在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

- |5 ~' D0 ?3 b( H
2008-05-22,20:37:43! s, b; G- N4 r. s
System Repair Engineer 2.5.16.900
: n# q- r$ D5 K" d2 s) F$ A7 N% `
Smallfrogs (http://www.KZTechs.com)0 b1 f: {9 V) v
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能# ?8 k! g6 D/ H. H" J9 |1 {
以下内容被选中：
; i' j e* }$ N5 ^+ B* d0 p! |9 p
所有的启动项目（包括注册表、启动文件夹、服务等）9 F0 T+ S" ?) ~$ e: P- S
浏览器加载项
0 t/ x) j; q8 d; i
正在运行的进程（包括进程模块信息） F$ j7 p/ g u8 g, z: A
文件关联! k2 W) e4 m. c) M
Winsock 提供者# W7 O" i* t M/ u
Autorun.inf( Z0 f* k% v. N: ~- G
HOSTS 文件, h" E) G2 V& G/ K6 |9 `: e
进程特权扫描
* i6 p! B6 T. J2 ^& a
4 |+ p3 L& h; C
启动项目
" b6 ~" R2 d( {3 _
注册表. v3 m) I3 ?5 U) R) T
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]" e$ U. D, A6 y% t
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]! i4 |* i: @! r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
5 o4 g4 X8 o/ \3 G' M! r* S
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]' k2 t9 b3 W; n1 J8 B% q
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]" [ G) T. N/ m% J* U$ M; [8 A2 k
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
! z: A1 O3 f& C: d
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
5 i0 m# @9 d- q2 r/ s
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]5 l- o" W+ V" T# M( @$ W
<PHIME2002A><; > [N/A] W; \2 V% X z
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]+ s1 V0 o; _' ]- m2 \2 a
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
5 a) N) m( W- m5 B6 r B
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
, N3 T* u+ k4 f; G( y! N, T
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]# J( N5 i- X0 K6 P
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]/ k, i! Y ?( @1 I/ v3 x, \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]3 S$ w/ j5 ]& D6 ~' d2 q
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
% B B! s3 d% s7 f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]6 S& z: m, ~, c8 R) {8 d+ w9 T
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
3 O0 _( w+ P r- G ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]. W) S$ Q* `1 N+ I! m4 O* q! j
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
5 i7 ]1 p& I a) i) v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]" Y4 E% j" s6 H& X/ A4 \
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
0 b2 f+ [/ W& M8 x) c4 C' |4 Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]+ _ C2 |7 q' b" k
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
( L/ v( }1 r- O2 F5 v1 f9 D$ l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]! u; e7 c4 P& o! S0 R* R
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]7 U, E, Q/ r4 w" s W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]+ Y( p* F9 W9 A* J1 J/ n: g; H
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
) f! F6 \' u/ p$ e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
F: z- V8 N/ w3 i8 j2 O
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
Z6 Z8 C3 Z( U7 [3 K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]8 g) N. G% Z) Y# C4 M4 z
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
/ _ m( T& U7 a3 x
==================================
9 R) ?+ c1 o& o
启动文件夹
, d& K9 [5 x8 s, I) g1 z
N/A' X: c& F+ K& v& U* }
==================================
4 a8 Z: n% l, J
服务3 m8 _) Y7 I X/ h5 n% R' h
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]. ]- a3 u/ n; m) I5 M8 u7 z, h
<C:\WINDOWS\System32\3wareSrv.exe><N/A>2 |4 R, u) }1 s
[Google Updater Service / gusvc][Stopped/Manual Start]2 K( e) s$ h4 S' |/ ?3 N. V) }# [; o
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>) l2 F$ t( r+ m" F, e4 ~
[Help and Support / helpsvc][Stopped/Disabled]. w! S, B2 s/ l5 N
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
( t6 z i& E. J4 N0 P& ]! i" y
[Human Interface Device Access / HidServ][Stopped/Boot Start]# K/ l, k* D+ {6 r* Y+ X! u! a3 r* W
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
8 ?' J, Q+ I( F* b: c
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]: Q: }* ~: f/ c- W' D
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>& u4 p- f1 l/ {8 F
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
! }" j8 ^/ r+ E4 j5 r
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>/ T, E7 z/ [+ e0 t
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
8 Q( L- Z3 L) [, i; f x2 \
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
: } f' Z7 h/ M6 P a$ A
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
, a1 Z( P2 H1 h- T8 |4 N) U, {
<><N/A>
8 z' i8 B ^: U4 p, C
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
/ M9 b7 _/ y( G6 h/ s
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>% n5 O2 n2 V8 ?% \% g! ?, D8 X. Y
==================================
7 A7 M5 h' h+ Y4 o" f! _
驱动程序" r+ k- T, S6 c! U
[22j / 22jn][Stopped/Boot Start]
5 X' h& W" D9 N
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
: C( {" W9 ~9 Q! n
[360AntiArp / 360AntiArp][Running/System Start]& [5 ^0 M5 |6 v; W
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>: F- o. c1 C1 X) z) J
[43ec / 43ecu][Stopped/Boot Start]8 x" {9 @ b2 Q
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>) \$ z2 D$ S5 R2 U! n
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]& }* W l, z! }' [5 C$ O+ I
<system32\drivers\ac97intc.sys><Intel Corporation>
5 O1 H& E. a) g
[Promise driver accelerator / bb-run][Running/Boot Start]
* M3 ~: B6 F" I t, F* \$ x: E
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>) M6 P* w/ {8 ~9 r6 U* R
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
* k% n* {) m6 y/ r2 M+ `# n
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
% Q+ c! t8 i+ m
[KAVBase / KAVBase][Running/Auto Start]1 o* Q$ x3 o' P0 N
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>9 v O! E* r% g' |, T) }8 h
[KAVBootC / KAVBootC][Running/Boot Start]
& C# q/ n4 t( N) y b
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>5 e6 W; @0 J2 H& q
[KAVSafe / KAVSafe][Running/Auto Start]7 t5 @$ Y* z0 f: _% t$ T' h. W& R) |) K
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>7 m* U+ O/ X# V6 I1 Q! e
[KNetWch / KNetWch][Running/System Start]9 K5 Q2 {$ {0 t! o7 F w0 R
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
5 Z9 y' T' |) `1 D. Z0 J
[KWatch3 / KWatch3][Running/Auto Start]# Z u9 b2 T5 B. i' k5 P8 C/ [
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
- i- B4 }7 D5 I4 n( C% I& i" l. C" i
[ntptdb / ntptdb][Stopped/Auto Start]
- h; Q) S6 W8 v/ f: R
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>! Y0 M( o9 K& u0 s! O6 x, S
[nv / nv][Running/Manual Start]2 H) Q# q% V% d: U3 i
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
' o6 e4 O% Y+ W; b0 e, w( B
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
1 R. d7 c4 H' }) M
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
O* i) K# ?8 e- ?( U* _& d
[DDK PACKET Protocol / Packet][Running/Manual Start]
# e6 U: ?. u: Q( J
<system32\DRIVERS\ProtoDrv.sys><360安全中心>5 L/ E4 i3 N: _/ Z
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
5 O" p1 X- h- x- ^
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
9 ^/ Z9 T2 l1 `' p. B4 J1 W- A
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
' K. N V; p- q3 q
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
' `" z' z' ]. U5 W' h2 ^
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]) x+ ]8 f$ ^6 F7 [% V3 Y
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>3 G& ^2 ]5 H! R# n
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
: T5 J6 n& A: o8 p- G' ~! D) L
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
# s. g3 O, B% r) \% n! s* [
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]$ k; `! ~; r- j6 k- `% C! n7 c% N
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>0 ?0 I) J+ v% e* \4 j
[Secdrv / Secdrv][Stopped/Manual Start]4 h! `$ w- t8 G `1 k6 z2 O
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>* | [0 q; t1 z* ?6 h2 s9 j
[SATALink External Device Filter / SiRemFil][Running/Boot Start]* J* t$ v6 w: c$ x
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
- o4 A1 V- D: U' q: d E
[System Restore Filter Driver / sr][Stopped/Disabled], m) }9 I- T7 U+ K$ w* \1 O; j
<system32\DRIVERS\sr.sys><N/A>: e" a3 `! R- S8 o+ R& `
[TesSafe / TesSafe][Stopped/Manual Start]
* G) O$ g7 {! f* X7 [; M4 {
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
5 L6 [0 b% H; g# _
[System Services / unzxzsrs][Stopped/Boot Start]
" g4 [% c2 |+ I0 M& E( h; {) [& f
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>4 q) o) R. c+ h& }, G3 L
[ViBus / ViBus][Stopped/Boot Start]
" d% R$ @, I9 N* H% E
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
' |$ r6 S0 f" t% B
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
9 `; ?6 a' j$ ~1 v2 y$ H
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>! Y, |7 i. t# X8 q( T
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
0 L6 y* q0 {: h" j! k
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
0 r5 |9 h5 T) W! C, g4 ^2 T
[ATI Extend / zhibmaso][Stopped/Boot Start]! N$ ]. P9 Z" G# W! |) D
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
* V7 W e2 T3 s5 M+ g5 f A! D9 F
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]4 i2 w) x8 E/ w, s' q, }
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>4 V. V. Z! Y% j" r" e6 g
==================================
& X: G+ @. K7 Q, h& E( ~, n2 x
浏览器加载项 M4 k! G' F! y+ ~6 e9 z
[Google Toolbar Helper]# I" f. a2 w \0 L Z; U
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
/ W& d- U+ n& X
[Google Toolbar Notifier BHO]
' x" h% a% o: u/ A5 }# ]2 F, B
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
% b( [9 h+ H: \- @& q# u6 u$ c
[SafeMon Class]
: X3 |+ Z9 p/ w7 e0 b5 h3 o& o
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
( s" [- M! p2 f% {) B, l
[kingsoft browser shield]
; s/ a/ `7 |1 R" o; N. P
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
0 i" E$ t. }. T* [" k
[IEBuddyExtControl Class]# [+ l' S8 t2 ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
/ l/ {. p8 I# R/ K& h3 O: }5 \; p
[Zcom 杂志]
# i1 G9 D7 ]0 v! c
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>" @, Y" g+ J+ A) Y! z( _3 q% u& \/ _
[&Google]
; U: [ U0 Q4 o* k `' e
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
) v* D: }3 Q# a; C8 H. j4 m
[KooPlayer Control]* A) l: o8 B, F- R7 `* Z. P: w( b
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>( j/ c1 a1 U# V. T
[Shockwave Flash Object]
% E- f, A8 g$ N1 v
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
7 [( v7 x! c- p' Z! R) ~: Q2 a% T, L
[KUpdateObj2 Class]' {+ R) e1 M9 c, z- p
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
; Q8 ?4 @& N- I x6 u; w
[Google Script Object]
' w0 D; h( p# f
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>3 f, p# ~8 `5 M
[EWA Control]
* q R- r. w$ i6 F$ D! y5 i. E
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>, {7 w. W- a+ e( h
[Windows Media Player]
, ]: w. Q1 N# k: b
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
6 s% l+ k) t. e( R
[&Google]
! v: M4 F/ x& W+ G
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
o' X! j5 b4 @# V1 @8 }! Y7 U
[HTML Document]
" k- j5 Z6 _. Y( a- P8 O
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
* L. y5 v9 X4 q% S
[DHTML Edit Control Safe for Scripting for IE5]2 d' R p% T1 K+ P; n1 b
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
0 m3 i3 z# m6 J, V" S! i& `3 \' ^
[RealPlayer RAM Download Handler]3 q1 n4 J5 K O$ z9 g% V
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>9 F: s7 z* I" }5 V" I; Y3 W9 O
[IEBuddyExtControl Class]
1 r$ g: r# T p v6 i0 R
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>; j! f2 T+ s* ^& N
[XML Document]1 [& R% L% R/ m) A
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>! t) }5 M" @& W
[HHCtrl Object]* U" W! f! p7 C$ J0 ]7 e# I$ r- E4 M
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
& x, c$ A! K. U# |; P
[Windows Media Player]9 j, ?7 D4 ~ C: S! i# Y
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
3 }' Y9 m$ Z1 b/ j8 \: N/ b* T
[Active Desktop Mover]
7 j1 r! Y* q( P
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>; A$ _' M" d* `6 ^4 s y: x% B# E' K
[360SafeLive]
' g1 n5 v3 K! F
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
. @" A( u/ r# z' t: C/ j
[Microsoft Web 浏览器]
7 u4 C5 P; i1 s+ p( J8 U. M
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
* r3 O* M5 b3 j% Q4 M4 n
[Browser Enhanced Objects]6 \% h( O# R8 V" p) C+ F5 D% I
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>. A! h0 M$ [1 p% E& B: f' p
[Google Toolbar Helper]
- }/ l/ \2 j+ i l& z7 Q6 a+ t
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
% b$ S1 N5 j( d
[Microsoft Scriptlet Component]
+ t& j: N8 Y4 N. A' o' E
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
: }/ D9 r& ~) T
[Google Toolbar Notifier BHO]5 ^, P, c& J$ I6 S: Y# m
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
, J" a4 O1 a& m
[SearchAssistantOC]
+ n& ^ B. `# d' A
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>5 D+ F& z) F& u0 B& \
[SafeMon Class]
j. [6 T5 O7 M3 {" b: j
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
7 r/ B; U, q5 T8 k- n
[RDS.DataSpace]
* i8 w1 Y2 U. r+ _6 B! j! _4 w
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>, c5 }, ~- v5 @& B+ }
[KooPlayer Control]3 e" U8 X( f" l0 O
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
: f: p$ e1 p: j3 C. W# D7 b
[AUDIO__MID Moniker Class]
) f# f8 x$ u3 C
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: u( @3 j3 w) r
[AUDIO__MP3 Moniker Class]# L& r/ N/ m, `: t' o" \. e6 {+ B* X8 z
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
( Q$ X5 H; Q' t' T/ e0 \; K) G
[AUDIO__X_MS_WMA Moniker Class]
) A6 I: V8 C+ T4 o
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>2 @2 Q) E( c1 `% P, n
[VIDEO__X_MS_WMV Moniker Class]/ J6 e) W, `* s* F( e
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 N5 X. w8 J) j! w5 R. H
[RealPlayer G2 Control]5 T3 f4 @( O2 U+ z
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
; F: o' Q9 y- C7 z2 T9 G
[Shockwave Flash Object]6 L$ g$ e) F, L4 g$ y: ?, c, l5 B
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>9 y6 a+ U) n* q- W6 Q9 w
[KUpdateObj2 Class]& s) A5 I3 Y. L/ w& q8 `$ s9 i" y
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
1 W6 w* E# s. x4 a8 ]! v+ r8 w
[kingsoft browser shield] ?5 H/ p" A% N; h) R2 u
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
* [% c0 O) B4 D9 F: k" _1 j
[PasswordEditCtrl Class]
: G8 i1 |7 ?* e) t
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
. \( y* S2 x+ ]3 \* K* O" R1 \. b+ }4 P
[QvodCtrl Class]/ }" W8 O" ~' G& b# D& W
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd># E5 W2 v, z' I0 J9 a! {7 p
[&使用超级旋风下载]
2 z& E+ I) i8 [# q0 O
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>% R% w0 D4 O$ w( I: ~
[&使用超级旋风下载全部链接]
& l6 Q* |5 P& v# ~. Q
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
( h% k7 l" L3 v) E) U- i
[使用迅雷下载]6 ~+ q8 m' Y- C
<, N/A>
4 z; P9 a9 F+ o5 V. x
[使用迅雷下载全部链接]+ r: ^4 p; h3 f
<, N/A>. I* x$ Y: O4 R" Q- ]
[导出到 Microsoft Office Excel(&X)]
& X* F4 B0 C/ Q) M1 @2 a) S
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
; e& ]: K0 k9 P0 v# E7 O3 U. I+ f
[添加到QQ表情]
( R" C" w& U; {- V; b% n7 O) h
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
1 a h- C: D5 f# x0 |
==================================
+ F2 H! u& @) f; V k: R
正在运行的进程
( Z9 L. q2 w: k4 J
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( P6 N y9 E# H( P
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], Y; {) n q! _4 h1 \7 _( ]( _
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! w$ z' H: D( A8 y, x$ }/ _7 ^: j8 \
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
5 e/ e2 I7 M6 w# U! \ A7 T. g
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 @5 h7 ]* G: d. ?
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! R' b0 v: e( b" C: P( ^8 p5 Z
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) J2 _1 B E. Q: V
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) t0 w9 E: V. ?, T
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! y3 y: o' o2 t X V9 ?: e$ ~
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ i1 {+ r5 b& w3 C3 }+ C# s' A; T& P
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 ?) q/ I1 j3 ?0 \. B. S
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]7 y1 h {4 \9 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& _+ C) @, l% D* s% q/ R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ M9 A/ i: ^2 S8 Y. ~
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]0 x" J% L( s1 Q p" |: {# e6 \
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 |5 Y! r" n% h" a6 M6 J5 g. e4 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]( x* E0 g- r9 D; F5 C* P' M1 @1 n+ Z
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]: W9 v, @9 f8 M2 z. j+ U3 S
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
. @2 G+ R( ~& ]7 q
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- n6 E% a0 e3 J; i0 o
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
8 q Z r- P* k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& @3 P. _! T( U7 f
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
& }5 l3 V# C% y. t4 R# a8 ?
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]% K- [3 U$ c# e+ T2 H( T
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]! X0 {! ] j; k @+ c0 Z
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
- U% N- z) b; W0 z- y
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
1 `3 p5 ?1 R# Z w& K5 i4 }
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% e' ^% Q9 |4 z4 A# y( _' L# ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 j+ q8 B" x4 X: h, l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
- ]: g1 B% C5 H0 M! X! I# T
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 |8 j0 y3 { j+ G
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% z6 [0 _. E! j) H) G3 Z5 M% i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 w8 R/ N* {; s7 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" H' M! i5 V' j$ r4 @! P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 y% R {4 o8 a3 q6 L0 K
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
9 r! j0 {$ O- e; b& X* {
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]. F7 _" e0 m2 k- O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]+ r/ }) I/ J. d% b$ k& p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
2 }/ n0 @+ u! o8 H" P* I, q
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
( V* v, }' N% q" c Q
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]3 U" O- d" y+ L
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& n8 b2 p: ]7 a. J! \$ x$ M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 `5 o+ B/ R4 F: u
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 y1 }% o9 r2 F( ^+ {& l' v$ q- N
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]' p) |/ x3 g/ F" r( f! {
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" r7 W3 t0 j3 Y6 L, B9 u
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* F/ a/ Z u6 |2 r
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]* M! d$ X9 L" B' t+ S4 m" A
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]! [0 A6 b$ Q' U( s0 v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
$ T* D, m3 E2 a8 w! N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5], b/ Y: w, y; [' d% N+ v" I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
6 Q, G" g. o# |
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]+ q5 X1 Q* t) G+ X, d! m' G
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]4 K. ]1 Q1 p$ k3 l* x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
# f3 I5 q% E8 Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
0 `' n. K# E5 Z, z6 T7 V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]4 Z) d6 T) `/ x, B6 F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]# d( I) s8 U" d: d- [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]0 o- ~$ \5 {' x6 ]1 h# R+ P' g
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]/ d9 k& m" q$ [# i& a6 |- T
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
$ ^" h; m5 j/ S7 b' P0 O5 b. ~0 L0 e" a
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
2 D. d: r) n7 e; Y f+ m2 `
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]: x- g* m6 \ T) |* Q6 v7 O C
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]6 S" L' r9 X& a) k. p
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( L) C- V2 W; @
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
- c9 F% x8 y7 C- d
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
" S0 G% c5 o" @% D, @
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]$ R0 n4 j3 u/ a7 @8 f; e3 Z. e
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]$ |$ D) I9 c: b# X% z5 L4 c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& f7 @6 \& w" |
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]) P/ P# a0 W0 q" k1 |! n |
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]7 y4 l8 w3 j" e; e; _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 q4 E. A/ \4 S h( @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. ~/ w" Q) k& t; t- a# K# ~- [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 E0 ?9 \) n" U* l
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]. b- F4 w( o7 |5 T
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* U: U. q8 ~* D4 l9 U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' F- N$ S+ x$ `7 F' P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
% r; r, b- v. L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] V7 X* g! v+ ~2 D4 k
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
1 N# [4 B# U; \
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]$ X2 }# n, A3 U( Q! w- l, I
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* W* V* J5 a4 r: V) R: z3 z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]. M5 z- j9 C9 R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], |) H0 g' j3 L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- l/ r1 D! v/ K: c
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]3 ]/ n* ?. s1 H/ D9 X5 S; C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
$ ~( N u% i5 R. _5 m$ a' q' N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& A4 W7 H: F$ K/ `; d$ f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]% ^7 E: q4 J$ h" U& T ?3 c0 j# d
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]! d! e0 ~ y" w( r9 a
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
; H8 d3 d( ?% [9 u
==================================
; }( U- a7 Z! l
文件关联# `3 {. {. ~4 ?9 o r
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]$ O6 X6 o; J) _+ P/ O% `
.EXE OK. ["%1" %*]; n$ n. A$ J8 e0 G: X
.COM OK. ["%1" %*]
! n' o5 y. o8 R9 h
.PIF OK. ["%1" %*]
% ~; ]. N. b' V$ n" W# z
.REG OK. [regedit.exe "%1"]6 _, D8 @8 Z0 g1 A- J% m5 n( b9 K
.BAT OK. ["%1" %*] B }' Y8 I# {+ A3 ~
.SCR OK. ["%1" /S]/ U+ h& W, F1 s
.CHM OK. ["C:\WINDOWS\hh.exe" %1]+ ~ Y# \6 M: k
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
4 G7 F7 F) D( Z+ _1 S
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]2 {( q2 {$ Y- t5 d' [* _7 x
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
7 X$ |3 i: J i5 ?+ {
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]- f: V3 X* ?4 [+ Q
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
& S- R4 Z9 F V7 m- m5 d9 V, F5 k
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
" s/ V7 N4 O/ C& T" ?
==================================& P; F4 s' V% \( W( q
Winsock 提供者' o: u! @% t( q6 q( ^* s
N/A
% J$ U$ L0 W5 {* q" N8 O8 E4 ~* [
==================================
1 p) c% ^- d; ]; y* F( M
Autorun.inf
+ d6 Z8 r- B' H( b
N/A: c, v; Q ?. j" D
==================================
2 {9 ^* e# D# v
HOSTS 文件' l+ Y7 H1 V7 h' l2 _
N/A5 q, f8 B D3 D! W
==================================
7 f6 p% [+ I7 T7 I, ^5 B
进程特权扫描 S1 U h4 m$ n! K) K
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
7 F- L p. P5 I7 w3 ?5 _, T
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]% T( K7 S3 u! e; z( c' b a6 `% u1 C
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]* S C! \, g7 V, m$ Q9 [8 f
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE] A+ F) q% M# ]6 z" L. `
==================================3 R @ T, h9 ~' f) Y) ]
API HOOK
' M- Q+ t: }0 `8 o9 f" x
N/A
: g+ L# N4 s2 v' B0 k
==================================
7 z. Y& y, X2 ~$ p. I
隐藏进程) q% E% E' q/ }0 E
N/A; I+ T% J, `& c5 r' p# T& x8 X
==================================; A; ?" v5 Y* b
7 n& r$ T" E' N& \- D

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115