在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

2 b @$ \) C" ?2 v/ r
2008-05-22,20:37:43. d' h: {8 q2 z) c, k
System Repair Engineer 2.5.16.900
- @5 f- O4 X# T! [# G/ {
Smallfrogs (http://www.KZTechs.com)( t. N4 _ j1 N9 b- Z) d7 w
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
1 p* D6 G% }2 X: C
以下内容被选中：
0 Y$ S# I/ A8 ^$ J: ^3 Z
所有的启动项目（包括注册表、启动文件夹、服务等）
8 X# e) G5 i) v* D9 g
浏览器加载项/ G! x5 h7 G4 |0 j4 J
正在运行的进程（包括进程模块信息）. q4 j! G; o" _( A' {. p$ {! k
文件关联& N) t0 h& a) I
Winsock 提供者( d! F- U; Y/ f0 q! G& ~( y
Autorun.inf
9 U% x+ [' E% N4 U! g" a2 V5 X
HOSTS 文件
( u( }( B$ A0 e# q. z
进程特权扫描7 k; N1 G$ o! Y- O- O
c) C9 r- v/ V% g x+ u
启动项目/ u% H1 o' i" I, | M1 u, s
注册表& d/ ^2 m8 P9 u' E& u) ^
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
7 i' S9 [+ h7 \2 S9 l
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]0 K) d7 O2 ?) w" m) p
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]4 P5 b R( {1 ^( Y) s
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
# k5 x+ `* i# Q5 m- b D
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
" i7 i3 X: T- {- E' X
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]; Z/ n! G |3 f. f
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
# {- J$ I0 j# A% `
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
5 S3 r% @ ` {) N
<PHIME2002A><; > [N/A]
, h! Z: o* Z# l; H* n
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
6 w3 G( a( ^( h/ }
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]5 Q2 L, B& A, Q4 Y
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
; t- q8 c; F H- g2 t7 `9 ]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher] Y+ P, @* g! U7 `! ]9 M; K) E7 t
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
. q; u3 ]7 K9 ^: W [; R: X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]+ a$ f: [( }- V" Q. a" ^
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
& C5 H% [4 I2 x+ ~! h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]! x5 F$ t3 T' w, v+ c
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]* K1 @8 E+ ^: b I/ M
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]/ Q. j$ x$ ]; h1 s4 g
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
0 c( B5 ] U& L) E( r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
9 S3 ]/ A5 V! ] ^' u
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
* Z$ V8 R3 i9 |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]6 B3 I4 [$ ?) S5 ^
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
8 q/ H0 U. X2 l7 G
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]1 J/ k/ _. z8 s* [
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]# v7 q# Z3 |! A/ S2 F/ c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]& `1 D% [! ^3 }
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]' I( }3 T1 w9 x6 k0 X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]& s2 A# `: }0 C# E; a5 A
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
# R C$ @. g" g7 l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]& A3 m' w9 _$ c1 t" }0 }" R
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
+ {% k$ R4 R; X7 }& z6 c
==================================
4 v. _! \% o2 m4 m( k
启动文件夹
+ ~6 g7 o4 k' C4 B# e: p8 e4 j7 |
N/A5 r: t& A6 z$ a! [7 C4 v/ D& \
==================================; \- ~# F' d$ d* w" `
服务
. i, \2 A1 H$ g( j2 m+ \, u
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
% L" W# B/ `; H9 ]+ T
<C:\WINDOWS\System32\3wareSrv.exe><N/A>- d0 K, @0 k% V
[Google Updater Service / gusvc][Stopped/Manual Start]
- R: y e. o0 F- x7 b, ]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
9 \# Y) F" g+ `7 d8 t% F
[Help and Support / helpsvc][Stopped/Disabled]
7 n6 J9 J' G; i- _9 s, D
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
c9 @; _1 U, @- Z3 ]* P
[Human Interface Device Access / HidServ][Stopped/Boot Start]
9 h6 A* u/ I/ o7 I7 c; v+ l
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- ]# a8 h- Z% x4 }
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start], W J' f# _" _6 c1 k9 }
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>2 [! g! l9 }% O& f: j2 V
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]5 G. H' F6 ~( D, D
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>3 Y4 N# Q4 O* j1 A5 P! E. u
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
, V& |1 P y3 N
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
6 n- D- A* [( m, a! u
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
3 ]; [$ V C5 T5 \5 |3 k. E
<><N/A>" G; j% G7 `2 z9 u/ c; i
[Qvod Terminal / Qvod Terminal][Running/Auto Start]/ b& M, _1 x4 L' {& ^) {) i) k
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>8 G( @9 ?' q, e
==================================
, q5 i8 {4 D- k$ \5 K) \
驱动程序* d( c: T- q+ S5 ?3 U
[22j / 22jn][Stopped/Boot Start]6 q" }6 K7 [0 D0 E/ w
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>: k1 S* p" W; ]/ i& f; m; @( D( H* b7 h
[360AntiArp / 360AntiArp][Running/System Start]
4 p) i& K+ ` ?$ i3 I) E
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> A/ a- |$ V8 n5 |0 p$ q
[43ec / 43ecu][Stopped/Boot Start]
( e. w' V( J2 J( ~# h6 n# U7 L
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>& e+ h0 \) s! a
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
: N* k3 W/ S! r% W# l5 ?# E1 V
<system32\drivers\ac97intc.sys><Intel Corporation>7 z8 L* G6 h: z# h3 w) c4 J9 |
[Promise driver accelerator / bb-run][Running/Boot Start]5 s+ Z- v2 ^( [
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>0 c+ q7 j0 ?( t* W4 R/ o5 \* a
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]5 E# G: n& N4 U' V. }- Y
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
& W/ S& E& q! q8 r) \: E
[KAVBase / KAVBase][Running/Auto Start]
5 C5 z" R& B1 P6 Y" h: S
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>0 p0 j/ A- L' O- y y
[KAVBootC / KAVBootC][Running/Boot Start]
8 }4 H) U, n4 ~1 X9 f- L
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
. d% B7 ?- U3 n4 z# e. o: z0 ^6 V
[KAVSafe / KAVSafe][Running/Auto Start]! U8 V. d. \+ J, f* |
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
6 M) ?4 ]& R# u8 A. G/ y1 }3 w
[KNetWch / KNetWch][Running/System Start]
9 c p( q% ~7 {# |; ?% V
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
* R! g! j; i( B. f4 \1 R
[KWatch3 / KWatch3][Running/Auto Start]" S* P( K6 W+ v0 L; A' ?7 Y
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation> W; U+ K8 h- Z7 K, V
[ntptdb / ntptdb][Stopped/Auto Start]( Q' D1 E7 Q8 [3 {
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>! T. U( B i% d. A5 s) o3 M
[nv / nv][Running/Manual Start]0 U/ \. {% I) A- f" W
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
( n, Z9 p: O4 u* m) |. a4 W
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
: ?0 |* E4 A+ R1 k: o# E
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>! ]& x" I( ] l& |+ d/ t4 d
[DDK PACKET Protocol / Packet][Running/Manual Start]" `4 A$ ?, @! |2 p3 O/ D
<system32\DRIVERS\ProtoDrv.sys><360安全中心>- u7 v" J" i3 d2 A: ^
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
9 w& i+ U8 F- @- ~3 H
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
* S- k, C/ [8 E4 ^
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
5 o3 I; R$ p4 _5 l
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>. x$ { j- |! v
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]; O: c& O, f8 p2 B
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
1 l0 O) W# J$ k! V$ {
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
% E7 s$ o* d; S% w7 y* l. ]7 |
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>$ T, a, J/ O+ F. c4 ?# W
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
7 T- T6 h3 E" w- n9 v h
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>; x( [5 l2 y: \. I$ A. @
[Secdrv / Secdrv][Stopped/Manual Start], A& }9 m8 k! @: I& S6 e6 o
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>; a O1 X& o, s! t- M/ Q$ D) s+ D
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
/ z) E: r. {8 v$ |2 @: _9 X
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>* h9 X, L4 w& q3 x$ C
[System Restore Filter Driver / sr][Stopped/Disabled]6 S$ O: Q2 l# G) T4 G4 D
<system32\DRIVERS\sr.sys><N/A>. N4 q' o* X' b
[TesSafe / TesSafe][Stopped/Manual Start]
" X1 k' d$ [8 B4 k% b6 b& l' l
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
, d% P6 p- Y7 T7 ~5 L( ~4 E4 V
[System Services / unzxzsrs][Stopped/Boot Start]$ I/ `2 B2 B1 S% U
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>9 E9 m1 v% [6 b# H3 G
[ViBus / ViBus][Stopped/Boot Start]
6 y0 C0 a4 C' M! [7 ]
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
( f9 D! R0 ]' k; Q8 Q3 }0 J
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]# }( m9 Z! g6 r+ R
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>; V' [- D7 l1 E8 J, I' F" \# Y( b' W
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
+ E' }4 ~2 b# a" B
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
; Q$ w$ ]# s! ^1 x7 A( l
[ATI Extend / zhibmaso][Stopped/Boot Start]' \+ ^; s5 M0 Y7 u( U! q9 o) F
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
2 d/ G5 ^ a8 J; v6 |8 h
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]+ _/ n% C9 r' c4 [+ }
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>0 E; \' b6 t; E
==================================
9 L& S- A6 c' {1 T# | V2 y( s! |
浏览器加载项" [4 v9 R* R' m
[Google Toolbar Helper]
8 `: H8 a. |4 ^5 U: C( B
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
* C$ |+ ?" J2 P
[Google Toolbar Notifier BHO]
' \* c4 n: |. P. H5 F2 y+ U# G/ N) y
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
; t. [1 P7 [* b; f- T
[SafeMon Class]
! U) M$ h" v; E0 J$ u1 Y) j
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
8 h: A6 S2 M# T1 t9 ]5 e
[kingsoft browser shield]
/ q+ N1 w, ?, B* K. N
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
% P+ p3 G- y: y) l. Q
[IEBuddyExtControl Class]) u* A/ [$ N1 a
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>: |, D/ Q, `2 N- a5 ~/ B" ]
[Zcom 杂志]
- |, q$ w) E; ]2 l: q
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
* U+ y. o# K" h; X0 H- V
[&Google]3 J6 A4 ~9 D; Z, F8 C
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>& Y) N3 s% N3 V2 m7 b
[KooPlayer Control]
& t# l3 H( a& G! N
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
* b8 X/ {; }" Z) @ r3 V# W+ J5 }
[Shockwave Flash Object]
u* v$ N5 \9 _
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
% B) t. B* @. t$ N* K! o9 n! C9 F
[KUpdateObj2 Class]
8 J, L) Y$ \9 L4 E! L1 V# J
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>8 r# s+ F& b; W6 o" |- b
[Google Script Object]" G! x r8 p8 S: ]/ H7 p) x
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>. W! c5 z/ ]6 Y! v a: R
[EWA Control]- [1 a4 T& H2 C+ v: U% F; s
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
! U2 G' e$ ~2 n
[Windows Media Player]
: a: S5 M4 w1 `; a2 D* K) z* l
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
( a+ r/ f5 @3 E$ m
[&Google]
; t$ i8 v: k3 v& `2 s. c
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 g' {6 I& |! w/ b5 ?1 z
[HTML Document]
3 |% [2 N# h- M2 K# V9 f
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
& c& C c4 O3 D! z8 c* E: K
[DHTML Edit Control Safe for Scripting for IE5]9 e; o0 _" C7 T
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>% `- C; p9 @ U+ B, `% Q& }
[RealPlayer RAM Download Handler]' d4 O. v7 Q4 L% R
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>" U" B& ?2 Y% |- v/ k% |
[IEBuddyExtControl Class]# Y4 H1 e* N/ t' _7 Q, M
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
+ }/ a1 \" f- N; W% h& j9 ^) o6 }* O
[XML Document]! L/ x4 ~" d7 n m9 I
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
* L7 [" M% M* d/ K3 R+ Q
[HHCtrl Object]/ \- [+ m: m. O% y+ l
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
& _% K8 N ?+ m& z- F
[Windows Media Player]
0 b9 c# V* V4 [) D* l2 k1 A
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! d3 r L& C% T! ]
[Active Desktop Mover]
# Q, m4 U. g( q+ A2 i
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
% f' c: M4 e; Y3 D' n h' ^
[360SafeLive]
v" y: L) r4 S; f4 F3 u
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
$ T- u& ~4 `% [+ i: }0 `$ J
[Microsoft Web 浏览器]9 j E E4 V% e# C4 P" d
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
( s: b8 T/ p+ v# c; e7 p& |. O# I3 o
[Browser Enhanced Objects]
8 G" z8 E0 G8 ~& ]7 F
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>3 z3 f. e( s; P" y
[Google Toolbar Helper]2 q! k, _/ y2 \% I+ v2 \8 L+ e! D
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, n% Z6 z, C6 M
[Microsoft Scriptlet Component]
7 u& w" \) a" J* i1 y) a; H6 z
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
$ ?- J1 M( @6 i5 j
[Google Toolbar Notifier BHO]) O0 u' j5 P" ?' n7 @5 Q) I) t
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
$ D# r4 b0 c2 j7 Q/ l% W
[SearchAssistantOC]% K5 e) ]2 S1 b* ^3 d& a
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> A) ^/ I2 j3 Z( F7 W
[SafeMon Class]: k. ]2 V6 d5 E1 f& t
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>: a7 @& E' z: g
[RDS.DataSpace]
4 v9 b/ J% j4 N3 N
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>3 V* @' V# M5 w0 w4 h6 q
[KooPlayer Control]# G4 U. P) J ^& p1 b2 y
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>6 F, l7 b6 b) d: e; F8 W7 Y
[AUDIO__MID Moniker Class]
6 L! e) t5 P' h7 I+ a2 A8 p
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: I, }: G0 I' L
[AUDIO__MP3 Moniker Class]
, ^& p9 e8 \% |+ Z; [/ I
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
% B0 j* P$ L1 `! j! D- I b
[AUDIO__X_MS_WMA Moniker Class]
) ?5 F9 q: j, q
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
! {3 N/ t+ e3 s% e2 j
[VIDEO__X_MS_WMV Moniker Class], c3 F' C% J7 o( k I: D( o
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
7 N8 f) Z% ^; r. o
[RealPlayer G2 Control]. U! ]$ F; i+ e8 O& K, t/ f
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
7 T6 S* L' ] c8 I* H8 f
[Shockwave Flash Object]
7 P5 m+ e! |- M5 i% V" z
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.># s' R/ g1 A5 q6 m, S' A7 }/ Z
[KUpdateObj2 Class]: `$ U/ N% v6 E0 ^8 I
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>1 b, o( a6 H( J5 C
[kingsoft browser shield]
* B/ ?, {5 [7 \1 V+ t5 a' g0 Z
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>/ e. K0 @- _* W. m0 Z- J6 ]
[PasswordEditCtrl Class]
! v. p9 ?) W! J! u' f6 N3 ~; p
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
5 ]! y& [% Y+ H6 k) G
[QvodCtrl Class]8 a" ?/ \/ v& t4 b }! b* ~
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>9 V3 O; S: } @8 Z( Y) h0 |
[&使用超级旋风下载]
$ F( e# z* Y/ E$ C( l6 [1 A1 N) F
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
8 p( `. ]" A0 i9 {4 X& \
[&使用超级旋风下载全部链接]6 U7 N1 r5 I \: ]! `& L* `! @# k
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>5 j; [' M6 t9 B) ` J
[使用迅雷下载]& W# k6 m2 x( J2 ]2 j
<, N/A>
- r" G2 @4 X9 F, ?* i* k$ [- d+ @
[使用迅雷下载全部链接]5 [! C* y% o( F2 Z
<, N/A>
' t$ g% L4 K. S! m) D
[导出到 Microsoft Office Excel(&X)]8 ^4 z$ c# ^' k0 P+ E4 j4 _: U! `% ?
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
5 i r- [! c5 u& B( N" f8 p
[添加到QQ表情]
+ `$ \! }( ]9 K) T6 J+ ^
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
5 X# T( z5 m) c
==================================! r9 P" |5 r; h% t% r
正在运行的进程
: Z3 R/ I2 \1 Y
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# z- G& \4 D$ t) K% }5 N
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 m: f z) x2 K, F
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 I b8 {, s' F% z8 `- h
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
1 @$ G) M; e. t# A) g3 U, C, k1 ?
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 r* S6 W* ~: h0 ~
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 w+ m- _; k) b& o, s9 T8 ^( w
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& A' x* [# m" c$ x- L; Q9 F
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) t' r8 o4 ~: ~, |3 T% b1 {
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 n5 s% P- W+ h3 q v
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 k! R, u& t7 V7 P) ^- ~+ X( T
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], v( w t( B3 C6 ?3 y, }1 P* R
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
6 C0 _& Q% ]& u7 ~; N% u) U8 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 J$ [6 p, F, w/ k1 e* m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# |- O! \ ^% v
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]& s" s; S) q2 S2 f8 D9 u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 r: Q: f* [- u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]& { u8 T6 s* E
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]4 C% I* F6 ?2 }4 L! Q9 N
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
. s" B t9 k* |/ F/ _. _
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]5 L, [* d: F8 W
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
3 [% J2 L3 S, L7 x
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# `. P5 F& ~% K9 ?. I1 D C2 H
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
2 I% d5 E, B% k6 U/ [
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- A0 c( ?) w" A7 v+ ?2 v
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
7 q1 j9 p2 u4 k) ^' L
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
Y9 f6 J5 z( I- T0 y- u
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
; l" X+ D6 p1 z2 P3 s9 R _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: _/ C. W f& B+ I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 g6 \* Y: u. N5 y2 K% ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# T/ }5 H+ I& y& e$ C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. Q) t& c( N( ?2 ]/ K; A& v8 [2 ~
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 ?6 q" p; H. Z, p' ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& T/ K# m5 y- s* G" d( H! O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]; Z/ E7 S! Q3 }. p0 ]% ^) n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, k" P4 q7 v" v& ^! k
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]7 X* [8 d3 F5 m8 d+ Q" i/ K# O
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
& r2 l$ L2 r* v3 U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 W: z0 S9 V/ S* p' l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' h0 m- x) N" |. H* q8 t
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
& b/ F7 R. z$ e2 H6 n( ?
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
6 ^3 n$ t6 [$ d9 F: e" g1 l
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]$ ~7 f% N2 `# W" f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 [6 X& k! S$ N w/ @ ?' A
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! e* f; n5 K5 |/ m% K& U
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
3 P* M! ~9 \) l% c# f1 P0 A8 g' @. e
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' g7 B' a2 B6 k ^& }' g
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ c$ Q. y6 q g7 s
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]% i7 l5 y h4 I- y8 r; `) T* v. f
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]5 r& Z0 k. O. N; K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# A& W' b7 P. m' F/ N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]3 K+ A' s# Y3 h6 @+ y, `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# ~+ C& R! \7 c' o/ V4 P# c4 R- {
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
2 t9 F) M& d# T( Z Y, f
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]1 v. B" M, F7 C9 E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
9 X/ H) q. H( _1 D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]1 Z" ^/ I4 p# k0 F3 f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
7 i, g. @) S) v$ b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]8 B& D* u+ W% }0 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]9 |2 x- j1 P; {9 u3 n2 Z
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
4 Y2 j1 Z7 I: t: L/ e, ^% P f
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]9 h# g) v$ d2 n0 i! z& ^
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
. ^, h( h) {' r: {
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' I7 ^* l: B5 y f5 ]8 Y
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]; D w& K" g3 H+ r
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 K" A4 }1 g* {# _$ O
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]4 `* h5 k8 C& Q3 t
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]7 X. n, Z1 U* u2 o
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
0 X3 V9 M( n9 E( r S8 e
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]8 K1 d2 f6 ^5 x
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" U: y/ F- q% A: B) Q) p' C- c w
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]/ z6 B& j% ^! d
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 p! O) T1 a4 x7 K8 {& a- L4 R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 I5 s" ^) L/ b6 ~6 i% s0 B6 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& o8 W" K. {" g A! K0 f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' ~2 [' \2 a6 n5 b3 o$ T" H, q
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]/ p6 F2 z$ k1 z: l( U
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 R$ ]" _- ^% T ?, p& N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 U7 S% L7 p6 W8 X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 k3 A" ?3 r: v* P- |5 z# P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 s" g, o1 h( v |% i
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]9 r2 _+ P6 o4 O) d4 M
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]$ t! R! I/ M3 N; ?7 W# C, e- o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) H+ E* m# ] _2 @1 u+ a# P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) L% t" k3 y1 D X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 Y3 d% A/ w0 T B$ O6 X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' j2 ?/ @$ C2 W5 e0 y- x
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]# o* y4 i: `. Q, c! U
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* Z- `7 X7 ]2 O* N1 J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 V& y( ]- C) V* k7 @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ B6 Q/ G9 z% ~: X: n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" k6 I5 R% X- b/ r
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]8 F6 f# [9 a# E5 g
==================================0 ]( p4 |7 z$ F1 s
文件关联
7 q# D# i; E8 c# k G. x1 n
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]" S0 o, E/ H$ X
.EXE OK. ["%1" %*]
/ o" p. ]" v4 F1 Z: @7 Q; c
.COM OK. ["%1" %*]% U% H; E8 n: `/ u3 p. {: h
.PIF OK. ["%1" %*]) z; O* H$ s2 F4 A9 I
.REG OK. [regedit.exe "%1"]: z& g% q: ^' q& A
.BAT OK. ["%1" %*]
, c' W5 G3 U, r4 A' z5 L, Y
.SCR OK. ["%1" /S]. ?/ C u$ q' N- s
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
* _+ u3 J; B5 Y8 K
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
2 e, d1 a6 l: {0 u
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
4 D5 @- l- d4 M3 \6 A
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
5 u( J8 F( Y) p5 e8 f$ a
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]0 j- \. {. H6 m" O- l$ `/ M
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
4 Z* _4 h' v5 i; ^3 R
.LNK OK. [{00021401-0000-0000-C000-000000000046}]7 q: f& M3 c& c3 U
==================================
' R, ^% V) g; x2 @
Winsock 提供者
1 \/ _( K3 A$ c; b
N/A% k6 j& V) ?8 `: X0 S
==================================
$ X1 o/ N) h. b1 A0 ~
Autorun.inf
, ?/ `9 l6 U# K/ r$ _
N/A
7 N+ I3 u! F2 Y" P
==================================
6 ^# y8 |$ C/ l& V% G
HOSTS 文件% l5 H, ?3 t, q! R) k
N/A+ s% W# M! w G4 m+ g
==================================
; u2 V. @7 z- Q* {! S
进程特权扫描1 |3 R, ?: r; R" I
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]6 Q* K4 P1 y9 v2 m; J3 n( K+ v$ a! U* h
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
1 C- ?- E0 {" i! P" d5 h' _' p
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]$ y S* X( b/ |! Z+ K
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
' e) ]7 g9 O' }* i. {1 j/ i- e1 z5 ]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]4 c5 o" ]3 |% H9 U4 j" e7 q1 M
==================================0 U* _+ t2 D# X2 b6 c5 Q, A
API HOOK$ t, F- h1 }# z ?
N/A. Q6 R% l& d" f# `0 q
==================================
4 H5 r) I$ w$ [9 ]3 d
隐藏进程
' | {) O- h2 M# D( |8 J+ b) B
N/A
D4 c* O6 U, W, p
==================================/ M, w B& p! B) a/ B
( Z- }/ z5 n: ?' }

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115