在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

, A! H" |- @' W7 I. ?% S. k
2008-05-22,20:37:43
# k0 m8 Z6 ~: j; A6 Z
System Repair Engineer 2.5.16.9004 y* v: X8 S/ n `! ?" |' m
Smallfrogs (http://www.KZTechs.com): Z, _# O9 v* ?- t# `1 D5 |
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能8 e% @0 y2 A% k, a7 T4 f3 Q( i
以下内容被选中：$ c* ~9 L3 Q; K& |1 Q
所有的启动项目（包括注册表、启动文件夹、服务等）
" J4 g$ p; D: {' J9 n/ q5 ]1 X
浏览器加载项
+ V$ B2 D& _/ L7 h
正在运行的进程（包括进程模块信息）: |+ n/ V7 V& N! U9 \
文件关联" s7 [! ]# Z8 O l# K
Winsock 提供者& {' R7 W* O" ?+ v+ G+ j
Autorun.inf
- Y8 A. {: B" t+ S5 ]! R" S5 }
HOSTS 文件! w; A6 [ d& K, O/ O# F6 ~
进程特权扫描
8 H' Q. z/ X& [1 R% c3 a% z
3 ` k# T% b" m: x1 R# P9 V% O- n
启动项目% q- f9 H" N' ]% v
注册表
. ?3 Q) N0 J& I8 J- u+ {0 q
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
1 C7 M5 O! g; Y! d/ X f
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
/ g4 o! w. i& S4 M8 e' ^ I" n
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
/ @# k& m n9 `* p) l
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
Q1 l. [; t0 ^' k2 v2 M; Q
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
) C+ ^* {- i# K
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]4 a3 A8 }& W8 f$ k3 S8 l6 v. u
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
7 J% \! \& N7 m! @
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
4 _: r- l; j8 c
<PHIME2002A><; > [N/A]
& b4 ^% K: }5 s: J: D& Z9 n6 B
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]) J# o# s) v1 Q$ z7 u0 e \3 o9 I
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]/ N5 y" J0 e+ ^5 p+ a
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]' s+ q; o$ e( p" {" U5 A
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]3 g- @, b7 R# p) P& q
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
" ^: {3 F+ A) r: m
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
/ u, X. s+ A! O% f! @4 d! [* E
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
7 e) N7 M6 {. T, H3 J# ~6 A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
; ^0 L c$ x: k: @( z+ f
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] {7 P) G- t) ~ f( r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]% F1 ~+ I# d0 D5 E8 E
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]) F, ?+ l5 q" ]4 P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
: C9 a O6 U. ^6 U5 `& C$ J. L
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]3 W+ t& ~2 w, b# {" L; Q5 _
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
3 T& p+ L, s4 I# g6 e1 t5 [
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
9 X. @- d3 S, a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
6 F$ k g2 g J& ?- ~# C
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]# ?! ` m3 ^& I3 E- o
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] `5 {2 S1 l7 n; N. M
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]1 e3 {# h: [; t5 K3 @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
( E/ Q0 @! p) K4 A. I m% k
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
* b9 |& h! z. [8 s6 ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
a9 K- u- _$ q' {' |2 j8 ?6 W. f
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]+ Q- Y) x( _2 O9 y) p& K0 n+ {
==================================( I- t6 P4 r7 H1 g- ^! X/ h+ t
启动文件夹" \) k. F3 @3 y8 `
N/A$ _7 B- }" r+ y6 b% g9 p0 T
==================================
- p- u" f3 l9 |9 h" o& e
服务
# _3 a4 ~& X( L" t
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]! d7 {; e( U5 Y3 i; Y. p
<C:\WINDOWS\System32\3wareSrv.exe><N/A>/ c% |! s5 z/ Q1 G+ \
[Google Updater Service / gusvc][Stopped/Manual Start]( Y8 k$ _) y$ r. z1 i6 B
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
+ `( J4 L* O' Z' N/ k1 [
[Help and Support / helpsvc][Stopped/Disabled]
& v d- g. d0 P. u& Z
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
' U4 [) g s& X" V
[Human Interface Device Access / HidServ][Stopped/Boot Start]
, g/ R2 L7 q. Z' L8 ?, e7 k, C; R3 E3 S
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>8 @4 U6 _1 j: U, ]8 n' h* K: r
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]$ o q$ E- O& j0 k: w, Y! a
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>9 f! l, Z% [8 Y7 F! `
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
1 h6 A+ P" ~8 z& K: s9 E- F3 [: u
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>$ ^* i5 Z) w: S0 `
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
* e# |/ o5 p6 L# u7 R
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation># b3 p; w+ C4 v6 @) h- O" t
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]4 x! e2 M8 G* ]7 ]/ H( x2 ?6 z! j m
<><N/A>! f k" k+ O9 V4 f6 p& \3 n* J
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
5 G" I) @# L1 ^5 Q5 S, I
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>% z' q$ e( j. v' j% C1 D
==================================3 u" _9 @4 \9 b6 [) R5 j+ r/ M
驱动程序
T- u% Z1 d/ p1 ]0 e
[22j / 22jn][Stopped/Boot Start]
' K8 ?( Q/ l- J ^; Y& F4 L
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
3 s( H1 M: W% N$ s. X
[360AntiArp / 360AntiArp][Running/System Start]+ X' p! H" u. _+ r4 S
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
$ ^8 i7 _0 m2 {. t8 C: ~1 B
[43ec / 43ecu][Stopped/Boot Start]
# G0 m$ [& {+ L. |
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
3 |0 M, g3 P: t# `
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
, I/ p9 m. p3 |, L; X! i$ T- |
<system32\drivers\ac97intc.sys><Intel Corporation>$ R3 Q) g+ v6 r- h% g' p! \
[Promise driver accelerator / bb-run][Running/Boot Start]" D% }4 l& c9 U7 E8 R7 T9 h5 }
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
/ q4 S) _) L4 C- L7 c$ K: c. d$ K
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]" K1 @' [- B) B: q3 l6 k( H
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
! K- U7 Z7 e: _9 Y( q9 i! v
[KAVBase / KAVBase][Running/Auto Start]
" ^) O8 _" m% |* [ Q
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
: N. E4 W2 ^- ~' b
[KAVBootC / KAVBootC][Running/Boot Start]
5 U3 G" j* `1 A: y4 J
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>5 o7 d6 k! G4 @/ f" r+ X/ V
[KAVSafe / KAVSafe][Running/Auto Start]
0 [: C& g1 `! U# X8 ?7 _; N
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>0 }+ P4 {9 ]; E
[KNetWch / KNetWch][Running/System Start]
9 g9 q* I) H. A" ?2 ^" Y7 X" u
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
$ b! i; A2 w( X9 v! D7 K8 E/ p
[KWatch3 / KWatch3][Running/Auto Start]( M7 S7 V8 p" K4 @+ [
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>' Y8 m2 n0 _. X8 `. m# T& q
[ntptdb / ntptdb][Stopped/Auto Start]
( w0 o& B5 y; W" W
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
0 |! q0 ]( B* ~7 L7 i* j' `
[nv / nv][Running/Manual Start]: N( C3 [; x) T+ D" G- W4 F0 N
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
! Z( s: g5 J( B. i- {- d1 g3 Q
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
: ~7 Z, h0 G* T& j/ }
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>* ~; U: A9 t+ g# S" T- ~
[DDK PACKET Protocol / Packet][Running/Manual Start]
; H% x b. V! y# b
<system32\DRIVERS\ProtoDrv.sys><360安全中心>1 V, p9 O+ K, @, g* u( A
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
) r# R% q+ \. h1 _3 z) K
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
0 Q3 f2 v$ d- J p
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- {$ h0 M+ q( g/ B5 E' w& {* M; V
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>+ W" ?* A$ r& z* D# \% Q
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start] M/ z1 B: Y) `& H! Q
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>- R3 m' z1 B7 P& }
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]) C) ?. Q3 D' W' o
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
* B; p8 F; n" w/ n1 y) x
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
+ a i4 d! s6 o6 X0 U
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
3 {! b) {4 {# m! d* L1 m
[Secdrv / Secdrv][Stopped/Manual Start]
6 e2 ^3 h: a% F" n
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>+ A4 D: g8 x9 F+ K, t0 `
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
: E/ ]8 U; R8 v: I% {8 }) j
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
6 B; A n' t$ I+ ~# V- \
[System Restore Filter Driver / sr][Stopped/Disabled]
3 Q* [. a- B- @" n# ~
<system32\DRIVERS\sr.sys><N/A>9 w( n. y, h3 i* j
[TesSafe / TesSafe][Stopped/Manual Start]
3 d3 r. O6 h$ v
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>% Y) ]9 M: J1 P3 Q* |- J
[System Services / unzxzsrs][Stopped/Boot Start]: v7 A: [& |: o# i. y ]2 m
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>" T$ v; k9 J3 b0 t; @$ l
[ViBus / ViBus][Stopped/Boot Start]
0 u; B8 q- h+ f) n8 G. q6 e7 t
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>% O' F( F$ z4 B `. p
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
2 P0 b2 z+ U+ n0 `; O
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>4 R' z `! M4 d6 W. A6 n8 b
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]: }' ?" d" l% `5 v$ y- C# U/ d1 |
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>+ X/ X2 r& y' G. M# X3 u
[ATI Extend / zhibmaso][Stopped/Boot Start]+ [) h9 Q: }8 u* j6 o0 z- h) i
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>3 @1 p; B# P' u
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
( U+ r/ ~( E* T
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>: r- \% {& J* W: D% r
==================================
/ M( W" m) A( J0 `# e, l9 r
浏览器加载项0 G+ J! J# i, B; z
[Google Toolbar Helper]
7 w; i6 d) r# t0 x
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>, {+ d, e, d# ?# s" k4 J$ p9 i
[Google Toolbar Notifier BHO]9 P8 T2 r- d" y$ E
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>& `$ e3 u/ o2 _- l& ?& I' J$ ~
[SafeMon Class]& I/ P: i# T: ^* M
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>+ q$ v" M4 d/ Y( k" p$ C5 k/ M' u
[kingsoft browser shield]: h1 w- z0 A- {
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
. q, f2 x( R( p3 N5 ]
[IEBuddyExtControl Class]
$ P2 B6 W) n" d3 O5 N s$ i) e$ I
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
- o3 y: `' f, Y! s, ~+ ]) P
[Zcom 杂志]
9 M B% @. X2 Y$ Z, U# W( r
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>" c i5 {1 r6 K9 f0 H. \
[&Google]
" K! p/ J# U; g& j, W' w
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>' I" N9 X9 \2 g& m
[KooPlayer Control], G i4 B/ g5 s- |! j, A" w! V
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>2 n$ F) y! W5 [# E
[Shockwave Flash Object]2 ^$ V( F6 Y$ r4 x4 ~% N% L, Q
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
% f" D5 U( G. b* a$ U
[KUpdateObj2 Class]
( c) |/ X4 N+ d( Q0 ^$ c
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
) p( B8 U. o" [6 j0 v, f3 D
[Google Script Object]
0 K4 F, j( L4 ]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
4 j, K' }% D9 k& z$ S, {5 n4 Q8 q
[EWA Control]
( w. C8 O2 O# {7 `5 y, ^% j
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
8 X% o4 Q8 \ A" v. w
[Windows Media Player]
: D- R: P2 A& Y: r
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>* w4 P2 r4 u0 K1 E4 g9 C0 S
[&Google]# Y0 }$ l1 a$ N
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
( H& c# X: r8 T# r2 ^" e( e- f* C
[HTML Document]! u! y: n4 j# m( O( \
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>0 |/ a5 \ _& h! G, J+ m
[DHTML Edit Control Safe for Scripting for IE5]
' r9 ?: s) `. U' D( o5 E
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
% c- P" L2 [1 I" w4 v; A3 B- s
[RealPlayer RAM Download Handler]) K X9 X! u( x5 v6 v
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
! A0 H; \( ?/ @. }
[IEBuddyExtControl Class]' k5 [' d, y! H7 k* l( Z
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
) I9 _$ R" d: z
[XML Document], `; Q8 j" b/ J4 F% h, C
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
% O+ b8 W5 X6 u. p0 T
[HHCtrl Object], w$ k" U9 R. b j1 n+ E
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>/ [- K, e) H& L: m2 a r, t
[Windows Media Player]# k* Q- ~" t3 e# ^
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
" @- p; ]" F0 b4 x# u
[Active Desktop Mover]
Q" |# ]* y" `" g( G6 O6 X6 S: c
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>; Q3 F- ~ F* ^4 T% d/ c2 {& T8 {% l
[360SafeLive]! ~. ^# G: A1 q$ Q) m. S5 K
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>' A: B/ t D& r) j( _+ i9 J0 [
[Microsoft Web 浏览器]% Q: s" h( u3 m# d7 ^- u
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
0 [4 y) ?5 d7 N# U6 ^5 U+ t
[Browser Enhanced Objects]
* B& \) y: j5 \
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>, M8 Q& q$ J4 e, Q7 P
[Google Toolbar Helper]) f( N) M! K( t- k/ H6 v5 `
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>+ C; F# s8 q8 e3 I# @- A r
[Microsoft Scriptlet Component]/ i1 J% B+ c# S9 Z
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
+ C( b! h/ E. w& h
[Google Toolbar Notifier BHO]
& A. c% D3 x/ g3 Q/ X3 @
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
0 I) Y4 q m- N/ n: p
[SearchAssistantOC]
& U3 I$ j6 e' C6 d- G
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>! q3 F0 m, v& W/ l+ _ N2 y2 R
[SafeMon Class]
* H4 Q4 D _$ N; B7 h/ X6 x: B* m. S
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>0 X( p, I1 `$ y5 T( u1 B
[RDS.DataSpace]
' G6 n+ |7 s: `0 W4 @" ^) M5 C& [
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>1 ~: |2 z3 N" \
[KooPlayer Control]0 Y6 u) D* J% N
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
, I7 B$ P/ h, C. z9 x
[AUDIO__MID Moniker Class]
2 b6 o& Q+ @: r1 T/ g7 _1 f8 Y
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
$ H( Z' x8 H$ K! a
[AUDIO__MP3 Moniker Class]9 Y! m( C$ n3 c- d
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
, Q/ I6 j! c8 o: W4 O! a. z
[AUDIO__X_MS_WMA Moniker Class]5 f1 L" ?4 K8 P x$ f; L
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>1 G; i) o' D8 m% l! V+ d
[VIDEO__X_MS_WMV Moniker Class]
4 z2 e- ] i; }$ x3 Y& G% `) i
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>' B& u- R8 E& N2 C, p9 y
[RealPlayer G2 Control]7 J2 p+ ~9 A' f& b$ U
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
9 z1 |" X2 H* O1 h% p
[Shockwave Flash Object]
% ]; {. Z1 E: ~, c3 T& T) J
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
; S4 J& G/ O: J# E. ~# e! P7 J6 R
[KUpdateObj2 Class]
$ k U# }: M- \/ B% D8 f" K
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>6 Z5 C. E5 V& O0 }
[kingsoft browser shield]
( N% Y8 n$ s# v6 |7 u0 b
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
~" N8 I- e3 z7 k
[PasswordEditCtrl Class]4 H7 M. B" Q# ^3 d* a1 o
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>, o/ k! l- _0 q
[QvodCtrl Class]
" g1 U) ^& V, h3 P' o
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
7 i5 C6 l# {# p! \. d* w3 a
[&使用超级旋风下载]
* L4 _( V: S0 ~6 O; F/ F( x
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>& m" z# R9 Z: W+ ~% O- d
[&使用超级旋风下载全部链接]
- R* V" P$ @" D0 s4 m; b, f4 z
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>1 b6 Y* K: i: i, ?5 n4 Q0 Y
[使用迅雷下载]
, Q& p+ a4 E% Q
<, N/A>
7 G! Z: f$ R2 _0 c l" i
[使用迅雷下载全部链接]+ F+ B8 ?- j5 H$ K# {2 V
<, N/A>2 s+ x: K/ C, ~0 ? g( B/ ]# w3 b
[导出到 Microsoft Office Excel(&X)]5 F2 ]* r7 c$ E9 S
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
6 |4 y1 B! ]% P3 ?/ b2 |
[添加到QQ表情]
/ v$ u6 K0 J# W
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>8 u/ @; E: A0 E( n$ _ W) Q
==================================2 ]# f! s( n7 `" k
正在运行的进程% S a( y% J9 E
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" A% @4 }, b; }! `7 |3 j/ Q( X2 t. f
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: v7 I; K; X0 ?5 e+ f
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 ^8 E7 ]: Y4 i# u/ x
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 \) G# T7 u, Y
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# B* g% r P7 _
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] x; f+ V4 I; m, I. o6 t( H- O
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" n U7 l3 t# `: l0 r" q
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 @0 i$ `# u$ s- k9 j" w1 p, |
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], X8 c: b s6 G! C! z1 ?8 S
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ w1 f5 B& K; v
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" i/ Y0 B% h4 n# I4 }
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]! J; W! N/ P7 I) u" k% J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 y& ?8 [; e4 [5 q0 T2 ~7 C8 r$ r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* _- V/ L7 J8 c ^+ _. _' ]8 v
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]7 K( G/ ]# v5 E# }+ Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- y1 S8 B- M! j) I* R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
4 }2 r& E( C6 t4 u Z6 z7 p. b
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
4 I0 H8 I( Y: |
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
3 I, j* s( n8 r% W% B
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]$ c; Y' {* ?1 t
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]( Q& a. {: H1 X9 @
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, D9 p6 k" O3 W- h5 Q1 A+ V
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
0 `2 h& i+ l( c4 a1 V" P- }" a
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]9 U" C$ l' h: `+ H
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
. c e" h. B& V& z a& y& ^
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
2 I+ F4 p2 j7 q5 F/ d
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]3 p# B% a. U# C- q# i0 [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]1 k5 \6 Z7 n- ? @& n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]- ^! T* ^' ` U: Y6 k, C; l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
/ P+ T# V! {, J7 ^7 w7 P1 O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ d. G D& x% Z5 |$ L* _) J
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 J- _; y. ~2 N) ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
; R+ ^! X3 |4 m) C* P5 u/ q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" T- Q& w: G: }5 S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, c# [! q2 h3 O4 W) C
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]0 [ W5 g* t4 t; {5 G$ T4 h5 p9 I7 T
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
" _+ v% N6 X7 \4 y2 K, ~. P- @. w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( D+ T; `, e V5 B( e3 @: H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]$ U) x) G, B3 F4 I6 o2 U
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]8 X _/ b; r1 l; z
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]# E7 x0 i; I6 I/ o7 j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
' |; y4 d2 b: |# o, ^! X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
* u# V/ @: R; R' B% c5 v( n
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ V' O$ R4 _- X. `- b- }: j& z. X
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
( z" Z9 g1 q* v* E9 `
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' A) O$ u* ~% J, d( D$ O
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. I2 X4 X6 ]/ {, @2 }
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]+ p" l8 j7 s& {" H" \8 `8 l
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
: M# W7 i. S ]; G
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 C' U3 t' T' y8 w$ f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
: z* t0 i) F% M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( Z0 z k* X( w' V3 G u9 d8 j9 s( G+ y
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
. q0 s8 y% c$ W2 J; }) @
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
9 U4 c5 @3 }. c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
! y% \. B7 i: G6 T& U) ]1 r Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
6 \5 s( @; k6 b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]3 H- o- k7 s- U" N5 W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]8 Y+ p0 i+ m: l5 R+ M: Z# i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]$ L/ [ W- f3 C8 D- C' ]; u
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
% k' W6 r3 d( V$ X8 P
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]4 n; d3 t% _# ^/ x Q: b: y) V
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
4 S4 N l$ y8 m+ g9 R3 i4 w
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
. M6 J: `; P9 B4 c
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]: L- N( [/ @0 [0 E2 t% J8 Z
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
3 C2 g& Q/ h2 q
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
) S1 ?4 W" u3 L" K" F+ Y
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]1 l, i+ M, T/ @$ D
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
1 k5 e6 d0 H0 E& e
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
5 H) m+ {; v2 p0 M# Y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' t& z! V1 @' w! J' L1 f) \1 z
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
6 s& B* X7 C' a/ j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) D, m6 Z* j6 w; d m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ N, B @; D$ J9 l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
# I8 }7 _$ H' D) H! \' C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] x! j. y. w; N/ ^, ?8 I7 p( F
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]1 O$ a9 ~ \/ O( o( w
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 ]$ F& z" u2 p' U/ Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
" c4 D$ w$ B* d- K) s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 g+ X3 f D2 k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( d; m q- u5 d' B
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]# }6 Y2 ^! E# I; P9 g+ A4 T+ E
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]9 E" L$ J7 X- m- d
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]4 N: r7 Q# t' u# D% Y) w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 g/ K# W' q3 x% g& n0 X9 e d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* `: k6 X1 c5 B
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 J- w; n+ H, O/ \& q
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
* `+ V2 F. m' G3 z0 z% A
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]( \' N7 C& Z% H0 l& Q- w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" y( Q2 j8 O( u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( i2 Z/ i8 T) Q& E5 k, p; B
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" E6 Z0 F7 a8 m: X& n+ G( w
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
0 ^; ~# z6 l8 p* |( s7 P: `& c+ x
==================================4 m2 O9 g; F& F# q$ m. w
文件关联
. v& h; n: \" t) c* ]
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
3 T {, Y; y+ e3 m9 e
.EXE OK. ["%1" %*]
6 M0 ^) B6 d3 \$ n- Q1 b
.COM OK. ["%1" %*]) W) N) e$ f9 B+ Q2 f3 k6 R& B) c3 v
.PIF OK. ["%1" %*]
z' ~3 J4 l9 M! E1 e
.REG OK. [regedit.exe "%1"]
! F3 k2 F' t4 k# r( _
.BAT OK. ["%1" %*]% B1 `0 x7 T# k6 ?
.SCR OK. ["%1" /S]/ _8 Z, K* M8 `( c
.CHM OK. ["C:\WINDOWS\hh.exe" %1]# \1 W# S, H% E \5 k$ `4 P
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]+ v! H& R% ~6 L% Z
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
; \# P# G- b2 R( C8 s) s
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
$ y; i |) C! ^9 [! ~) j
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
6 u' H4 M$ P) k
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]) e: m5 ]6 I7 k# q& v
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
2 f, `$ x7 ^0 D7 ?; B
==================================
+ `1 U) @/ S0 q, F0 i4 Q
Winsock 提供者
2 j; s# Z! H- P- Q
N/A; }, F0 x- y! x! v" G" Q
==================================
6 V4 x* b0 v" O' Q" Q4 W6 E# r# M
Autorun.inf+ h2 n5 Z& e% [: ~ w6 u" G$ [
N/A
) {$ f ~# b8 u0 r! N( K
==================================% A) s' v, k6 H/ j' B2 z) D
HOSTS 文件% H: U7 o9 y) x+ @
N/A
- S7 F, o. X% h6 t; g' [1 P3 e
==================================( I, f/ z- o, s
进程特权扫描$ A- k" F% U+ [
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]8 H, e3 E( G9 y. O
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]" O; d8 P5 w( H& [5 V7 b5 i7 D% Q* x7 r
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]7 }1 a! L7 ?- H. ]" E; [9 l
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]2 G7 q& u) r6 S. W/ A4 |9 g
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]( X2 V3 i( f2 S( C9 L9 r$ q# t
==================================
0 `+ W; d0 W( O1 T/ P) Y
API HOOK0 m1 g2 f4 I0 ]- h# m+ ^6 ~! ^
N/A
; y) l3 q+ m. l
==================================
- I/ N" O, Q6 H& b* M3 S8 ]0 X
隐藏进程
, N$ q# Z/ r% F, q; E( a
N/A. u. Y: Q* q1 H! k A1 N
==================================! N4 @1 X- ^) f$ d/ j
7 {, Y9 ^* N3 I5 H- e

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115