在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

& g+ l+ i/ Q5 E( ? h9 D5 r
2008-05-22,20:37:437 f1 s/ j) [; D
System Repair Engineer 2.5.16.900
2 T; s. p. s! ]
Smallfrogs (http://www.KZTechs.com)
" G0 X0 p3 J0 r8 }
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能* g0 j0 m, Y3 Z: v& y
以下内容被选中：
, {2 ]# D5 `6 Z4 }/ \5 h
所有的启动项目（包括注册表、启动文件夹、服务等）
& ~( {" R. X& _% ?4 d# p
浏览器加载项9 k$ a Z- l# j% e. u
正在运行的进程（包括进程模块信息）( `* m. T* t; i' H
文件关联
7 q4 x+ z" ?8 i
Winsock 提供者
: F- y# Y; Y4 C& X4 C
Autorun.inf
5 w/ ]5 H0 J$ |; G. E
HOSTS 文件
! _; J* c: b& r( Q- M
进程特权扫描
+ y: P+ s& b" T8 ?$ V9 ?
7 h3 G& @) A T. _: @8 b
启动项目
+ Q) v: Y; k- D6 W9 p
注册表
8 H8 \ h, s; _% ]- v: A3 I
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]: n4 q/ G: q& w5 I2 {3 R
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
- M4 V [5 i9 m# r2 A
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
! |* b# z2 h$ v u( B# n* \, p
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
# q1 q {5 x9 Z Q
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
$ Q& F+ G- c |( z
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
- K5 `+ q0 c% L* Z( @; }
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]# z5 p- [6 f( T. C% T' K h5 g
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]/ J# C- o% C9 X8 v4 G
<PHIME2002A><; > [N/A]
( {$ ?% P) D8 j8 q! P
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
' F; h; R' o$ ]& C: b
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
0 j3 F; r! \. v/ K+ M' V
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]6 F- y* j* ^3 ~
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
( D5 I8 h5 R6 x
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]' ]0 k2 M6 @: c9 T8 l y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]! A2 T+ |% V: k4 \
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]4 h; U+ Q4 o' i
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]7 Q {5 e1 G- o- J( X" O: X
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]+ X- m: g2 t4 u. Q2 j
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
% F/ h: A' w9 q ?2 p* o, Q% g
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
* h! B6 P, \' M! m9 X9 g" @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]9 X' `# }5 F. g) l' w- L
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]+ G. W9 r* ]# o* _. R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]7 L4 W" O- ~% P6 T9 r
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]% u# \, D/ n" E1 x# U1 o* \- X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]' y. K Q, l9 n
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]4 F) i: y- x2 X' u2 c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
3 H- d; Q( y8 [4 ?! |5 }6 v! v+ ]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]0 {8 B. q- m' Y+ Z6 a; b3 D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
1 c$ I2 r+ E% y" Y+ Y; {
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]0 c0 ?8 A* \, t- @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]; F9 G( l+ d% A3 t7 M" c; t
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]* U: w$ `0 O1 \
==================================' C) H8 |4 n/ i0 E/ a
启动文件夹4 d1 j5 p9 N6 H/ c" ?$ W- o: E
N/A
! i& [. i) j4 u5 C8 F; F; o
==================================' H$ g% m, k; A+ T$ X' S
服务
# E. s2 R$ b7 O, R5 y0 X/ ?
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
; `4 z4 v' r$ l
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
0 H \! t; l6 S0 Y0 e* ~3 U
[Google Updater Service / gusvc][Stopped/Manual Start]
) K1 m, m$ Q; t7 o" e3 J1 Z
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
6 ?7 g4 A& q. L* @) t( L1 G
[Help and Support / helpsvc][Stopped/Disabled]
6 C( {8 T7 i" [, N6 J4 C% G. v# R. [
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
* A1 Q& q4 n. I- z2 y& G: v
[Human Interface Device Access / HidServ][Stopped/Boot Start]2 R; x5 n& v/ i+ Q; }3 [
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
# C8 s6 `1 m' f
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
; D% E, l$ \9 r9 L
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>9 w0 _! J1 Q5 i) i3 ]
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
& p5 l; D" v* _8 f0 c
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
! q6 i" j+ G/ V& \
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]5 W% ?% |! C( d3 g5 I8 p4 P/ ?0 T, p
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
, d. }2 B+ D, d& t V" a
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start], y$ `* a% J% q4 D3 S
<><N/A>$ d- B& e6 T6 J" D7 f, _$ E8 f
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
% z8 C1 a7 t# k8 m( O
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>/ }& T) u4 c) S
==================================% _5 Y. M/ l: l2 a
驱动程序
6 N! e$ j {, x4 D" R4 c5 s6 n# H
[22j / 22jn][Stopped/Boot Start]; a" F% s9 B8 x4 X% f! b# r7 W9 d
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
& L0 g) u3 f- r
[360AntiArp / 360AntiArp][Running/System Start]
$ D1 ?- P, p, ^: I2 Y4 j" a) Z" B
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
# d* I* T9 r4 n5 ]( q
[43ec / 43ecu][Stopped/Boot Start]0 o/ t4 e Y2 g* O) }3 y; A! F& [
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
0 [, Y" M+ q$ X3 A0 V y& J- u
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]# ~ s2 Q2 Q8 l" O: K, C
<system32\drivers\ac97intc.sys><Intel Corporation>: _! W6 J6 q& G) W* B# C" M
[Promise driver accelerator / bb-run][Running/Boot Start]0 n) w N& ?! ~: X2 d( p
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
2 t- H" v( p% w- E' m
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]) Z' b9 ^: J' b/ n m& X# {# L
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
/ @7 k5 w: ]" D: s
[KAVBase / KAVBase][Running/Auto Start]( D' Q; Z0 \( r- l+ w
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
6 x. b( p, ^( ?, }3 b
[KAVBootC / KAVBootC][Running/Boot Start]
6 W. }6 D5 ?9 V; }" N
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
- R$ J9 H# ^/ _' A
[KAVSafe / KAVSafe][Running/Auto Start]! ~0 ~$ K+ L6 R. |
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
+ o! m+ w- w1 c; s' w" p
[KNetWch / KNetWch][Running/System Start]/ y5 W0 ?$ u. c# E" e3 m8 a7 a/ }3 O
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>0 F! e5 A3 q/ w! o& b) i# h
[KWatch3 / KWatch3][Running/Auto Start]9 r& k% \& w8 }/ Q2 l9 F1 l$ f) d
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
6 G. S `# p2 g& Y& x0 k
[ntptdb / ntptdb][Stopped/Auto Start]
9 [1 r2 v) z. W- z. f# S/ ]
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>8 X' K& F' [. z- l/ G* x
[nv / nv][Running/Manual Start]
" a% q3 n% c4 @3 M* K
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
5 U9 m( x b0 \9 ^6 T" h8 o7 ]* j
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]5 n* K5 f. p: {' ]5 u' @& ~* y+ \* r
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>( u' P7 B; C9 ~) B; j5 M
[DDK PACKET Protocol / Packet][Running/Manual Start]
( W- P4 u0 z0 D( o8 m
<system32\DRIVERS\ProtoDrv.sys><360安全中心>+ i: L5 T. C @% t. {
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]4 n, v" q0 {9 Y7 g
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
V; r5 L: N' ?% W; z6 z. x
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
1 C0 u% Q% G' h. R& |2 p, p% L
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
; ?$ y! N* L; W2 Z7 T7 o
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
7 L& i2 `4 K! }- x. j0 X
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
3 ?- h5 M: R2 F4 B/ ]( i G8 N
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]" x: K$ V. n% ~5 B0 B( i
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
; Y3 f- G- g" A; V5 N, f# [
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
! \4 G+ `+ {, y3 p8 O& ^ n; F
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
' Z' D, G* U- _% t+ D ~) h5 B
[Secdrv / Secdrv][Stopped/Manual Start]
& X2 }+ i/ W3 t/ [9 A( Z: Q
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>0 X4 [1 B- [) [; |2 b0 d8 N7 F" p
[SATALink External Device Filter / SiRemFil][Running/Boot Start]. E* j& v6 o+ n9 L8 \
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
+ D+ T0 w, I1 }! [- e- n! M' ~6 t
[System Restore Filter Driver / sr][Stopped/Disabled]9 ?0 K d/ w3 ~+ q
<system32\DRIVERS\sr.sys><N/A>! K: v0 [( z' S1 c9 k4 Q
[TesSafe / TesSafe][Stopped/Manual Start]
/ N* V U; b6 H/ Y+ E
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
( W# U3 {: y$ J% |9 a
[System Services / unzxzsrs][Stopped/Boot Start]
0 h$ ^# k+ {8 }) t- F9 m5 w
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>0 ]& Z$ W% w( a0 F0 o' L8 l
[ViBus / ViBus][Stopped/Boot Start]
8 O( v' [% R0 R9 l/ x* m
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
8 r" f( u* y# R: y; t; H
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]' q. A }+ s. Y+ W8 U6 J
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>2 }% n' ]+ T* c$ X3 ~
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
0 L7 I: a' |! A t) p, M! {
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
2 Z: n+ z2 P7 [$ r# I
[ATI Extend / zhibmaso][Stopped/Boot Start]2 F! }( c6 j1 e( T" L& x
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
9 Z; n) |5 P: f2 D; s! {4 |/ [! m5 D
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
: A! y* F# w/ j% n# g# ?( A& @* b: v0 a
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
9 M7 z/ I+ I/ t9 Z2 ]6 X
==================================3 c1 l1 V# l* \8 `& p+ y
浏览器加载项" o, e8 N7 C% `+ e: b
[Google Toolbar Helper]
# |& w& [1 p1 E9 K. Q1 Y" X
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
1 ^7 y+ s3 }& l) w7 u ^. Q6 Z& Z
[Google Toolbar Notifier BHO]
" C2 [8 X1 u+ V3 t2 h3 F
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>" Z0 L& C( |- S/ r0 J* T
[SafeMon Class]' u# x+ S; O" g1 u0 E
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
/ i: e. u0 e5 u6 [; f/ t% M
[kingsoft browser shield]
: E! [5 V. P3 ^" a+ O4 [. [
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>& u& C) P% f: T! b, z5 }
[IEBuddyExtControl Class]
7 M: i+ p) |8 z: L! V- b% g: I+ Q
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>9 @" i' X- D1 W: j
[Zcom 杂志]
) s! W7 p# U" F
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>, ^- B7 w4 D1 s6 i" K* ]
[&Google]
/ i- p) ~% ?0 K2 h
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
0 d+ R- @ ]0 N" j
[KooPlayer Control]: m$ T2 ?( f8 V \: o' i
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>2 Y" ~) w* L$ E; G+ @: x, W/ A
[Shockwave Flash Object]
: _2 L. y: Y5 y; p1 R
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
+ P( Z; a9 T0 O* i7 a
[KUpdateObj2 Class]
6 Y" ]+ h, I6 x/ U
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
2 D# V: Y2 i F3 |
[Google Script Object]$ a% h" P# B8 y2 x: M( k5 w+ D
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 v0 D6 R6 T+ f; b/ Y: W
[EWA Control]7 Y& A+ W7 @% U0 ]; F
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
" }; O- Y. Z' a# Y2 e! E
[Windows Media Player] V( ^5 X1 n4 s% }0 l+ F
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
7 o7 l. ]& a+ [6 X- ~
[&Google]
: n% k# M! h' w) U, p& n |& ^
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
$ X. {) E) R3 z E
[HTML Document]
3 ]" E! J0 k9 J' U. }& C3 y
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>+ D/ ]$ z6 X! [& t2 o; x
[DHTML Edit Control Safe for Scripting for IE5]; W! B" G' x; T9 G8 Z
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
7 @* n7 i) ~2 H f
[RealPlayer RAM Download Handler]
9 n6 n! b. H% t+ x& }" `
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>4 F4 X5 F, p! E; F; l8 e
[IEBuddyExtControl Class]0 w/ V' s! d1 m+ H4 ] j
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
. z% f o! O$ e( a
[XML Document]
' b! O. {! k2 q& u3 U2 j9 r
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
% z, v5 d* F7 Y( k) r }4 [% N; j7 |
[HHCtrl Object]+ S9 h7 P+ c" m( j( \
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
# l/ `% |; E* o4 z$ L- m
[Windows Media Player]
0 E G2 }' f) t) q. s
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>+ j* `, y6 Q/ o+ _8 @/ I$ K; Z U
[Active Desktop Mover]
6 ?1 w0 a; i( d Y4 U
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
% U9 r2 G- A1 E) f
[360SafeLive]- N1 |7 q, F* }; C. l9 x' i! `
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>- G( l( q# J2 H3 k' Y/ ?
[Microsoft Web 浏览器]6 c0 ~- h* I( j) Y. ^, R
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
+ [; r4 u: T9 N" M
[Browser Enhanced Objects] ]0 Z; `, H! Y1 \7 |( z
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
[Google Toolbar Helper]" T1 r# ?( E; W" f+ L0 g. {
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; Z7 ~* ~" V6 G% _* G
[Microsoft Scriptlet Component]
4 J- z$ k; r; w$ S8 n8 u; s
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>7 z: f* K! X d5 U5 ~0 ~9 M
[Google Toolbar Notifier BHO]) M! W( s8 s$ \* Q# w
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>2 t8 i$ j( X& {$ W S
[SearchAssistantOC]0 H- `* a; x' }$ {6 a
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>4 f; o) g; D8 Z6 V
[SafeMon Class]
8 P% @0 y9 e+ \0 ^) h. s( f
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
' T$ m/ j! ]) d2 B1 F
[RDS.DataSpace]! ^. ^# L$ S4 n2 X3 F
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- A- ?# F( ?4 d+ f
[KooPlayer Control]
9 S9 w; H. }$ S
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
7 W `; x2 C9 r+ S- e9 n1 l7 I; s
[AUDIO__MID Moniker Class]) M% Z4 s" f5 o+ t3 g
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 p0 M3 G0 ^& Z) M0 ]
[AUDIO__MP3 Moniker Class]# Y }/ z& w# |- h. N2 r- D
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>( ]9 e( U( ]& F n1 m9 y5 S
[AUDIO__X_MS_WMA Moniker Class]
1 W2 w H+ i1 D8 } p
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>. a' U5 T/ j: b# B+ r) K' ] R# R
[VIDEO__X_MS_WMV Moniker Class]
* S0 l7 A/ Y% `8 e7 S
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
; H0 |2 ]) ?4 d' ]' ?
[RealPlayer G2 Control]/ N1 h+ m( _8 c7 T
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
- y6 v; |7 q0 c: Y2 g+ U( H
[Shockwave Flash Object]
! z% ^) c. j& E% n- p' }; X$ n
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
, {- c) B% |: A# b5 \0 R7 N5 D
[KUpdateObj2 Class]
. u4 _7 Z1 g4 W
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
2 \. ?1 @( Y6 _
[kingsoft browser shield]
7 A" c/ D3 h4 m" p
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>. i9 {6 d) L+ \: ]! k
[PasswordEditCtrl Class]
9 H4 B6 e* ~ m: c
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>5 K( c; h( i' G: O: | @+ ]
[QvodCtrl Class]8 D( J- e) G- b/ K" z
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
2 ^/ _% Q8 d# g- |
[&使用超级旋风下载]
5 D! p0 W. f' Z2 j/ n0 W
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>* m7 g9 d0 |$ \7 j" N/ M' H
[&使用超级旋风下载全部链接]3 O) ]' d: Q1 n0 p \& r4 U
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>( _3 o1 O! @. a* ^" |
[使用迅雷下载]
( T. X3 J3 ~8 G7 b8 ?
<, N/A>; l: @4 l" @* D5 a' y5 a! }! k
[使用迅雷下载全部链接]$ j9 r% e$ B3 Y& M8 [
<, N/A>3 M* z: o( k2 A: Z. Z! d
[导出到 Microsoft Office Excel(&X)]
" t. P/ ?# p2 u) h; K* X, H$ b; N
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>+ f6 Y+ c* z& t' b4 q2 S- Q( L' p
[添加到QQ表情]
2 l/ C7 e! M+ U% h% @: a
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>) e6 @) W) A. G; R
==================================
% }$ R c0 E" g; k! l* P$ w
正在运行的进程8 q8 B3 I9 L9 G0 @: t) ~7 m& h
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( g) a6 e9 j4 u% T) {# U
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 n4 J2 O3 g6 G8 A* ^( \
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% S- F8 ~1 D: |% p9 }
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
% S, G5 P( `$ ]6 S
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' L, a8 \. o; h
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 {4 d( k% M9 _, m2 ^
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; i. ^* g' W& ]! C3 {8 K- k
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 O6 e+ Y* n( L& E
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 r# W6 |7 ^& f, v+ S
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( k- Z2 j4 a& e! D& g; p1 Q: L
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# H' l' {+ j" A3 E
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
2 F# ?( K) m$ w& i& e8 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 G0 s! U! t/ H, y. |2 W+ D, q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 q9 H |! @1 }& t- J/ S
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 s4 s# v$ z8 l; x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
3 {" N$ a) k4 h3 X5 u9 b* N0 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]; c) B$ P6 D! d- ?/ }
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
' R' {! T4 u1 \# C4 j0 B1 q- W
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]! Y0 P2 G1 r+ k* h: k5 {
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]- K" M9 o, |; W* n+ P0 @
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
! v' d5 c: W' e8 O2 [4 ~3 K! M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 i: B5 B; o9 M& f& R
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]; d6 Y( O9 s- A$ Y6 D x. X3 {
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
! v5 v2 z+ H) C6 D& d& f1 V3 P
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
$ R( Y" I" `5 K) K$ g6 v
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]/ q$ }) {# |7 h1 y. U- u
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
8 N( T: O: R) _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& p0 F/ |* ?, o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( R/ U$ K7 ~' v% e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
/ O4 w3 S4 j0 l$ Q5 P0 }$ }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- h' [: B" H5 f0 W: ?; S% |3 V% B1 ^
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. Z" g+ A. |' \6 ?; o$ T% i) T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' S6 T/ B% p) v, a, N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]% V9 R0 j7 M8 d; Z+ N4 l( f4 X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 |9 `0 m" d! v `9 _& `5 f, N* j$ A
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]0 x; S( l2 h4 H9 l* p. ?* n
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
, m( u) ~, N h4 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 g$ D% i5 H/ M, G$ D( V- [" \4 Q( E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( r: ?& ]+ l/ a; u
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
! b1 l ]* P" w! h% |* v/ T* o; ?
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
% B8 x: ^5 j6 g2 o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 T. F+ M* O8 V, g, K/ y& a, i% H
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& d& q3 t7 }' H% j5 X A4 P' ?+ v W+ C/ ]
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! T4 ^' E% E7 I! b6 l
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
+ M g- F* u: U! z" Q
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 v; [% U' J* H4 N" t
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 M" I4 m7 W/ r( V& M8 X9 [/ P
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
2 ?4 u4 I: t$ u1 C, W
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
) e6 J& H& x- Z7 {4 U' P8 k3 e, n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 u4 ~7 |7 I7 x5 `1 w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) ?$ a4 O; P# A1 @: F- X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# {% n4 P5 y9 K' E/ V* }
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
) a0 S8 p( K6 [1 l% Q2 g
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
6 ]0 D; n( A( q5 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]) O. k8 D: g' x; y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
" N& Y( E h( H$ _' u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
- f: h9 ~" A* N- }$ U9 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
0 S" j9 b+ I5 n4 i+ c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
j/ R2 E" ~& @" `3 u. m* U
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]3 ^9 u) |) i9 d8 X( i. S
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
" O- ]0 V, _( s& R
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
) W, ?- ^) ~) Y) w2 |; c! A; [ t
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
- w1 t% S3 Q! `/ x8 g' w' B
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1], y1 u: \9 o1 L0 T8 C( O
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! Q. c2 t7 r% X U
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
- i' `$ d$ M+ _' @, y2 v
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]" G& H2 ^$ a! G, ?: i
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]2 c! ~3 ~! e8 I, [8 S% P5 V9 |
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]- P. X. v6 x/ H# E) f6 C- k" ?
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- p% u: `1 y, n2 l7 q/ p! [" h( O
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
" h+ V8 s+ f' m$ D; [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 m3 D9 S. }2 s6 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ \8 G0 ^9 p! I9 r9 H g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], T0 q7 e& A1 E7 w w
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 G! }, C8 f; O0 f7 k7 h
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
& y5 s# h2 |4 V$ O
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]7 K1 E9 i# o6 |- I0 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! g" g; T( V4 w) S/ D7 x2 _3 {; e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 T- x) B/ C4 d" }: w3 _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' x% Y \4 z, V" J: w* E
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]0 [- }+ y! ?) a6 z' i* K! T
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]; o6 P3 j( R( r7 ~, `5 @. H$ D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' P) U# n3 ?% o+ s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' g# E4 ^; o. D* k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; z! o+ q0 L. q' ?$ n$ {9 c* S9 j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ s5 C+ z# [3 f3 l: C m- Y6 O; L8 T
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]+ \2 c; P1 g; }, @, N, c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 U4 j Q8 T1 i5 @, p P: [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" [! v8 j$ O M3 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 d9 `: J% B/ R3 m% R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
; \. d- D! m6 c8 o+ a
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]4 q% B3 }6 S. X/ K5 ^( @9 @
==================================
# y- {, A* \) A" u' L+ t
文件关联
( x1 K9 ~3 Z3 A9 R0 o, a
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
; }4 d* A6 o( z7 ^
.EXE OK. ["%1" %*]( V/ P- U$ L) d! `
.COM OK. ["%1" %*]! p- b* ]% Y5 B% x3 \& j# t4 E" h9 S3 b9 w
.PIF OK. ["%1" %*]
/ G# F, B* R- }% p* T; \: s3 I
.REG OK. [regedit.exe "%1"]
% @3 a2 K; g2 }
.BAT OK. ["%1" %*]
+ L4 o, I# u S" V) F
.SCR OK. ["%1" /S]3 x: |2 j' Y/ m/ h
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
9 k7 t8 e: g& R% z/ @5 I
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]1 u: x9 p2 L; G9 o
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
# I/ |( I5 |9 ?1 y# L( z# r! m# Z: E
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
' g) V1 O/ ]! g9 z3 d- K/ @
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
1 @' v6 r' h: A. ~* ~2 n
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
3 d H, Q/ k5 y; m
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
5 r8 ?' Z1 X' e, D+ v8 g1 G A. _7 N
==================================% Z6 Z5 U( N, c" r
Winsock 提供者5 W* ^# I: J! ~; A2 P# H
N/A1 _; m0 _" Q9 m7 x
==================================
( Z# j/ R# k+ w; C$ h* r
Autorun.inf, l2 z* @" t9 E! N# @
N/A
. Y/ Y0 v$ F$ z* M6 c
==================================, M: ^1 T* g" l. z8 C2 Z1 I
HOSTS 文件2 `4 A8 x7 _5 I5 V2 T
N/A
; A& l T: I/ d
==================================4 t! R4 o+ e1 i
进程特权扫描2 w5 H) C: t6 |5 k1 c
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
$ y; _3 J. H' J- Q: F1 a
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]1 D0 C" e; z+ s$ v, ~" Q: c
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]0 J& B1 _* U2 X2 ~" y
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
) H! g1 Z- B3 K+ j9 K+ w
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]5 w; \# U1 v. x9 s- M8 n
==================================5 L2 ~& K1 R( c' V# d
API HOOK
! {6 \8 }6 n6 I4 Q k4 ^5 W
N/A6 f! ~$ g0 E4 j9 H; r1 N: `6 Z. a
==================================# U' |! h8 y- Q" c
隐藏进程0 j' j7 m$ [7 W8 V" p m
N/A+ w1 n( V4 f* A' t B! C
==================================9 E; `6 K4 W5 G; ? W& P
. X- m0 h9 w# u, c8 D% }

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115