][Stopped/Boot Start]
5 @6 b! ?8 s9 o: ?9 c+ W( V$ H* i* j
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>$ |/ k& o# z+ x
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]9 |8 `5 I( P7 {! U& ]
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
$ T3 _& I% d, D, k
==================================
3 m' v4 y3 N6 s2 X5 F. A
浏览器加载项/ D x2 E; I6 s% i' a y: a. G( s6 u
[Google Toolbar Helper]9 V# N7 N9 c9 D8 O
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>& D, w. a+ W) h1 h8 Q
[Google Toolbar Notifier BHO]0 t: [, t5 |' V& s
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
8 ^ d, J. @, z# a: n# ?9 {
[SafeMon Class]/ G- |6 H$ | P4 o* G( o2 |- h4 x
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9 q7 ~5 l b, n9 s6 b9 B3 _
[kingsoft browser shield]5 B: M& c3 j. \- ^, M
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
; q! _% H1 `% J% @5 a
[IEBuddyExtControl Class]- `: Z2 }9 q' Q% `7 r; c
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>9 } E4 E& I; V! f% A
[Zcom 杂志]
, o# i. N/ e) }! i7 Q$ C
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
( f; o4 o9 Y( C3 p8 d; a
[&Google]/ B7 g9 s; ]* z* r2 u0 [
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>3 z. X# N: F: i: Y/ d+ Q; A
[KooPlayer Control]
4 D. G2 e+ R3 E+ y* U7 k
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>1 g3 m3 u/ X# o, A$ Z: P% `
[Shockwave Flash Object], s' {- L1 W8 B2 b
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>1 w: K& P3 ~" C1 ]8 y
[KUpdateObj2 Class]* Q* T" K8 [+ K) K" E2 i
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>& [8 S/ O9 h4 X" E( D
[Google Script Object]$ I; e! _" v) W
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 p, z. v! s! F( \9 Z5 v6 y4 ?* O) Z
[EWA Control]
, m0 W5 o) l; }' s
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast># C" B( ?9 }* C2 N/ @6 @( `
[Windows Media Player]4 e" \& `9 ^0 V; C8 A0 k
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>7 R$ e6 s* D. z4 I% w
[&Google]) Q2 j" K! @2 R/ o0 s* k0 d5 v1 b
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>* Z, P, h% f9 I6 z4 L4 B9 T( m
[HTML Document] _/ G& G: x7 O8 M5 |, K
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
3 w4 D: p) J6 @, x! r
[DHTML Edit Control Safe for Scripting for IE5]
$ Z% G# c+ t" n# ^& ]% C
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
$ \# _& s n a5 b
[RealPlayer RAM Download Handler]- s. K6 E0 Z/ [4 L
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
# Z8 h6 {6 e" K7 M
[IEBuddyExtControl Class]6 w0 r& P% J# A) [/ v5 X8 ]; V
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>, L) X7 Y- d: D) g# |) ]% [
[XML Document]" i8 @! A9 m) V+ K
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
5 Z' w+ D* k5 `/ ~# P" N4 a% g! U6 J- I
[HHCtrl Object]& E& S Z& \! g0 O0 B
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>) G" [ _' e1 v2 l
[Windows Media Player]
; b+ E q3 d# _ ~- P$ y
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
9 r% E* W. M( g
[Active Desktop Mover]
j# l7 `6 ~. s) | A9 e% ]+ g
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>2 W) j. r6 b6 m4 E% Z
[360SafeLive]5 ]2 s6 t8 `% e6 Y' S5 g
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
. S7 H1 j; `& }; }- v
[Microsoft Web 浏览器]
+ M( {2 G+ d% c8 D2 \* ^# y
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>% |( \5 J4 ^ q) V1 _! y
[Browser Enhanced Objects]
) @; v1 ]7 E! ?' F
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>5 j0 [5 z9 r2 c5 |& G0 E$ U, V
[Google Toolbar Helper]
. E2 }4 |6 G9 ]# J4 r) \' d
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
! w/ _- r- d8 T8 ]0 q( R% t" |
[Microsoft Scriptlet Component]" p M b8 Q: k- j
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>4 E6 r( D4 ]0 l3 @5 o7 [6 N
[Google Toolbar Notifier BHO]
& Z, e4 h C7 z$ \3 D
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
" k1 D+ ~1 h9 [# K: S1 d3 r* }( ^
[SearchAssistantOC]
/ O4 h: N a% _, K7 Y% I) T6 B& H
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>& v: J8 v$ i! P5 x' O
[SafeMon Class]
3 i3 [8 ^& v# w; u
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
0 \7 }3 d. U( P$ u2 @( k3 d7 ~
[RDS.DataSpace]
; W- |9 ~& t& \$ T& E2 I0 j7 X
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
. \9 L; g: F- Y1 c3 \$ F! V
[KooPlayer Control]
+ t/ @# @$ X' e5 ^
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>& h4 \9 K) _3 v3 ^8 b- P5 `8 J
[AUDIO__MID Moniker Class]0 h4 C, `( G; A! G
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' `1 j* M2 R6 m+ a
[AUDIO__MP3 Moniker Class]
1 B: ?) @' D/ X$ D
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! p1 e8 H$ A' v& d1 U9 D$ {
[AUDIO__X_MS_WMA Moniker Class]( P1 h" `7 s& q& ]0 o3 f( I
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
0 ~- ?# J( W c1 N0 m" N
[VIDEO__X_MS_WMV Moniker Class]
% z! O) t7 ]1 d& Q
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
0 m0 V4 M, l- `+ U; H( q9 U
[RealPlayer G2 Control]( Q) P! y: F; f: L" H4 e
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>% U' l/ Q5 c6 s( K9 ?
[Shockwave Flash Object]
* I( [% Z/ V6 ]' T% t
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>3 ^2 k. p+ X( d7 }
[KUpdateObj2 Class]
. Y9 u4 F9 ]" Y0 W5 H! \
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
# |+ }2 m) ^ X; E" |- j
[kingsoft browser shield]
4 f. w4 L, O' S
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation> e) c3 V1 w/ G" ]2 p" P
[PasswordEditCtrl Class]1 c4 R9 M/ V* t
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
6 J5 t1 G1 Z4 S
[QvodCtrl Class]6 q- P0 _6 H, M0 K' b
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
/ J$ [4 b3 `) W/ `) ]$ ?3 y5 w
[&使用超级旋风下载], s% c) Q# I2 `7 P+ b0 d8 U
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A># h( K5 i8 U/ E0 j- u4 O
[&使用超级旋风下载全部链接]
* B6 X8 x9 m$ `" z) s
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
5 p( {. b! E7 N
[使用迅雷下载]
# |+ P( m) s, |& p. m: Q8 O% U
<, N/A>
( R! f* z- n8 p4 ~( u- A0 d$ s
[使用迅雷下载全部链接]
P9 i) u( ~: O8 O6 S
<, N/A>
# f4 Y6 i0 @. n
[导出到 Microsoft Office Excel(&X)]
; A; a( ~; | a3 U9 y1 l
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
0 v- ]8 f$ b2 J
[添加到QQ表情]
! I% q3 K1 k' b- n% }2 g
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
; k1 a4 n" R5 z
==================================
$ n) \1 k+ R1 V* a m
正在运行的进程
' y9 v7 R0 _ f; O2 A
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 \" |+ G6 c1 X
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, K" G; J: |) x4 O6 O( O9 E
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ g0 f1 `4 I+ V1 @6 s
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]! U [: Y9 h4 a0 c" y. a
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 b) k4 K3 A7 V8 T5 f
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- s" _4 t' c" ^1 f, k) ~9 i
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# N! ]. b, |6 r1 e, S1 z
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 k. y) y, M. \7 ?4 x! i
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 y) `! R& L% K0 p0 ~, H
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 E0 _) V, P( K& p
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 i6 ~. Z! D! l% D; ?
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]' A% @7 g* ~+ s; |+ ? [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]* o- P: z$ t ?$ D8 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* m. p m8 f7 D$ B$ C
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]+ a( {; o1 a$ ~& f3 v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 `* T B$ M) k% E' w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]( h( B2 ~5 n! c' B0 I
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]3 d" J8 `' I9 F X" r8 b$ O
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
m8 k; O5 b8 M% _" Z% y6 W
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
/ P- t4 ?0 [: ^# p6 I
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
2 Q [) v) m6 Q. U; v' f1 I
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
% y. q& R8 l( b7 x. {& D6 X5 z. y
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
" ]& b" X6 Y5 r. ]
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] C) A: f8 y* E" u/ D* C% A
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
0 R# T# ~* c8 g* i
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
/ [* s- C. i# Z9 ~8 F* Y
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
8 a9 @5 `3 g% y1 I3 f- H# M6 ] z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 I$ c7 Y$ S) v) V* T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! X( F0 a) j: y" C( t) b+ L! E6 @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 O6 ~, q4 O* i! X4 ]0 I+ K
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' K7 L' c; c7 m# d4 x1 s( p
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 _9 S9 \ @& D- |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 d2 d& b1 p' J- ]/ j% p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 H' k/ c, ~" g) Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 w) r! V1 h. F; H* M
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]1 d- Z$ l( @+ E1 C. U
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]. [- `& r9 o% p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ d' k: J8 _0 {! @) l, Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 b, _1 m, M. m
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]9 M7 D1 g! {. V9 m
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
* n2 x8 Z4 @4 m8 _1 A% J- R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 }: ?* i# H) |- ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# N X8 e7 e) f
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& U' u2 h' b7 L- I
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
4 | T9 J, g2 h Z
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] m& V# ~1 c3 E- c
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; |/ D; j7 J0 d3 ?, b0 D0 N
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]' j5 t% g. P* h8 _4 `3 y5 j" q3 A% k7 R
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]: g/ q. r7 ~6 q" K' v9 p
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" n, N- q; h# F, {9 P& s- U) w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% W/ c+ L; ]9 j4 \% U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] \1 Z6 R: p9 \
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]+ v0 {1 [+ B. P# w4 }) B! a
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]- n! y) D- B; _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]# E% ~; \& W6 Z8 _4 X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
5 |+ C8 e8 v; d$ S/ h. o/ m5 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
- T4 x4 P6 i2 r+ y$ U" L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
/ T- k( l2 j7 Y$ A4 V- Z- e$ k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78] B& d' v1 G/ y) T6 h# f( ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
" c1 o' U1 L- h3 u& b( Q
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
9 K; S3 j2 g- ]) }* ~; K6 ]$ r2 W: B
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
$ Y( _3 V! G- P+ `! H% y J# O
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! ^3 x4 G/ p) t
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]; D j; t& t+ {; U/ R2 i; {" \
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! o+ H( Q( _* _+ u
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
5 r: Y4 ~2 `, b+ k& o0 H4 p& V1 a) i0 W
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
! d0 T- e `+ y2 E
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
% V$ z1 u" e0 M# R* P: Y
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
( n; `9 ]0 b( k1 W S; E$ C2 e
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 I2 M* J" L3 f+ R% F T4 c+ @
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
2 k5 U+ L* x3 n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" h9 h6 m4 N# f9 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( h' H6 n, a% v' x7 Y+ {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 E* {* S* w. f( d5 `
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 s2 ^9 j0 j( B1 j6 }/ T0 b0 b/ W
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]& v( a9 V1 s5 x- s6 p/ G; a6 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ P) L8 O" r0 e0 P Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) }- x3 w) c3 l* e: v2 j7 v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. U4 h+ J6 _0 h; ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 I! ^! M" c2 X! k
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]; Z6 @2 J# W% ]1 M1 J3 a7 C8 r
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
6 A$ t2 J) @: `/ M' N4 s
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* q7 k: M5 f9 x8 @" |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' ~* \+ @2 q& k4 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. y$ |6 p2 |1 y' W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" ~4 ^! p* T- V; y% m+ H
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
4 q4 Y9 B& t6 Q9 J
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" A6 N5 t# M2 `+ E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) m/ w6 S3 |$ o, S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ P3 J0 A! z/ M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( h4 j( @+ I1 ^+ B& ~0 M E7 }% u
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]) B% x3 L; s! n0 S( u4 x: e8 E: O
==================================
6 R3 k2 l& z q) W2 r$ |
文件关联
$ q- r8 ?+ r3 q z0 f
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]0 i5 A$ M& S& T" S( K: W4 Z
.EXE OK. ["%1" %*]' V$ c9 o+ b, n
.COM OK. ["%1" %*]
. T" Z: b, Y$ v/ k3 y
.PIF OK. ["%1" %*]$ n2 O- v% i+ [. |
.REG OK. [regedit.exe "%1"]
" {, f/ x1 M& i' {
.BAT OK. ["%1" %*]! c1 f, k) l* F ]3 C" [
.SCR OK. ["%1" /S] n/ t2 H7 e- R9 m
.CHM OK. ["C:\WINDOWS\hh.exe" %1]5 A$ q& R- {8 w) P
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
W, Z! b- g$ l9 S& ^' r& L
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]- X6 a$ s% H9 _- b' `/ F' A
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
1 W& Z9 D( @5 ^3 z/ G' l8 W, V
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]% z8 o. q/ \, b: X2 E6 _" b- ^
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
7 g6 I3 F w9 [
.LNK OK. [{00021401-0000-0000-C000-000000000046}]* l4 j# }% r" k$ Y6 A
==================================! N7 h" @$ A6 [7 [0 P
Winsock 提供者8 v" k6 G- z6 |! W4 Y3 Q
N/A$ s" ^7 q! y T6 k
==================================
& O& h( I K" ^! C
Autorun.inf: F- T1 e7 W. ?7 ~% Y) z2 r2 L
N/A+ x; D9 L3 L6 U/ Y# A6 R) Q# {
==================================3 t* x9 j6 |7 i2 ^" X0 T9 c
HOSTS 文件
( N" k# \# d2 n7 ?
N/A$ s, \- R y- ~9 R) z
==================================
" P+ u9 G- a6 C s( d
进程特权扫描
- Y" I8 r- O! [ `/ |3 M C4 t
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]4 u' [. O5 o; g4 L c- ^9 S
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]& S2 @; O" c9 ~" s- l
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]6 D( V2 X$ I9 ` b$ N5 _0 H% t. Q3 M
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]8 c3 j- k# T; C: V7 k8 t+ y: L' {
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]% z: N+ @% w; M; x0 | ?
==================================+ Y7 N, E0 L7 H
API HOOK
$ g5 N2 x8 T! h' b F1 t" Y
N/A8 d7 m) s& D7 D9 J, H5 J
==================================
# w- A; a4 P4 C& D% b3 U5 ^
隐藏进程" {8 L h! z2 O' B/ O6 C, z& ?0 I
N/A
5 m8 F/ Q4 h. \. M, A
==================================& [- q. z0 f( P7 i- [3 M: i
, v3 A; ?) g4 \, ], ]8 ~) d

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115