在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

0 `3 S5 s e- x; Y' R2 N
2008-05-22,20:37:43& [0 M+ e1 ^, `8 r& G- q
System Repair Engineer 2.5.16.900" A# R% ~8 e" ~, r
Smallfrogs (http://www.KZTechs.com)
8 `6 R1 l/ Q; Q8 N! X% ^* K
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
0 S5 \- [1 i# g5 p% L/ a
以下内容被选中：+ s6 h; r" _; W0 ~1 l/ P/ e
所有的启动项目（包括注册表、启动文件夹、服务等）" b" z- M' g" B4 |5 x* h& r
浏览器加载项
; q: p5 C$ _0 F4 F' ~* V% m& C
正在运行的进程（包括进程模块信息）& O, r' V% e& u! i) ^
文件关联, T- K! `8 s% s- D4 |4 H
Winsock 提供者' F, O: n3 E4 ^4 I1 Q7 M! @
Autorun.inf
" X; a7 F q0 r% B9 h$ S" w
HOSTS 文件
% _8 H7 s# U: d, T% o4 P8 m
进程特权扫描
! H2 I% ?: T- D3 c: _4 g6 b3 J
9 h3 E5 j4 n1 e5 q! A
启动项目
: E( x& E! S' Y! O$ @1 r6 ]
注册表/ s1 p+ Z3 F& |- L
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
) Q' a) k. R& D! u* F2 q& `
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
3 u5 o3 |& e0 Y+ P5 p3 K- I
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
6 R1 K5 N0 }0 _$ r& g
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
/ v U0 G3 `& H* R+ S8 x# I
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
: r$ W: H% r) k( p4 G0 r" I4 N
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]3 X( ]9 N/ M# _- k. p, I
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]5 l; Z1 L9 w! Y7 f, W( a. d
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
% \0 u& y! s3 Z
<PHIME2002A><; > [N/A]4 T. _% y% L5 g$ L$ E
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]# L: i* C" }3 P- d: a, ^" e( N
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
: ?. ?; X# d* W1 }6 m+ F- y! V1 [
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
7 S% ~. T! i6 t! n M
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]- `+ f8 z) K7 g: d$ c$ x
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]0 l7 ?2 S: i/ D4 s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]1 z& P7 f6 n: U$ P/ Q' M. f% Q
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]( n' J) e2 [5 w7 X1 v7 ~0 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
" u0 u* ?) J0 V& g) |, ]6 i5 V
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
; e2 A! D. O$ t5 j! ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]2 V; a" a& r5 h n" E, e
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]! ~: a5 n" S, n9 c- l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
1 X1 b4 J0 ]6 D' ~( Q# N
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]9 T2 Z6 G* _1 o8 A1 U' a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
: ^) m* P+ `4 F: G
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]6 [0 c4 P9 E, {( W, z2 I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]$ Y0 l1 O1 I' d# K( S- U9 e9 {* R9 w
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
: i; S$ i/ P& n! g3 B' L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}], D/ ~, M& \. M8 y# B
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
6 y1 [- Z- d$ H8 b0 E8 M* l5 d4 [
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]* d$ M& h7 R. c) y/ j2 t, {# g
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]( L5 \4 ]4 l- q; A0 [5 c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]% Y) B" D: T& m! b' ]) U
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
4 G8 j2 c3 {! R. H1 u5 Z0 b
==================================
( U3 q! @3 P# z5 { q2 U* W
启动文件夹: ^; U1 N1 [# l
N/A/ a: p6 d2 b% n$ m
==================================+ T! `$ n/ l( S* @3 E
服务3 E) w: n$ B/ F) e" H9 j- D5 ^
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]! X" ^5 I3 [9 Q. V' f
<C:\WINDOWS\System32\3wareSrv.exe><N/A>7 ~# K y" o, G1 W4 g7 `: v( M
[Google Updater Service / gusvc][Stopped/Manual Start]$ e" ~& {2 j) e* S& j M$ K* U! M
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>7 W; t9 B3 `0 v$ y" }2 k) `
[Help and Support / helpsvc][Stopped/Disabled]
( p4 u7 E$ ?( R' M4 r$ \
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>- n! c4 Q& g5 ~
[Human Interface Device Access / HidServ][Stopped/Boot Start] U+ ^& k O+ @) W
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>5 C4 r1 k( {' S- q3 Z7 |
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
* l8 X8 w/ n* M g' J
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
3 S0 s7 d- S/ I& c3 p# E
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
* I( {1 D- @8 t
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>8 c: T. f; G2 P' [+ B' d
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
! L1 {6 H2 _7 ?) p
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
9 L. y; v# K9 `; C5 L% v
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
# v, j/ i& C6 w" w4 r- b6 z+ m
<><N/A>2 [; E7 B& O4 k% t) A2 t/ f- X
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
# x( A4 u* l$ q# Q% Y
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
. v# i( ?! b j3 [
==================================% F5 H9 ?, ~! S s/ p
驱动程序: n- }$ N- j- |4 ^$ L' x
[22j / 22jn][Stopped/Boot Start]
9 e; u4 u% R) J1 u4 I& q
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>) H0 Q* v7 z3 z5 u* |
[360AntiArp / 360AntiArp][Running/System Start]
6 l' F7 m; w1 X; S
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
- s) Z8 Z6 x; H6 U4 k3 S
[43ec / 43ecu][Stopped/Boot Start]
7 H1 @* A! y- o% Y0 ^
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
, C: x8 J7 A! F7 y; `
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]% y g$ ~: [$ P }
<system32\drivers\ac97intc.sys><Intel Corporation>
6 V) r. h* r6 T- F7 a3 K
[Promise driver accelerator / bb-run][Running/Boot Start]
# b2 }+ ~) U$ L# v2 c- h* g2 [ \
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.># X) _4 H0 R% m4 o3 u# c5 N
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]- ]" y. C! A, a* K4 ?* R j
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>$ v. i" r [( |4 I- Z
[KAVBase / KAVBase][Running/Auto Start]
8 R& O; H9 ?" b. Y6 ~
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>' z& S: h3 H- D( ?2 O1 r6 y' M
[KAVBootC / KAVBootC][Running/Boot Start]
& Z" }+ j0 ~5 i+ y: d0 M1 W" t
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
; }5 t/ Z, T5 e$ i2 U9 H
[KAVSafe / KAVSafe][Running/Auto Start]! G4 P$ F- C# y3 w$ C! G
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>& ?; |. [8 I7 S# d
[KNetWch / KNetWch][Running/System Start]7 C9 f) U7 Z8 y K3 p
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>3 \* \7 \9 a% v7 h: H$ q
[KWatch3 / KWatch3][Running/Auto Start]
8 O: B9 @1 _2 a' j& Q" K
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation> q* [2 |3 Q7 Y" o
[ntptdb / ntptdb][Stopped/Auto Start]) c7 w! k2 n; z8 |) M2 Q2 {5 e
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
1 R1 g" z% P3 g" I; ~
[nv / nv][Running/Manual Start]3 Q+ R# s0 w! q+ G S7 Q
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
0 M* q% O9 B2 d
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
' c- y+ B- Y! l2 e) a2 a5 G0 E
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>$ }: a! @ I6 p
[DDK PACKET Protocol / Packet][Running/Manual Start]1 _3 ?7 g9 a' G) W
<system32\DRIVERS\ProtoDrv.sys><360安全中心>, o* i) t, K. B
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]! C s( k( Z3 ^7 q' W
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>+ w4 l: j- [3 t+ ~; ]- k5 X1 W
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
# K' m. x% D8 e
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
. ]2 Y( [9 d! r
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
0 U9 L5 q7 O: A* l; U* ~
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>7 I q) E( l, ^0 z% G6 u4 V0 ]7 I
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
0 Q5 J0 W" L: v6 l9 b) e. m0 ^
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
3 ?3 b" I) p% [# s0 }. v
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
8 T* j9 l8 a, u) I. m1 k) N$ N
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
- p) B/ J2 Z$ ?1 o/ a
[Secdrv / Secdrv][Stopped/Manual Start]/ h4 ~% ~8 L+ {( L( C8 |5 V2 ? ?
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>) M4 e7 N5 {- s
[SATALink External Device Filter / SiRemFil][Running/Boot Start]& t4 M! O! G3 S) A r; M6 Y" R
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
W0 L3 D9 L5 Z( i. j6 m3 V$ V
[System Restore Filter Driver / sr][Stopped/Disabled]* K% C$ m5 O8 f, N6 n0 u6 n' d' g
<system32\DRIVERS\sr.sys><N/A>
' B6 N- z5 E8 Y F
[TesSafe / TesSafe][Stopped/Manual Start]
9 Z& G( n- z9 r' e1 c5 ]/ J
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>' Y! Q7 B' Y1 D c* l) K: W5 [
[System Services / unzxzsrs][Stopped/Boot Start]
z: L4 k z1 G' }9 G$ N4 Y* V) t
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
* d6 `- B, p0 \! k; F
[ViBus / ViBus][Stopped/Boot Start]
1 n5 s) c, K+ I9 Y
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>2 f5 m4 V. t4 m8 z. v: C
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]( z. k f' |/ G5 v- E N
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>* l5 m; } \( ~: O- D- b: x7 N2 z
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]. k2 O$ q0 t% D
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
2 p6 P+ g/ {. f1 x% R5 Y% K8 M
[ATI Extend / zhibmaso][Stopped/Boot Start]( H9 T5 x! x$ [7 X5 x8 k' d" o# [
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>, {) q( }5 V+ l9 X }8 R3 M, I
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]- G6 q( w3 s+ b7 A, ^5 c4 T& Z
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>* H' N7 s% _2 ]* K
==================================
. C( A9 O4 h% ]2 R% ]
浏览器加载项8 y7 ^1 z; O$ y5 t" c0 ^
[Google Toolbar Helper]
3 H5 z( C5 S/ ]( o$ J1 \
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
% m+ p. T6 ?8 R9 T. S0 b M
[Google Toolbar Notifier BHO]
3 O5 T/ m1 P1 x: i
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>" o0 J: K: W* r9 l
[SafeMon Class]! q. x* n8 G1 \4 s# W5 d! E1 {
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>( e/ c7 z- v6 D
[kingsoft browser shield]
: M I1 y& [! ^9 Z
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
. \2 k! m/ u: r0 C* D5 q' a
[IEBuddyExtControl Class]5 ^8 U. }* x# S7 M
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>0 Q+ p; n1 S2 l" A
[Zcom 杂志]
" f% J% d* A; c
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
7 e( V) m# W# k- ~+ z2 @
[&Google]0 X, g0 m5 `3 T# S- S7 A) P+ k3 I4 L
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>* x0 t% E/ c. [$ B& c: Q: _, d
[KooPlayer Control]6 A6 J# a' G+ E, a
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
0 U9 T9 i+ X* C& i4 f
[Shockwave Flash Object]
$ n% S4 _' I5 p1 [9 S
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
/ Z4 q: b% Y g' t* i' l
[KUpdateObj2 Class]! c8 B$ l* N8 n: S+ K
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>& D) z. @: I& C& {" Y7 Y
[Google Script Object]' r+ p) f9 X! E+ n8 v1 p C
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
/ _' g9 L* I( t' b0 K$ S# t3 q: @
[EWA Control]( s/ p6 C0 Q1 _$ K1 |' i2 u
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
, ?" K8 g) d1 v' f9 I$ S
[Windows Media Player]9 C* A6 _! V4 E% r/ q1 N W% \
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
/ z# O( w5 H. E
[&Google]8 P$ X* \4 L! _, z" [
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>& r) N _( p6 i2 H# U" B9 Q6 ?& N( f
[HTML Document]
. P& [7 X' Y6 y4 W6 l
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
2 R5 c; D: [) B# J4 F W0 b* C
[DHTML Edit Control Safe for Scripting for IE5]! y( c" U1 r" o! o
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
. R9 m$ b: g, {8 r: i3 _
[RealPlayer RAM Download Handler]- t/ O% O' h7 s! P
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>5 m% t$ h, V# f7 U
[IEBuddyExtControl Class]+ x$ o( C0 f$ U/ |# w8 e6 M& d- v; d
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
/ G. K0 v( n+ o0 K
[XML Document]/ ]! P7 T! Q7 @' U( h# `; R
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
$ C/ q; H* \, V2 g9 w
[HHCtrl Object]
8 f* @- G4 h: W& E' T1 L6 y
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>6 f/ l0 F! r: J0 b0 l. U1 ~
[Windows Media Player]
' u5 S( ]4 t+ E. k' d' M
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. z6 p0 z; ]( r. y) F) z
[Active Desktop Mover]( a1 N. R6 f: G" m0 h! F8 ]5 E9 d" [
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>- r' b. K3 w% r
[360SafeLive]3 v% ]4 G- }4 [1 l
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
, H# L R/ V& G" I
[Microsoft Web 浏览器]5 s' Y: X* P. Z% `
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
8 O3 A# p+ @, Y( o! d7 C
[Browser Enhanced Objects]
/ J1 F9 G* R5 ^3 \ x& S3 o
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
[Google Toolbar Helper]
1 S' t" p- o: F1 A7 q* \
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; Z: F$ ?" c. P, w2 X
[Microsoft Scriptlet Component]
) K! W R% y R0 j' o/ `1 @
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
7 z) Z, c) c! x/ Z: Z: @/ d
[Google Toolbar Notifier BHO]
9 Q7 G O7 s0 O# D+ a: I
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>/ H9 t5 `, t8 N/ s3 `' s# z
[SearchAssistantOC]
) J, l/ ^' X/ M+ ~+ C! m
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
. k1 m' D5 h' D, n9 D3 u
[SafeMon Class]
; q8 h4 e; i y! F( H8 a
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>' y, k0 z: V2 @4 y# D+ w" ]3 Q) y
[RDS.DataSpace]
' m9 O) s8 Q1 Z1 n' r7 j
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>" Y3 X0 T2 r( o/ O q) y+ y" X7 }" `
[KooPlayer Control]
+ T8 |! Z7 a; ^5 ]: v
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
3 c/ R. X6 b1 E8 N
[AUDIO__MID Moniker Class]# y/ m- \7 \+ G) a \. C2 y5 H
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>% b& T2 T8 ]. c1 u+ D; Q
[AUDIO__MP3 Moniker Class]$ _) @* G5 a% u2 t
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>7 z0 g7 y6 C" s- E8 A) X9 r* F, W! d
[AUDIO__X_MS_WMA Moniker Class]0 T: A- H7 c: v) L8 v: c; t# V) ?8 d
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: v! C! s4 l4 d& Q8 s
[VIDEO__X_MS_WMV Moniker Class]+ z& H( a* y- V! M4 p1 R1 R5 @
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
6 Z! G: q! e9 d
[RealPlayer G2 Control]
$ P1 G4 r: K4 S+ I, r/ f7 m
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>! l x+ w( _' {5 G9 W
[Shockwave Flash Object]
) L% h) a0 N; h
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>' x' v# X+ ` C6 p2 d+ b
[KUpdateObj2 Class]
" g# v. b7 |: ^8 H+ K& \
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
& k# T' s' c8 L4 z I
[kingsoft browser shield]
- h, X/ J; j2 z6 { j
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>2 N% k3 K. D9 V0 p; i
[PasswordEditCtrl Class]9 `) c7 T$ z5 t5 a. r0 n7 k
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>- {& g4 Q. N& p
[QvodCtrl Class]
3 I- a. h3 q g4 }+ g/ A( V8 d
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>* I1 H0 `# |. I1 {& J
[&使用超级旋风下载]
) b" a, [5 y6 b' z+ N8 h/ Y8 Z
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
3 U% d' D- M I1 y, q# x$ s1 l# g
[&使用超级旋风下载全部链接]
/ w5 c6 u& J0 z4 k5 l% Z) U) p
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
" X4 S }/ l4 ]- n. [
[使用迅雷下载]# J, w8 ^0 k8 D
<, N/A>0 q- Z, J" f5 s9 a
[使用迅雷下载全部链接]* m! Z; z5 J0 U* ^+ X' C
<, N/A>
- {+ m3 {: ?" _
[导出到 Microsoft Office Excel(&X)]* _2 i5 E, A7 M" i% L9 X4 d8 S
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>* E9 [; Q9 s& y, J- H3 H
[添加到QQ表情]
# P) Q/ x& ^' m+ `' |: h
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>; N! v7 k; l5 m! x$ Y; C- V
==================================: d4 O5 Q9 N. N1 S4 E. `4 E
正在运行的进程2 V$ D5 U5 M1 ]7 o4 B" s1 C0 v
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 C! E8 F6 V3 j; k$ j
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. o" z; ~4 D5 r3 \3 C
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 I3 \. w/ _& X9 V* J4 o! p: D
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
6 Z7 v. q7 H; _4 c V
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 @; K& N! @% R* `" H' k" _
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& J2 k1 d9 [8 ^' j
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. c$ ~% t& U7 m" l9 U
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; s. o/ a! j! z* O+ m& a6 |4 Z
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 t) D7 ^/ c( m. ]; t, v
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! |* T+ F6 F# F- {1 u; t
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! s9 q+ Q. C1 x" H7 W0 t( h
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]: ~2 D* I$ Y+ Z9 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 k: j4 }, h" f$ T" P% N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 {% X F4 _2 c6 b6 C y$ `! A l
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]; j3 @2 ]4 B5 T: o) l( e; v" b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. B+ k; {: T3 @, [! z; Y7 B3 Z v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
! }) d4 f. j' p
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]# k1 Y- C: w3 z0 u9 |2 N+ Q
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
* T. @) N$ l, J7 w- H
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
* L/ a8 Q4 r. |# E$ y/ c
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]$ x7 N7 h6 s% p$ i/ M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 g* r4 p- |: d% f2 Z* u
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
9 `; f5 `8 H" b0 l H( T! O
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] x7 s- Y" ?. e( [2 }
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
7 h+ t0 e) X# F0 `+ ^" B- J
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]9 q. }; A* n1 l* q) o
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]1 M0 U2 ]( p7 \' _, j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" Q7 K( l7 m ~' L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 X, K3 S+ M1 m* U( p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 `7 a6 z2 y4 }# }! q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 n$ Q& c% K9 Y* y/ Z6 R
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- N0 K3 R' n7 E5 d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 q) m: h$ }; Q* W3 @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* _( I9 X* G$ S9 ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 ^ R% i! B- \) l; q3 A6 z% c& f
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]1 ~! t3 O3 U x3 K4 ]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
" X. M/ N9 T2 I" M" F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! ^3 G3 I* X( m7 D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* V4 R' {, \, r# Z( p$ U# N3 }
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
; `+ Y2 M/ I% Y( u, L0 e( h3 @
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]+ G% v. m' ?3 T7 @6 s# |
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], _; J) y- k1 P( N
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" B7 G; C) Z! g! y# V
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; R \, g) v2 O1 [8 d: l
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]6 V: I' t& Y5 l+ q7 }
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 Y! V8 L: M2 m* \1 }: R! u, X
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. S% p5 s2 n. f' `9 e0 Q: e
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
! t7 U1 G! \) c5 E8 a* v4 q, {
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
" r* y9 L, C1 p( G% W
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
, F1 E S( T" }; C! V; q" j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 P: l1 ?9 S$ k& U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# c# V* c( N# G) m Y
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
: A! v+ H3 N$ E4 D s. [9 K$ l
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]/ J8 P# |+ `6 k% s- P1 M/ F6 f) D; ?8 v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]( O9 l% R- T) n; [+ _& q9 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
3 Y+ N% G5 m+ K$ c& L: }+ H/ L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
8 m" Y3 P4 [* a/ c) c2 ?& M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
" ?* V$ \; u: P5 S! [; O' X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
/ _6 z6 e4 V0 J+ v3 R
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]5 ^' c8 s$ i" q3 Q
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
; g4 o! W3 F! d- p: X3 K, E
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]/ o- L7 M$ K1 H0 M8 v: {
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
9 u- ]9 T' V" f1 t
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
3 n) [- o7 l0 Z0 [* `& \3 p6 B, b
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1], h/ L/ c7 D8 F$ |3 g
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
( Q5 ^* F: T; l+ \/ f- c
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
" h# U0 C7 C: F& u
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]# s+ E- s, s3 M3 z- H* R
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]: N- @* E- l6 J) L" \8 E T _- I! |. p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: ?/ e6 w2 T, M7 h8 C ~
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
! K8 E* O2 |5 V0 t1 @
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
: }- i8 m* A* z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
l4 s I) v+ U' N! i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* a) r( k, d; G8 g; m; d+ j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# U" s9 J# k0 g0 B8 Y- a1 c/ G5 n( b2 @
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
- k: p3 m0 L) N
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]+ L: J! q% Q* F' }) R/ O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 q. e# o& A' D5 i F; y5 o+ ?7 X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, T8 I( f+ v, s
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% i: i. K9 v& O5 p/ ?
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
. D3 R5 m* b! k* w
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]) g( Q1 J: f L& h4 E- a; V5 m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% [2 p+ P) m/ I" H. ]8 }* H8 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 C5 `- g, T3 M& O' \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* \) V8 [+ I% p2 d" T# Y: J0 z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 K3 |- I4 }* Y# X7 X; ~
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]5 t# r: X' g4 R1 g$ c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 k, B. h/ _0 e0 R/ X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 B6 a* h: ]/ a5 s# X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 I$ M# s& K* w" D/ a1 C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]0 h+ ?, O4 i2 ~, S- l
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]2 _3 ^- o* v: K* J, b
==================================
4 |- e3 x$ z) Z3 O" Z& S, ?
文件关联+ v) C8 x6 Q+ I3 c
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]/ n- o' h# c+ ~& f, c o: { P
.EXE OK. ["%1" %*]
+ V2 S6 K: N! U2 f! ^; @8 o; R7 U
.COM OK. ["%1" %*]
" \4 D! e' }; L0 p; E, {
.PIF OK. ["%1" %*]/ \; _: b1 N! ~( y
.REG OK. [regedit.exe "%1"]
+ q; [" p* E; i4 P
.BAT OK. ["%1" %*]
& ~# ?+ {' q; b; I
.SCR OK. ["%1" /S]9 G# q/ \" w7 O
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
! O3 k6 ]! y2 G
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
* Q0 W( B, U+ \1 J0 E: G. w1 S
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]! O g% h( V" k, A8 [- V
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
7 u# ?/ q/ ~- d5 ^; \* X
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]( e6 F& f A% h
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]" t# K z, X$ _, g9 K. @9 o- K
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
, K( |/ L2 t& M1 W. V+ |/ E
==================================5 x9 d4 _- E8 f
Winsock 提供者1 j# Z7 f, r! h, z# T/ E
N/A
$ G" n( Z1 O! a5 \3 n
==================================/ Y1 \! x0 h) Z& l o
Autorun.inf
1 a6 v$ @0 t! `
N/A$ o! W- s' t; T. u- r' ]
==================================
6 [4 Q2 a9 ]5 A) L I, e
HOSTS 文件
# A% }3 p0 T5 j! K$ a$ f! B. C6 }
N/A
) ^/ ^1 E/ K9 d# S2 s# W7 H9 n
==================================) x0 K6 W4 E* E$ m. o( T8 g8 b
进程特权扫描
8 j1 M+ H1 e7 h8 D4 X9 ^: O2 m
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
! m- r+ |. c6 V# Y9 ?# I; z
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
7 W7 W& }; v, p. o) R
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
/ M/ y0 h; {5 S% g2 g
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
4 N8 P! v8 q! E) F
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
' Q4 g: E3 O, S4 ~9 t
==================================2 B. ^1 ]2 ^8 o
API HOOK
4 q9 e. t6 o4 @0 j3 K5 ~
N/A
- W, F! Y5 O# b# `# `1 a
==================================
# E7 c9 S& J! e) v8 }# i
隐藏进程
* B$ k& x8 I& ~2 E' Q
N/A- v8 l. M* J/ m9 O# X
==================================* N$ p4 _3 v' f- T k3 F- C1 [& \
& m1 ~, P8 E- n/ `/ Z6 F9 ~

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115