|
|
0 Z9 G/ L5 R- Q, F, p7 V" \- 2008-05-22,20:37:43: G3 ^1 F. C- k- V ~$ Q2 T
- System Repair Engineer 2.5.16.900 {, m' f) K' P
- Smallfrogs (http://www.KZTechs.com)4 {& } ^: n, U5 \! |1 a+ O: e
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
8 a& Q0 ~ T9 p) n/ z/ f; F9 ` - 以下内容被选中:
! N( o0 r3 S! Q. g- d* q' C - 所有的启动项目(包括注册表、启动文件夹、服务等)
6 V7 L" ?! [% Z; P8 q" E i5 h- X - 浏览器加载项& u: Z0 q$ E7 }# @% }4 Y$ W$ ?
- 正在运行的进程(包括进程模块信息)0 d* j Q/ Q' ]8 b" A6 N X2 V
- 文件关联
; T3 P. q1 R* J- n2 _! K - Winsock 提供者
$ ?% P- `& U% R - Autorun.inf
" {8 {/ Y; p6 ^9 w* }# N: r2 u5 Y7 K - HOSTS 文件
" {/ A- E& g) j - 进程特权扫描8 h1 u; C5 d9 L; K- k3 d
- * ~% E8 O& t! l, ~' s/ x
- 启动项目
$ ^+ Y2 |0 o$ s - 注册表) T1 q6 T' v: w! `6 U- t k7 s) [
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [) D/ ~2 ?1 U8 \8 j4 ?' D, v
- <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]% [% [4 G8 k9 d0 T: e
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]3 j8 H5 }: Y- j. g& s
- <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
& E9 C' N5 v3 G - <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]0 \, C( _- M1 @1 E: V7 e3 R
- <360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
# Y, l6 n0 M" T: U& D9 |( N - <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
7 [) o: b( R2 L( \/ L/ g) [ - <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]4 _8 o4 c5 d% H! C% u- M
- <PHIME2002A><; > [N/A]
: r! u3 a- `! u- j/ D/ }6 W2 @* q - <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
% S) s2 o1 `$ ?( l% b7 r2 x - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
' K' }. m- z4 U6 `; c: T- A% L% f3 N - <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]# p1 O6 t! _* J0 i: m, R4 h
- <Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
& L4 O1 c. H3 K. F' d0 r- m# B - <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]9 f7 q! F) |3 ^
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
) }. P, N+ e+ u( c9 b- B - <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
1 m- w( L2 h6 h - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
% I8 [- a; L- M8 I! H% a - <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
5 n0 |3 l8 ]1 G4 w( c( ^1 z; `3 d - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
x6 t8 Z7 [0 d7 y- k0 r4 {: \) X - <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
$ F, m e& W7 d/ v( I - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]) t9 ^1 X3 M7 O* q/ S j% s
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]- _7 [+ J! K) W7 R
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
y) r7 Y$ |1 F- M7 S& J0 ] - <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
, }! c: @, L# j4 W/ ~% c/ b - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]* k: s* L4 S* `2 a4 G. {+ U
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
. H! f% ^3 y" ~. G - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
, f- m, |8 Z8 O! y0 i) H& O" | - <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
4 g: y2 M) N, X5 R/ O( k - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]' N0 a4 X# h& ?) t$ s5 M1 i
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] l& X0 o, c0 R3 J
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]# D2 D5 K3 D2 i1 O. W0 ^
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
! _6 Q8 i& x+ W8 [* p - ==================================7 R" P/ {' g1 {2 o6 i
- 启动文件夹
; y% e: `2 B& i2 l: p4 u - N/A7 [7 v* O4 I7 w: G8 s
- ==================================( u3 k4 B+ p6 l l
- 服务
# e: K/ k& g8 b v! [& G - [3ware Controller Service / 3wareSrv][Stopped/Auto Start]* \4 I3 n) ?* ?# p" H
- <C:\WINDOWS\System32\3wareSrv.exe><N/A>1 c: D* `' o+ c; B1 b1 O; h- h
- [Google Updater Service / gusvc][Stopped/Manual Start]: R: u- |) q) M: `2 _! v
- <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>) J; f9 {, |$ t/ i1 L5 D9 d3 `
- [Help and Support / helpsvc][Stopped/Disabled]2 c7 O3 K3 Z; t% ~' J! p% O) x
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
+ Z: t I' I. B8 O6 t+ {+ [. t: y - [Human Interface Device Access / HidServ][Stopped/Boot Start]/ g" _! }0 h, s( \% T: D
- <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
( T' |$ r) `4 S5 | - [Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
1 @! _- ~& J( S- E7 P1 b- m - <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>, @ e5 i$ c1 h( |/ v9 j* @
- [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
( x! y! X: ]2 N1 w W& o - <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>. X2 ^8 Z M: u/ n/ @
- [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]. p' C8 G, d9 T' u; J6 U
- <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>5 P$ ]: D8 h/ Y( G
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]& G0 M9 i0 b* B+ A
- <><N/A>
4 F6 L% U x1 D9 q% u% w% r- x. D - [Qvod Terminal / Qvod Terminal][Running/Auto Start]
7 @: E+ ?+ g* z* n - <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
# Y' e, y8 V3 @* C/ X z - ==================================
& V* ~# k1 ^* }/ b$ }( {: E v) j - 驱动程序
! f+ S' R$ f, \+ G/ O6 p% F3 w - [22j / 22jn][Stopped/Boot Start]
8 B( {, G6 U: C$ U) u* e - <\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
9 P U. n6 `) B' o* d; ~- w: ?$ @) E - [360AntiArp / 360AntiArp][Running/System Start]: v/ b* O' N( U) z5 O. f* F
- <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>! C+ `$ `( G. N* z& _4 H. O
- [43ec / 43ecu][Stopped/Boot Start]
) V( R1 _4 k* |! b! W+ Y& R* Y - <\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
$ M4 K/ C7 v/ k - [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]7 ^) q6 \& e+ K( c- D4 x* p7 |2 s
- <system32\drivers\ac97intc.sys><Intel Corporation>3 Q/ a% |8 _6 H
- [Promise driver accelerator / bb-run][Running/Boot Start]
+ ]* [, d$ Z/ ]3 j - <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
" p: c0 s$ J! g* O8 t" V) g - [Promise Removable Disk Control Driver / dontgo][Running/Boot Start]" R* s/ v7 l6 C1 }; m# X
- <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
; c x- L! ]' s5 I; R - [KAVBase / KAVBase][Running/Auto Start]
% Q4 B' T. b* ~1 ` - <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
# c5 ^! H: B9 l9 K - [KAVBootC / KAVBootC][Running/Boot Start]) U; y4 q. l9 G' S o C5 L
- <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>" `( d$ K1 F3 q! ~( Q6 d7 B
- [KAVSafe / KAVSafe][Running/Auto Start]2 D# }3 N4 o; c5 T! D
- <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
1 N3 A3 R( n3 o# | J, ^& r - [KNetWch / KNetWch][Running/System Start]
Y1 }! t1 }/ q n - <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
7 J5 p4 m6 l( f4 h- L - [KWatch3 / KWatch3][Running/Auto Start]
' {6 K$ F l% G s4 m - <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
0 j! s" A' d' Z* @, s6 q2 O - [ntptdb / ntptdb][Stopped/Auto Start]; C C g: Q# n9 O0 m* j: x
- <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
% s* s$ Z+ C" y7 {& { - [nv / nv][Running/Manual Start]
. p3 D% ]9 [0 s/ {* ]+ w - <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
4 H# T8 m ~' e v7 Z& t) s - [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]0 N' ~: g) b% K" v
- <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>1 Y, `0 y% p1 k$ \3 T K1 L$ t
- [DDK PACKET Protocol / Packet][Running/Manual Start]* T2 {' X+ h2 r$ m8 R! {/ ?2 O
- <system32\DRIVERS\ProtoDrv.sys><360安全中心>
$ m( F7 s1 r: T: f6 u - [pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
! t6 M! c, a6 M! a# w7 M - <\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
: a% x9 N$ ?- V* V' W$ y" q - [Direct Parallel Link Driver / Ptilink][Running/Manual Start]! x2 }5 b. p& M0 u# l
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>6 y1 X) _' ^0 h5 G( ?
- [RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]. S. D2 l8 a# y/ ?( g
- <\SystemRoot\system32\drivers\RsBoot.sys><N/A>
5 X0 D! {0 i z/ ?, F/ } - [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
- `. o8 p" k( j7 V* l1 z - <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>5 w l6 b: b4 Y$ k# g
- [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
9 r7 z/ ?% R& a - <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>, \4 ~) R, w- D( p
- [Secdrv / Secdrv][Stopped/Manual Start]+ ^: g8 Y1 X5 o' m
- <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
3 w9 C; g$ _0 I3 I1 y+ i - [SATALink External Device Filter / SiRemFil][Running/Boot Start]
8 { V+ U# F% x3 j0 @7 R - <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
$ x! O3 E- N* i+ @' { - [System Restore Filter Driver / sr][Stopped/Disabled]4 W. `3 a. x$ O$ {0 o, a
- <system32\DRIVERS\sr.sys><N/A>
9 m3 D: P, i. C2 r - [TesSafe / TesSafe][Stopped/Manual Start]
' Q2 k+ H5 F: T7 K% W1 Z1 B3 X - <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>: r |- F+ Z/ e
- [System Services / unzxzsrs][Stopped/Boot Start]
L$ n( B) k r+ Q - <\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>6 q; |2 N9 ?6 j8 a6 y
- [ViBus / ViBus][Stopped/Boot Start]) E& `: K. p$ c7 }
- <\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
- o6 t$ d$ L. x1 e6 Z2 |+ G - [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
) f3 @2 m) P/ P$ S - <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
" k4 M+ I J* [; h% }, d& y% } - [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
% i- Z/ h1 x4 N. _ r - <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
' b4 O5 F- i: _6 C - [ATI Extend / zhibmaso][Stopped/Boot Start]: i) m8 z. I1 j
- <\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
- ^& @; P7 {7 X2 k' M" i - [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]- p: U8 t! ]( w7 o$ N
- <System32\Drivers\usbVM31b.sys><Vimicro Corporation>" |$ a& l% `; |# K6 y% v/ r1 F' c
- ==================================# i) H* u( C- ]0 y
- 浏览器加载项5 e, {+ f( x8 W" v0 a4 ~6 ?8 h
- [Google Toolbar Helper]
! _6 V( o/ P2 E' @0 t; i - {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
' X; b; m& b, v% S' K - [Google Toolbar Notifier BHO]
* ~4 g$ [- \) Q7 I* _ - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
+ I1 W. U# S7 ] - [SafeMon Class]# d8 c/ K; \8 ]+ S. T D
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>. C2 }& @" s0 W! ?' p0 q2 O
- [kingsoft browser shield]
, l9 T. L0 ^$ C - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>5 m/ o9 k& ^4 l
- [IEBuddyExtControl Class]) n( b% t4 y5 b& y( Z
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>4 Q2 q5 u5 Y* f* `0 Y
- [Zcom 杂志]
1 m! G( x% D3 x% T' v - {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A> T# ~( w5 H9 I( ]$ e& {2 J4 o
- [&Google]4 ? N( T, z; E& m$ g& t% k. E
- {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 r: u+ P' ^: w( Z
- [KooPlayer Control]' X( \4 r& f3 _4 [3 g) t, g5 ~) ?
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>" w2 H. B9 r- Q6 `* F" x$ A
- [Shockwave Flash Object]
6 P, }" j* ?; ^! P/ I9 e. |/ C( A - {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>1 \+ h6 c! \0 k: w. r0 ~
- [KUpdateObj2 Class]
# H% F) F, h" n' g - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>; W0 c# l$ A% h& K" x1 M
- [Google Script Object]$ ^! e' S; H/ x+ }8 d0 e7 l5 R
- {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>& O# f& }! S; `8 H0 e; Y0 {
- [EWA Control]
5 H H, y0 y. a0 W - {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
/ k2 l* Y& W3 K$ [ - [Windows Media Player]
: ] R7 L& `( Y* e6 h d0 g - {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
' [/ S3 |0 L" k - [&Google]
! e; P5 i$ Y) z x% J) m( _ - {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
/ `5 [$ n2 N5 ]9 S, y% W - [HTML Document]2 g8 R$ Y& Y0 k' f( ^5 R- e' |
- {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
- z; r0 T# l p* Q4 i9 ? - [DHTML Edit Control Safe for Scripting for IE5]; I8 Q& e9 w& ~- A/ s3 j/ K3 q/ x
- {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
, | |+ H, {; s2 _$ _ - [RealPlayer RAM Download Handler]$ l# ?4 a) l* Z9 F, ]
- {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>) |2 D+ w( D. H4 t3 s) ~6 L
- [IEBuddyExtControl Class]( s) ~, S% @' k. X4 f. ?
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>. }% F( ~6 N$ f6 b. r8 N' y+ x; j
- [XML Document]5 }& U' J9 G1 o' G, j+ n, W4 _
- {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
5 L% m! D" Z T, C* l5 ?* \3 S - [HHCtrl Object]
5 Q' r& ~3 g! {3 a. a& L; _ - {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
) B+ G: @( P' @5 H3 ^3 m9 t - [Windows Media Player]% @! ^& h2 I0 D
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! }/ ^$ e( e0 x" e6 _
- [Active Desktop Mover]
6 z3 V, {9 {, e) p& p: P6 v. M/ j: n. ] - {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
8 H. } j, [3 d( Q. f) t7 u, G - [360SafeLive]4 m3 W- U A; P' M3 V
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
* [( [; C+ c- z" ]: g, \ - [Microsoft Web 浏览器]; V" s4 c" e1 b2 j# C- K! t7 G
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
7 }' o+ I$ T( t$ y - [Browser Enhanced Objects]/ A8 l" J" j7 k9 \6 l
- {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
% F# j- j; d; G) q2 h - [Google Toolbar Helper]
2 k1 F3 ~% S: H! {: C - {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>4 y. \" x0 i& j- O9 ^
- [Microsoft Scriptlet Component]
/ {; R: B' j; g - {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>5 F7 h* c# g6 s
- [Google Toolbar Notifier BHO]
+ y, f& Y' W8 @2 ?/ F1 v: v - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
$ b9 k6 N* `5 l" V. G% L( t - [SearchAssistantOC]
- ]* Z, O# M* Q' |0 K' j! _ - {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>+ l5 |0 T, q! D
- [SafeMon Class]
; P3 \# R9 q) m' q- O4 S' a. b - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
, _+ c* U0 d5 e% V* q2 r. n0 P/ F - [RDS.DataSpace]
! r# D) x7 Q2 @* _6 U. C" T. q - {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
! D- k7 r( |. J1 p' [ - [KooPlayer Control]
( q5 j- N' j! e% N7 S6 {" d7 S - {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>! v+ c( w; d& J+ P, d; E
- [AUDIO__MID Moniker Class]6 { n5 O( E; ]2 w5 I3 e
- {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
5 H8 j# e2 |" z$ @ - [AUDIO__MP3 Moniker Class]
6 Y+ c- a5 p( q, t' V' F: x - {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>4 f8 }/ K6 S) Y+ ]
- [AUDIO__X_MS_WMA Moniker Class]
& y# H; J3 J: y q; K/ ~$ @/ \ - {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
3 G$ h( i0 _0 y - [VIDEO__X_MS_WMV Moniker Class]
2 l) {+ D2 z# ~ - {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' D5 N9 o/ ^1 w2 ]/ F( E3 Q - [RealPlayer G2 Control], Q$ x1 W1 u9 u1 ?( l. Z
- {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>& K G. R) n2 B/ [: W
- [Shockwave Flash Object]
$ D2 B U$ h- v# }& |/ B( n - {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
( c$ k! j* s4 X& w3 S - [KUpdateObj2 Class]
6 t" I' M( R2 w6 h( |8 }$ R% g - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
3 A& q- w, B7 V2 @3 s - [kingsoft browser shield]
0 v: T$ c8 Q) d# f% Y- d- | C - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
- G# Y4 |+ a# t M; M3 M - [PasswordEditCtrl Class]; m, I' E+ Q0 y/ I0 N) O
- {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>6 W# `% r& l1 A! K9 Q( E
- [QvodCtrl Class], W* q+ I# `+ G' ]% P7 \! q
- {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
) p* z" z" }% B* P8 r - [&使用超级旋风下载]
8 _7 l% ]; B3 H - <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>- x2 f7 D, s& B
- [&使用超级旋风下载全部链接]
4 c! s+ W& v* s4 k - <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>8 u, q6 ~; | @% Y1 c4 P
- [使用迅雷下载]
/ h' h) P; S& }* T% e' r - <, N/A># ] y' j* E, U: Y* ]2 G
- [使用迅雷下载全部链接]
" [/ k) d$ \* X0 I - <, N/A>" @( b6 d0 _5 s( |( x H
- [导出到 Microsoft Office Excel(&X)]5 ], m* ~/ ~! ~0 y6 Q
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>0 w" b4 V! B. ^" I
- [添加到QQ表情]
% \' |7 V& W- E - <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
, c, Y- Q/ @( Y& j - ==================================
+ Z/ A# U i0 `, X( z4 [8 Q& `0 F - 正在运行的进程
# P; M( \6 d9 q' r - [PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- O# V% O, {- }8 w - [PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 i0 p* e, m1 Z+ M7 O9 G" ?; @
- [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ |; C1 `" a' S
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]" T3 G8 r. L7 N: x4 C9 g& Z) R. ~
- [PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 b, n X- e( M) O+ K# P. K
- [PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! F, `6 U6 `2 H
- [PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# C5 D! j3 v* j4 e- I - [PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# p* r- J* D9 J- d1 f
- [PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) W9 N- B" w% M V
- [PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; q! [9 F; a6 v! N - [PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. @) S, k7 P) k+ ?
- [PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]; c7 ?& }5 F$ V. p
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]- g7 W0 i$ }8 ]2 H! r! A
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]9 e! s& L7 f; ]8 Y, I
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]5 V) U, W3 C; A
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- I3 M5 F6 g0 _# U# i! i( }: ~ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
# q0 e7 Q. [8 E1 k4 M: c% N1 q5 c - [C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
, F0 Z% j" J' n: d3 \ - [C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
5 L1 T z0 u/ e: @ - [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
' ?4 e. H* h5 n - [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]# A, B5 Y9 s; W0 v5 O
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 s8 l1 y' a# V4 u - [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]: q' R1 f! q/ j% Z% [" ~4 w
- [PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]( P$ Q# F6 s8 c* h( b; d% |
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
+ A7 D- V7 Z. v: z0 Y. o# G7 k - [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]1 r. B8 B1 r5 Y( j5 k
- [PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
+ N. n* [9 x) ], v; `) o - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% l* k+ Q! }% a' F$ S4 O+ v: } - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 m( R# d# M! i. j - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
& [/ i. x' P# A3 @% A8 Y - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# ~$ Z' E3 U/ |. {3 M3 W7 Z
- [PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! C# F& a7 B8 J q' {
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ F8 H" N9 \8 J7 w0 w7 f - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: b0 N+ o/ f# }$ N! K& U - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 ?- a4 ^+ F% {$ M! T6 T% k - [PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]+ V6 I# u1 o; r: c5 e
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]! U& x( y2 R0 _, f! V. Q% L1 S
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
* c& E7 R6 c7 n. W' J8 `, e - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
8 h" N0 _6 P4 b) h$ @; v - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
0 u w1 E1 o, [ - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
9 R3 T! t$ e$ c - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) \/ s; h( c8 [. G" h
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 I4 a& A- C( b/ V6 o - [PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" a9 m4 W2 W- r5 Q" G* G
- [PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
2 c3 m6 _4 e. L9 L; u' Z; X - [PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) l$ h& H6 ^1 e6 S - [PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
^+ Q6 Z- R( [% X - [PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
6 n& m" [, L `9 K( B+ [$ ~3 k - [PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]4 i( q9 u! N7 u8 u
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], T+ @: y0 ^- B, K' L1 R& D
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" E& b% B! h" L1 Y' U/ x, K$ n
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
N. i1 x2 y: p - [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]- J' ]2 P2 T5 H) x2 W+ |
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]; ]9 S. \! A+ r, }; v" d
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
) C0 X! `2 T) w2 H - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
1 k \: K% d4 V8 Z; {- i0 v# y1 S - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
: o9 _4 Y* T$ k - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
% x7 F; ~* f) a$ e. w - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]4 u& |; a& |* r8 q8 R) O
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]2 Q5 M! c0 `6 j
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]+ w& Y! q1 D6 J2 }5 l+ V8 e) Z, S
- [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]" w0 F0 t+ v( A7 p- w& ? ]" k: e
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
4 _5 w. ^/ I5 y }: q - [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 U! u$ n7 H" a: L) g
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]% j7 U/ F( {" r) z& w# I9 O
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]3 B2 n) Y. B# g4 M
- [C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
* k M) P$ }2 r+ t7 A - [C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
3 g0 }7 u: E8 ] - [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]1 k$ v- L( x& x; o4 c* P% ^* x- n
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
9 a3 _; x9 K' A - [PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]/ u0 n- _7 S% z6 X* ~. I
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]! L6 l+ G1 C/ C
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 o6 F1 m j% i% \. C4 P - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 Q% Y; v1 B$ W; v - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" Q) J3 C4 k; K& U1 k - [PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]% g; g* u+ y) I( y! s: Z- s
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 \0 m7 V2 G4 A/ s - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 s1 W, X) f2 V: T( E - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 p* B9 j |2 C/ t/ X* L - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- |8 |: L' u5 H7 V+ Y - [F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]: ]& W, r4 J7 _# q- `* v6 K5 M
- [PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]% {2 \9 _4 H) d3 x H, z
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 P4 C9 _& p* r1 O9 f - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 _. t0 |" x( R7 X' X& l - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 v0 R5 [$ N* E" @# H
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 _' [( R' M3 A9 p
- [PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]. v. ?; o( c. f
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# }# a! z: ^0 j! D5 E
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) Y/ {8 e- z& ~7 l - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 R6 l1 e7 a: v8 Q0 Q
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 V2 x" f3 b3 P& N2 S/ y4 |
- [d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]% |. D9 c7 i# l7 Q, v( j" p" Z/ K1 J
- ==================================
( x% a1 Z' ?: c% y; n% ] - 文件关联
" p, @3 r- F, v$ d - .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
5 m! h _" b# l' R8 q/ Z1 v5 I - .EXE OK. ["%1" %*]
, @( }& r8 [& n. g - .COM OK. ["%1" %*]
9 m8 \" F; }" M7 m* Y- W& J - .PIF OK. ["%1" %*]
; s8 D4 }4 l4 P1 f" g - .REG OK. [regedit.exe "%1"]" D% n9 [) P* }/ a. ^5 t
- .BAT OK. ["%1" %*]
& i; }7 m+ W8 b9 Q' P6 w- X0 R8 v - .SCR OK. ["%1" /S]
% C2 r4 d" D* ]& ]3 E- f - .CHM OK. ["C:\WINDOWS\hh.exe" %1]
, j8 z3 k/ d% [* L - .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
( h5 Y; g, V7 d! N! W- C - .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
0 x7 {. B+ n9 w4 }( h, F - .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
% R, m! t: a4 s2 O, E - .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
4 d$ n c, D. k4 X. J - .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]. Z4 J: q" ?+ O5 B' g
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]. z9 c6 `. H* b g# h% C# z# L
- ==================================
5 {5 y" K. @5 K, c: |+ {5 h7 M - Winsock 提供者& b/ u' Y5 b/ Q6 x/ g
- N/A
. ?4 r+ ]; H; r' V) x) z" n - ==================================, z* ]: u9 O! ~ i7 i* N
- Autorun.inf: e X( {0 ?/ k* e( k7 V
- N/A
0 T, c+ g& k/ K% N - ==================================
7 L1 p: H. j# a% c- u0 M, D7 m - HOSTS 文件! a L% _7 n3 Y+ o B) @* v; s
- N/A+ f2 _( a* _* L
- ==================================: S v! c# e" G% n+ v/ X5 J! [
- 进程特权扫描
3 V5 {7 M3 t) K8 u# C+ a0 b8 S - 特殊特权被允许: SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]) e. Q; d$ L* j# U1 a' e6 x, T
- 特殊特权被允许: SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]0 t2 `; Y5 t$ r1 B6 I/ Y5 `0 n* l) A3 i( C
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]3 M+ y" l. J' Z3 C8 K
- 特殊特权被允许: SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
* \8 g- `) I: G - 特殊特权被允许: SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
! f) G, U u$ J9 I - ==================================9 a6 ~; Q/ _0 c" o3 n1 B( a
- API HOOK
& s. c" @2 ]6 s3 c% ]# ^ - N/A
9 b# S+ z' |7 P# {; M - ================================== I2 O$ V; a. Z& p: |
- 隐藏进程
" ?0 v, S% _9 O1 t; Z8 R% ~ - N/A6 t: X9 J/ G0 q' ^( l7 j
- ==================================5 t4 {( F" N) E1 d7 L( H! u
- 2 K( n: D* I8 w+ z# r! p# h
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
