在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

( r7 T2 ]% e, |. r) p7 R
2008-05-22,20:37:431 f/ H( {; i1 E7 M- y
System Repair Engineer 2.5.16.9002 w0 i( N0 v6 D* L; |4 e0 H3 b1 w6 O. q
Smallfrogs (http://www.KZTechs.com)0 m0 z- R4 f/ g
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能/ Q" B1 V& j6 q7 C# T
以下内容被选中：6 i2 f$ P( P: i! X& P/ z
所有的启动项目（包括注册表、启动文件夹、服务等）
' H) a, f4 [' J T# Z. ~( d' U. I
浏览器加载项
& f0 [3 a8 ^1 a+ k- T
正在运行的进程（包括进程模块信息）5 Y, V- ~# V8 G1 R2 u
文件关联
( J' Q2 g& g8 W, J
Winsock 提供者
# V: l3 |3 y+ f$ @4 f: O9 w
Autorun.inf
5 d( G2 v, O8 {4 M' h
HOSTS 文件
& V& J! U- a$ U+ I* @' ]
进程特权扫描* ~) I: k+ ?- o0 N" l1 q
- X' g& q" ]) y( C$ Q
启动项目
4 z4 S# R$ Z) ?( T3 ?$ ^! W
注册表+ ~1 E* e# R1 x) q1 \; B. l* W( A7 S7 [
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]/ Z( Q7 c) k+ _3 |) i' T, s, H
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]( J {) a; n0 ^' o
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]# d$ S& d( V7 e3 m' K& F
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]' z1 w9 `7 K) B7 G. N: E+ N
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
+ K2 ^$ V3 m0 Z$ v! k) H
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]/ v G7 `0 G' D6 V4 X7 z
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
" V; t5 s: ]4 k' j- c
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
/ W8 M/ L; B- y
<PHIME2002A><; > [N/A]
! A* i( j. |5 l) L
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]6 n% |' J. u. v" V0 S+ J4 G" M$ m% G
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]3 I) ~) Q# N7 ~! t4 f# T3 p$ @4 F1 R
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
. y- R8 ]1 r- c( x5 I" ]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
/ |, @1 R/ x6 B' \- I+ e {2 y
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
4 O! b+ s1 Y0 Y, F2 K( d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] c4 z! o1 `) Q9 g) I
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
( k o$ f- s ^% M( x
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]( U( L- e! R, ~0 r/ t& f$ ~
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
; _9 w7 J* P+ v* d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]" T# d" r3 c# j) J% B
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]9 F* _, _0 K: k
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
$ @4 \% k! [1 K- T' B8 n
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]5 ?, a% h0 M8 i* Q$ c, ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]# I7 u1 A" u0 m( s
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
. U0 B, W) j0 Z, T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]+ S7 q& Q) x% b- |8 e( i; k
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
/ o; F- q8 \/ _
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
2 h9 }6 Y0 _7 r. K% u+ ?2 D
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
; l/ }+ V1 B* v/ f3 b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]4 W. b! q+ U! ^5 d$ M
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]) z; `# c" Q f$ \. k; X/ I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
7 p, ?% Y1 [. Z* `) r6 a6 W
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]' ?9 R5 S k$ c3 z0 I* m9 ^. K8 M
==================================2 U" O; S- V0 W" s$ I* l
启动文件夹( T" h) k& C' D; Q7 v$ f$ m
N/A W j$ f8 \, @+ I2 J! X
==================================. K' @) F* i8 a$ S7 D9 P
服务1 L! ]7 Q+ Q% b, Q7 i, N# |
[3ware Controller Service / 3wareSrv][Stopped/Auto Start], v' B# M; X- o" _7 _; F# r$ [* ~& F
<C:\WINDOWS\System32\3wareSrv.exe><N/A>! I" j* e7 z8 |9 C8 ~* Z% ]# k
[Google Updater Service / gusvc][Stopped/Manual Start]( _% s1 d0 a& f( \) c8 s
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>$ s+ f8 j3 R/ s: O8 i
[Help and Support / helpsvc][Stopped/Disabled]
' X! s$ A: j7 E$ R3 ^
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
" U) g j& p7 W# D/ {2 \
[Human Interface Device Access / HidServ][Stopped/Boot Start]' B/ T# E' r" t( s/ t
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>3 W6 ] h2 Q2 G4 ?; g7 R
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
( ?; ?9 B/ m9 S' O- H d/ Z6 U8 A
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation> f- O( J: Z( y I- p2 `& ^
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]# X d0 f1 B2 r: n5 A
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>& }. J+ O" ^6 F$ I9 f/ X
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]. Y l1 }& A& l, Q3 I- y/ p6 Y
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
) e/ \- I9 _. Q' [
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
+ P# a7 p7 _/ a' Q
<><N/A>
* M+ V' `4 B2 W( Z1 @) T
[Qvod Terminal / Qvod Terminal][Running/Auto Start]* u3 g& U" Z* Q+ f! H% e
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>! u5 t( o4 [8 ?
==================================
- S7 g1 @; c7 x6 W( F
驱动程序
5 b2 P2 ? y) ~2 {. c9 J1 v
[22j / 22jn][Stopped/Boot Start]* B. L0 h2 H1 d/ x+ _
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
. } h" ]% |$ b7 L4 J& A- t" B
[360AntiArp / 360AntiArp][Running/System Start]
% D( F1 B- ^" `! J3 X
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>; T0 C1 C7 N8 Q- q$ e3 m
[43ec / 43ecu][Stopped/Boot Start]+ {# C+ Q+ K9 c& g4 S
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>$ p4 r1 h" |2 ?/ n: p; q4 ?
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]$ V; c( h9 U2 f+ x3 [
<system32\drivers\ac97intc.sys><Intel Corporation>
! X1 C0 Y @; p: Q4 l O: T& O+ L
[Promise driver accelerator / bb-run][Running/Boot Start]
. R, R( o8 [! c; I
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>7 M; m9 e5 ~3 G8 }* O Z% x
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
% A! ?/ \# p1 I2 U4 A& z
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
$ A3 |/ f5 q8 u% p; e/ Z- I
[KAVBase / KAVBase][Running/Auto Start]
! s3 m" N' O$ F
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>' S' j8 P! e' Q4 B5 a- i
[KAVBootC / KAVBootC][Running/Boot Start]
/ k( d4 m G6 z x1 @
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
" z2 \+ T, U/ M" D: f- K
[KAVSafe / KAVSafe][Running/Auto Start]7 |0 g1 K8 F. y' Q/ i; s; F
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
1 [& o P" P2 Z, D
[KNetWch / KNetWch][Running/System Start]
6 n! y6 z! b s$ a4 \
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>/ Z8 Y+ s+ t/ [
[KWatch3 / KWatch3][Running/Auto Start]6 _5 C; [0 E$ G$ k2 P5 @
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& p# l) l# D" v, w( i+ N
[ntptdb / ntptdb][Stopped/Auto Start]
7 Q5 ]% |6 o7 m- A. z5 Q5 }
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>9 F$ r3 g& {, `8 b) i
[nv / nv][Running/Manual Start]
" L- _# d' B* K( {
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>) E* n9 ?$ s+ Q$ S# ~3 K. i5 a
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] l5 q) \# c$ ]$ u& {. a2 E9 R
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
+ G# ~. Y# I3 |. t# `9 v
[DDK PACKET Protocol / Packet][Running/Manual Start]
# y o4 b, ~) C3 v; a) A) ?
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
/ u7 @+ H/ [- ]9 t1 b# V
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]$ Y; z: t8 u& D$ a
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
: W2 Y; q7 p% }7 ^' [" \
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]$ g {- K: P& o) D8 C
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>6 W+ S$ m A. Q- }; k! q, @
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
. G* W7 i6 g1 i" L1 q5 M9 |0 p
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
6 e* A, i6 \" O( \* A' ]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
* O t9 n/ P' l+ y& R% Z$ U, @
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
1 |' G6 D# O' G/ v+ b- s p
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]$ ^" e, U9 r& U/ U, F @ v( \
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>* |) f, h. E5 _9 l/ n
[Secdrv / Secdrv][Stopped/Manual Start]
2 B$ @8 f& ^; L" K' H
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>: a. N4 {% I4 r* q
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
2 w7 r* Z3 [% ?# h
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
0 \, M; y9 a) z, _2 t
[System Restore Filter Driver / sr][Stopped/Disabled]. \+ d' ~' s% P* @$ w; K3 m
<system32\DRIVERS\sr.sys><N/A>/ u: ^2 ~$ }" \' W8 E: m
[TesSafe / TesSafe][Stopped/Manual Start]) C- f2 ~' E8 @% a9 O
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
7 Y' U! y- S- n
[System Services / unzxzsrs][Stopped/Boot Start]0 b( q( V* `7 C, h7 ]3 X3 K- V8 C- _
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
D* w& v8 Q1 ~9 y3 g/ n
[ViBus / ViBus][Stopped/Boot Start]
# C7 v+ s( A3 C% e% R& n
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>( B1 ~7 [/ k' M" }2 H
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]0 L- l. @- S8 M% D P( o. c
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>3 ]: d! @) M7 g2 ?$ r8 f
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]# L0 C3 w7 c. @- p6 c8 S
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
( x6 i7 M' g2 Z, g4 F( t
[ATI Extend / zhibmaso][Stopped/Boot Start]; k) U6 m [ V9 |
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
2 F" g$ K- ^9 `5 N& a1 B
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
$ J+ |9 {3 N* N; b' O( [. K
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
# J C0 ^! [2 F6 C4 S
==================================+ J1 c. X8 I' L. u b6 n1 h" l
浏览器加载项
5 H4 ]$ a- c# f
[Google Toolbar Helper]
, c3 U) k7 A7 U) P3 U
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
' e9 n8 i8 p( G* `" z% Y9 D; F8 ]
[Google Toolbar Notifier BHO]
0 o6 \4 I4 r6 s" @: \0 L) g
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
0 ^) k$ f* \. ?2 T
[SafeMon Class]
; r% J# M! [- k1 j
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9 o( I$ z) y* c; u D7 M$ i4 i
[kingsoft browser shield] \; |# t! [$ d R
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
" d- i6 v3 A% B- U! {
[IEBuddyExtControl Class]7 o& A9 N; c/ F
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
* y5 Y6 ?! a6 P# x9 E; T, J
[Zcom 杂志]6 B4 j' n3 s% q$ p. G; j. j
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
7 F* _/ h- z* |2 I- y/ g8 s
[&Google]
, Y! V# m. Y3 h/ J
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
! E+ f& d: P; W7 \( o6 V/ H
[KooPlayer Control]$ q3 D7 v5 [# O3 k, L
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>6 T" ?3 n3 E- X3 o, V' I2 I
[Shockwave Flash Object]* H; |5 K, h1 t/ \
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>& U5 q8 O! r. [9 G" Y
[KUpdateObj2 Class]
1 N9 m) E/ a! |( U
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
3 R) q7 q. H3 o4 W$ V, X
[Google Script Object]8 E' k3 j2 b/ ]( X! K q+ U0 R4 f
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
7 G- n, S6 l8 I$ E% Q- |8 g: c# `
[EWA Control]
; Y" b3 U& T* `( n" o1 D, W
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast> o5 S; R; D0 O0 O+ l Q
[Windows Media Player]: W0 U! I+ x( ]# k2 f/ s( U6 f8 k
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>" m. F3 X" r) D6 }% f' w
[&Google]& q- p! k* S* d4 ^$ c3 `
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>- Z0 h" h3 l3 D3 X! P
[HTML Document]
6 L) I+ v+ k3 U6 v. J
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
}: Q) Z, L) O. T. ] X/ |
[DHTML Edit Control Safe for Scripting for IE5]
; q ~8 H' i7 Z; a6 ?
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>5 `7 |7 e3 Z8 Y9 e0 T0 ]
[RealPlayer RAM Download Handler], n% y e0 i# q& D( V6 `) D3 d
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
L. d. a( k& g6 x5 H: E" i
[IEBuddyExtControl Class]
2 i6 `/ b) N/ I, S7 ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
7 T7 \' i! E" R7 u, g( n4 u4 W
[XML Document]. Z2 T6 U8 r8 a* D( x0 P# B# Q
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>3 j M" |& z! M3 a, D1 Q" c- m3 C5 f9 Z
[HHCtrl Object]
+ ~+ E+ e0 Q: K4 W3 [! U
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation># L- @( U* x2 e; f
[Windows Media Player]
0 h( h# e9 k5 [' |# f
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
: K; A' m* w5 o9 q5 A8 u
[Active Desktop Mover]- ?) W; h. H! {+ ]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
' f8 k6 i Q/ d7 T6 d2 ]
[360SafeLive]
, v' h# ]' k) [6 D0 A, z" S
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
) W4 Z: `1 N+ C6 e) k
[Microsoft Web 浏览器]& o V5 L; z9 ^: r, m3 R* ~7 H
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>* [: ]- Z) Q& q" r ?' v9 Q
[Browser Enhanced Objects]. x9 p D" ~ }* o/ o/ N
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
: S% X& u8 h5 R
[Google Toolbar Helper]) e& Y" {' Z! t2 E% W# ^/ m( a0 a
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
4 c: G3 H+ B; w9 V- X, J' C8 t
[Microsoft Scriptlet Component]. \2 \, L @3 n9 ]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
) i+ P2 T0 Q' k
[Google Toolbar Notifier BHO]
( d$ W1 S- r# ~" G. Q, t. B9 X# f
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
1 v% h+ v/ R9 [3 y1 s
[SearchAssistantOC]
- b# [3 s. @5 [7 A- J9 T7 _% d% f: p0 Y
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>( H4 ~2 B: [8 L
[SafeMon Class]
0 H. F# v' E/ g1 [" A% z* ?+ V
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
+ X/ h# t" i2 b% y
[RDS.DataSpace] P( S$ w/ W( Z3 K+ o- ^1 _' E: i
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>$ O6 ?2 Y @2 J
[KooPlayer Control]4 |# z0 h6 S- V( T+ j7 p
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
, ?/ F! j1 ^6 Y( d4 f* q
[AUDIO__MID Moniker Class]. a! J, @: j, q0 ?/ H9 p1 \5 t
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! |9 T& Y7 a* [( B3 ^; B" ?# q
[AUDIO__MP3 Moniker Class]- X* `1 }8 V9 X4 S+ Z8 q
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
4 B. N2 Q( ^, D$ A
[AUDIO__X_MS_WMA Moniker Class]
# ~0 r4 G, C+ C/ S5 ? C6 Q
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
: c. s1 Z& x. h; @& n9 T, h
[VIDEO__X_MS_WMV Moniker Class]
, J6 Q% j( X* l' i
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
* k+ w5 l' {6 d9 R
[RealPlayer G2 Control]- H+ |# ]" A6 I S, M8 s5 z; N8 i: `: c
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
6 d8 X Q! }8 k0 X4 e* W
[Shockwave Flash Object]
; a1 y' F* I; f2 t/ Q& |9 h! B
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
1 g0 P7 k7 i. a* o( O$ i
[KUpdateObj2 Class]
" o: T8 F/ D: n
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
" P: k5 C3 S1 C( p' I) W, E$ E
[kingsoft browser shield]9 c8 b7 K# N* ]. Q! O$ x
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 ?+ `& \$ D. C$ x k8 E
[PasswordEditCtrl Class]1 ^- C8 c, I: C# P1 ~; b0 @
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
6 T J j' o' b
[QvodCtrl Class]
0 d7 d/ L7 D# ^. D; J6 u
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd> S8 q* q+ \( U
[&使用超级旋风下载]
1 {9 f7 P$ l+ U: \7 Z
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>5 {4 R2 r. h2 I% m
[&使用超级旋风下载全部链接]
9 g, \0 n# _' j( _% o
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
* {- s" A8 m, n
[使用迅雷下载]0 @# e) g3 }* `, ]) L
<, N/A>/ E7 M4 m+ x0 d+ T
[使用迅雷下载全部链接]4 B, R- U" [1 K1 B& j! G3 n* Y
<, N/A>
- u- [. M0 f$ r, P: `
[导出到 Microsoft Office Excel(&X)]; i4 d: A, k4 @* e
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
. J% p y! j" L* w. o
[添加到QQ表情]( g9 B' j) ^' f
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>: s- z3 c$ g6 _& |
==================================" B1 o- Y. b% W, f0 C" y6 H
正在运行的进程( C+ a6 X: J8 @6 e! y, _* v; O4 z
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
Y( E( b5 u# O
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 r2 w2 S0 V6 O: _3 W
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 ~% @4 K) Q7 A3 S+ R" M
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]0 I: n, _6 i1 S: A1 {
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 C. w+ K- Y% G
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' j4 l. e3 y8 B9 P. ~
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" Q( G* C% v# p0 [6 p2 ?6 ^
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. W: ?$ l; I( X# a& T1 h+ b
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 u# L7 A8 S. |5 B3 w9 x8 r
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 {+ A5 n" B! E3 }! ~
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" G! E j y e
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
% `8 s: Q& L" ~/ X/ V/ F7 |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ d2 [" r' m) ^, ]* E4 Q ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( Y- n# {/ n- I( Y, x* R( ~3 w1 \$ p
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
c+ d1 g- W3 j) T* p1 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% A: h, }4 n6 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]2 m) Q. f: ~1 ?" \
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
9 J9 l# S. Y: S4 `; I5 X
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]9 E# l( l7 k( U
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]7 F- Y2 a8 ?1 E6 d1 E
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
% p1 _+ d: J5 L+ r# E# @6 N8 g
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# r* F' x2 k0 A# O5 v
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]4 U1 w- J8 r3 _9 C. }
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
4 i6 \9 c/ [# q6 C& r+ N
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]; Q) J. J# S# Y4 y
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
( V0 U# |' f; U3 P O
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]3 v/ w- [" Y+ {7 m! e O
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* `0 A( z) r9 z/ a* I/ S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 R: e' h8 h, n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
# N; L( I8 t2 f: R/ Z) \! m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 d2 S% O+ m1 ^; f6 Y1 @" X
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 c) j8 q5 h$ G% p2 r; m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, q* n0 S0 k$ L% P8 h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
' D( Q3 z% c9 L/ \& n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 p+ a0 F) c% s' B; A! l" T# ^
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
" _ m. _! z2 k& a2 A1 C; N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]" |/ j l' A5 p) S9 n7 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ d7 X# J0 `7 e. X( V' f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: F1 B0 C! L+ o: {9 v; v8 }6 ^" s
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
, `/ N/ o0 z; X$ G s& e0 e: P
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]! M! K4 o) i, o' B
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# W J3 `0 X& `
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 c- o% `$ G. o% {; f& n* Z
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! l& ?# }7 W, H' D( R7 {
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]! k3 {4 n. ^' C; q( T# K" g
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. ?( l/ @2 b3 ~0 e$ G
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% q l9 ^+ W5 J5 W* _
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
* f1 J, W5 q% I
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
+ C f% I5 P. ~, S3 [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]$ A, h5 F. _3 `5 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
. P, s7 S6 s, Z6 Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. P3 W& J* p% r* Q/ _+ }
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]4 A; {3 I2 C4 U8 V" J* a1 U
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
' m/ y; E5 d( v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
3 _7 x/ x% O9 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
( R! T5 p( U3 k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]+ G8 F% k1 E$ G: s/ m+ r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]0 S8 `" Y! b4 `) i. d8 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
- o2 Z5 r4 |7 w
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]: g" b: P& u1 D
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]' i2 E5 ^' \ L7 x
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
/ ?4 i' u6 X# w( Q4 a
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] K5 M' G2 k3 l& _, ^( _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]$ M3 o+ m# X/ X3 g# O4 h) g9 w% f3 }
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
1 f; `. H6 S+ U4 Z4 y, s6 x
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
1 C, W5 @$ k# |( Q( F ~9 V9 f" ]
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]4 T( \5 y* y% a# r
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]1 G j( R9 O1 B4 ?% e9 O' ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]. A; ]$ f" Z' [5 M4 f5 ~ I
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
) }- A" c8 S7 r7 V, u# a1 Z/ v
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]( H9 _7 Q: w% I' j) i. ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' N/ \2 V _& g; L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ x$ L! ]7 e S0 `, E0 @, \- _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 F% W: l9 r. S) b, p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; n& M% b+ {9 `& N6 f
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]* b( v4 N7 n! c0 z" Q b/ c, Z5 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], j4 z& J$ E6 p. W! w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; `6 D: n. _; `% T4 B0 l( [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, S3 M3 D+ o1 Y- J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
9 G* U1 y( _1 K1 [# H f1 r |5 R
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]2 z9 o5 S# ?6 P1 q @1 S. e
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
/ o% M* y4 c4 O7 y' f5 c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
/ F' J5 K: \( N4 K; _; q# {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, ~3 b2 V9 Z( a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 P" U0 c6 b N7 u: |( G- r
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 |% A( g* U% z3 f# ~
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
0 m# r$ H0 r9 H( k6 {9 |) |7 M: I! O+ T
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ @' _+ k& R" Z! F- |- k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 e& C2 x! Y. G, y, `/ s$ {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: |( H5 W+ ]" F- c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
! B. q8 y3 L, x+ _+ I) C
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
5 R% n/ {/ z. A3 ~: w* y% \
==================================
/ T- {/ G8 S6 \9 `9 ]5 R8 K% p
文件关联
- S/ l/ H4 z: k+ ?
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
+ l6 n& I" J8 x c& x$ X2 p! r
.EXE OK. ["%1" %*]$ y( d4 k: w3 e* d3 O
.COM OK. ["%1" %*]. A6 H; k2 u% Y7 H
.PIF OK. ["%1" %*]6 ?$ U/ f2 k9 l, ~4 G
.REG OK. [regedit.exe "%1"]
+ P5 Y$ J7 s- C `! |
.BAT OK. ["%1" %*]
4 _+ {- u) o3 K K6 J7 W
.SCR OK. ["%1" /S]
8 E3 F) s* o& { O; w5 e4 w9 Z
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
$ \7 y6 \: {% U7 a9 |, j
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
+ x; B4 e8 A6 j. ^6 v+ C
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]6 e( W2 _, B( q+ d$ H' `, d
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
( j) c+ `6 W/ p# X; s3 @
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]7 H% ^! B7 l/ w, Y$ ]* ?* u
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]/ F( ~7 W1 u' E) y4 q! ?6 ~
.LNK OK. [{00021401-0000-0000-C000-000000000046}]8 X! d" c8 C5 @( l3 y( V
==================================
9 W' V( Z+ t5 p' ^: K% ?- O% d
Winsock 提供者( E2 K, \, j' q9 z, s {/ w: m
N/A6 F8 `7 m! N3 {& g; M0 r, B
==================================
- p. W4 [5 X9 k
Autorun.inf
8 D! x- e+ Q0 z
N/A3 E7 v1 e4 C& V
==================================
% K, V" q' Z0 `4 ^' }8 G
HOSTS 文件
) f2 C% B; ]9 b) i" W
N/A
( C" U; F; ]2 a0 f
==================================
0 i( E1 A( N, _# ]. _
进程特权扫描5 Y. @, F. I* M) G( {- R
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
5 J, C- l5 h5 C' Q; [& s, I+ H
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
u9 F4 z1 J6 W
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]& W" t0 ]5 }. T u! E
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]2 \' S2 W- I: a$ ^& a }
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
# y0 X i; d* M
==================================
0 [3 d# T" R# h
API HOOK
' c5 W2 @0 u* s, [
N/A( C n& d1 N* g
==================================* W- c. I/ ?) D) o, f7 ]
隐藏进程
8 J* G9 a( h* \# u! {9 C; `0 f
N/A
! J w+ ], {# }$ \
==================================
4 K! n6 N- I& E/ p& P6 j
3 z2 b& R3 M/ @- u9 a7 L

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115