在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

* K k- z4 x \0 Z1 O
2008-05-22,20:37:43
+ A2 x! u8 K( e2 c6 _: W
System Repair Engineer 2.5.16.900
5 h! ^# R0 w) G) b
Smallfrogs (http://www.KZTechs.com)6 G6 [( a7 N9 }+ c, q; s) l+ v
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能7 h, z* F" H+ k% H' p) |1 R
以下内容被选中：
/ l* B/ _1 j) W% U8 ?% R1 a
所有的启动项目（包括注册表、启动文件夹、服务等）
- G% d0 G8 f% |0 G
浏览器加载项9 m! N1 X9 _& c
正在运行的进程（包括进程模块信息）1 c L x# _) X O- c
文件关联& |) N# {( F1 w0 H+ @
Winsock 提供者
9 k, b& @6 W7 i& \- o- K% S8 O S- R
Autorun.inf
. m* m, D: z& b
HOSTS 文件; M% G2 T1 K3 X' ~) s
进程特权扫描
5 ] T- R2 H$ I: d
% K. e, n' K3 t# b/ {- T
启动项目
2 J. n& e0 A7 G p
注册表& r, b" K' a" t0 C9 l1 l5 M9 [
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
6 p; `5 w- a9 ?$ s I
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
$ D, ]# X, V- M
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]3 [) S. b) G4 _( U$ N" x
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]1 b/ x4 A, C3 o7 z9 [0 C
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
V1 w' u7 Z9 [+ G
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]/ r6 n- Q! ?! Z0 a2 B9 m8 C
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]" v9 _" G4 R# m: ^
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]' V; }8 r7 O4 y$ y; f
<PHIME2002A><; > [N/A]
! d4 N* H6 s O& ]$ c; ]8 ]) ]% U
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]: X7 \: q3 U+ h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
/ z+ ^! E9 F- ?5 I
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]9 b" S$ L9 x' J( X& y2 x
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
5 w/ K+ r, G& D: X
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
) {" I4 d4 R+ {$ l4 e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
' u+ h- L& d+ W8 n# X, [* }
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
" h5 c& ~/ }6 e: U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]0 K( f& d1 P0 b
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
! B8 J4 r1 a% Z: N* u6 b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]. D9 D' M0 U& A+ J; e9 q
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
& r6 V+ {. G, F3 Y, j0 D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
" H2 ]! ^9 n: N/ b% M* U
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
$ r) b% [+ q& M6 f/ L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
; O4 D2 m. Q8 }+ q
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
1 O6 w g, x' e+ o! K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
1 i8 w& S7 W1 l4 \+ f8 {$ M
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]6 H0 U" |( Q2 P" A. ?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
) S c0 ?7 A) }7 q) U
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]' H5 n" B& a9 ~$ p& B+ n/ l) f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]7 r5 N. a) C, G- [9 Y
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
g# C; t8 d1 I9 h1 q. g6 j
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]2 q' ?' |1 ]/ u' ?9 u; T3 }
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
/ ^5 {" O, W, N' d7 ]9 Z
==================================0 i7 Q4 A" a( a
启动文件夹0 ]( d8 B H- ^; [* u2 J
N/A
' C' q: @5 w% s. K
==================================' Y" G4 M J5 ?
服务+ [) W, N% Z& K% J6 G
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
6 x6 X8 b3 B% B( w' ?9 Q6 |
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
% [" Z, g" b) j/ I: I5 M
[Google Updater Service / gusvc][Stopped/Manual Start]* `3 N# k7 I; Z/ k2 |
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>/ _4 m# r5 ]' F5 I0 r4 v
[Help and Support / helpsvc][Stopped/Disabled]
) m6 r4 M8 a' N: Q) f3 F$ c
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
: p( H5 d$ f% @! A
[Human Interface Device Access / HidServ][Stopped/Boot Start]
& N; I! N3 a) R
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>4 J" x. d X% {* q0 Z' O9 K i
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]8 R6 r$ G9 K1 \- R# k! f
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>8 [* n0 ]" ?4 @/ C) E3 s% ?
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]: d* x0 ?9 s6 Y3 e: W
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
( ^8 L% J- A3 b" u/ h- D
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]# c9 | @4 f0 q3 h* i$ ^* |3 N
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
. H0 N: i. n' S2 ^2 ~/ N
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
' Q7 a" `8 h7 N1 b0 O4 F
<><N/A>4 M, o. c1 Z1 \' A) n
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
) x( _& A$ a0 O' x
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>5 h) l" O" _9 A( l
==================================
7 m ]9 O" n6 S
驱动程序
* ]8 f; Z8 Y! k) q7 c6 l
[22j / 22jn][Stopped/Boot Start]
% O$ U* E9 {0 Y9 r% V) r" B
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>* h4 w& T% }5 b; Y4 c9 G) o
[360AntiArp / 360AntiArp][Running/System Start]
. C4 b/ Q5 }% H" q, y; Z
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
% D" J- J, ?: R+ x- r
[43ec / 43ecu][Stopped/Boot Start]3 e8 {: N" P1 d" A7 v" z0 W! v
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A># _4 I+ d/ b7 J) S2 J' Z" ?
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]5 p8 v. T& h: h* h3 l
<system32\drivers\ac97intc.sys><Intel Corporation># u7 ]) l1 j# p h
[Promise driver accelerator / bb-run][Running/Boot Start]' z' R% M8 M9 [- R9 S, k8 K& G5 e1 d
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>: k+ p6 Z/ m; T% n1 K% W
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
2 e* p1 @9 C% r, E5 l4 p3 c
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>% q1 a0 y; A1 d( P0 u; O4 \
[KAVBase / KAVBase][Running/Auto Start]) v6 j O% Q. | {5 c- Q% T m) F
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>( d7 A1 E/ e" @$ F
[KAVBootC / KAVBootC][Running/Boot Start]
/ z! f' B. ]1 n d& }9 T4 v
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>! v$ x) Z5 \1 `3 c" H! Y4 T
[KAVSafe / KAVSafe][Running/Auto Start]( _( `$ _* {$ X( c4 h: q- }
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
8 f: x6 R: x- @& b
[KNetWch / KNetWch][Running/System Start]# p) t# b8 o5 W% p# ~# |
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>$ l2 r- Z! O1 a: [. S, `3 ?
[KWatch3 / KWatch3][Running/Auto Start]+ L2 s. B4 H/ z) g0 w; N" E9 V
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation># `, d- B* L B$ |7 t( {; {
[ntptdb / ntptdb][Stopped/Auto Start]
9 {/ A2 g* V8 ]" n) F# S$ E8 }
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
% K9 ^* J0 D# q. s8 c/ O. k
[nv / nv][Running/Manual Start]4 S$ y0 u- D$ Y
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation># S% |( \- X( ]9 g
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
5 @& j' F! ^* t+ \6 t# ?& F
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
3 ?" U: I1 }# I# K0 {+ t
[DDK PACKET Protocol / Packet][Running/Manual Start]6 [6 h0 T) x- D1 l
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
" [+ @3 _7 u, b3 S: j
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]# P8 y! c1 y( E# K. [7 b* L! ~0 [# ~
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
" V/ z. z: Y4 j! o$ ~3 ~
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]8 w" S! X* e$ B0 x& ~. T
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>* d" T2 [# G3 y8 ~$ @6 C, w
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]* G+ @/ }' m( m% A+ y! f
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>" H9 B) l* z$ G
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
/ u( F! G0 `/ O! Y' R
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
0 M) R6 R, H) f+ i& s$ l
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]% y5 Q5 b/ X' x) U1 y" X. T
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
7 Y C+ [3 \3 ~$ p* C, \1 N T
[Secdrv / Secdrv][Stopped/Manual Start]
0 X5 R- X; x8 I6 P
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
; P }. K2 t% E! K( l- W- w
[SATALink External Device Filter / SiRemFil][Running/Boot Start], G `* P& ^, G2 U, b
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
# F) ~1 F. w, o% B, z. y9 Y
[System Restore Filter Driver / sr][Stopped/Disabled]
: ]$ \* B8 \! {7 z
<system32\DRIVERS\sr.sys><N/A>$ A# I/ P( e6 o) F H7 X- ~! l
[TesSafe / TesSafe][Stopped/Manual Start]9 z$ Y$ {* n7 g! I! @/ o
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>% v7 ^ }8 U5 g# j: j- m+ u: Q, C5 h
[System Services / unzxzsrs][Stopped/Boot Start]
: p8 B1 W/ B) l
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
- R1 D1 e' I6 |
[ViBus / ViBus][Stopped/Boot Start]
X2 Q5 j( q& S6 A
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! W% F, |( r" n% Q
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]* w% `/ i/ |6 i7 S- v8 [
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>' h4 J; r* d: j) w7 i4 U
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]3 d6 F) P {* M4 h6 \/ l6 o
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>5 L* @- r6 V; C# x5 C) l
[ATI Extend / zhibmaso][Stopped/Boot Start]
6 c t) Y4 M# b3 c
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A># P1 W" U( z! P* `; S, D
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]. p$ Y- F0 h0 u
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>( h2 g7 h" @( c/ D a
==================================
, Q4 ?. g! |6 A
浏览器加载项
. P! [- q8 s' K, Z& m) |3 h: M% |
[Google Toolbar Helper]
) {3 @% t% p" i. ]3 g: D/ I% V
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>4 B( Q; W1 y9 a5 C5 {: D( O
[Google Toolbar Notifier BHO]. q9 o7 Y1 u! N$ Q" T9 a
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
% @. |( D! X4 g; z; f
[SafeMon Class]
# Y2 Y5 i+ j% g( x
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>3 {6 T5 g5 l- n7 X
[kingsoft browser shield]
6 ~: e' \+ i2 Z8 J" f( h
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 F- c6 t* d2 W" k% w9 f) i$ I
[IEBuddyExtControl Class]
/ H7 {- b' R+ B1 ?5 W# b: M
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>9 \- e, _% }( ]
[Zcom 杂志]
4 T# |) Y* H/ R$ B9 x: m# ]. W
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>! z) t: A+ a- v5 p
[&Google]
( c6 a- ~/ Z) ]# s# t8 t2 \
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
3 y- X3 N' R9 [3 f
[KooPlayer Control]
3 x6 S& N5 ]8 q. T3 O# x/ [# n5 Y
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>( Z5 V9 C4 g8 H. s3 x
[Shockwave Flash Object]4 ~* M# M6 ?1 V, ` f
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
: c; }' K$ R. c0 Y8 M4 D
[KUpdateObj2 Class]9 V. d. i# b5 ~, p( q* e
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>) N D% h5 r8 Q- m! e' N
[Google Script Object]# t" f2 Z0 ~6 e" {+ O; S
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>4 G% T( V: F6 p4 I, d' W( j
[EWA Control]
% K3 S2 h5 s- H1 F; m6 s# W2 u3 K
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
3 y+ A1 s* y3 ~. L1 Y) }" X9 l
[Windows Media Player]
z+ ~% _$ F* e5 W2 p
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
1 d w. d1 r9 m6 ^) K7 b; Z
[&Google]3 W1 M! r! I* y# t+ x4 y1 x
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>7 O( c0 U) k m
[HTML Document]0 [7 V( Y( W Z; i
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>& C; Y" ?- O) ~& c4 E
[DHTML Edit Control Safe for Scripting for IE5]
" C2 ~$ w z6 E) j6 J* T
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
: X* \ y8 @3 |. |% u9 U' z! H
[RealPlayer RAM Download Handler]$ I( c; u) O. ^! C
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
# J9 x' L6 F8 Y8 M2 J* T
[IEBuddyExtControl Class]6 d M( [: @" Y, z& B' A
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>4 ~; a% h0 M, r) W6 i+ E
[XML Document]
( g8 m# }* ^# [, r
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> \' t3 J3 {- {8 J: D% J
[HHCtrl Object]
! U& i) w* H( l [# I9 ]- e' A6 p
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
7 i# x/ X7 ~6 B% s9 `6 d+ v
[Windows Media Player]/ Q. _9 `1 A/ M
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
9 q& v8 Y) m; ?1 A, b# g
[Active Desktop Mover]
( Q# M r1 O$ {0 a- q2 ~4 ?! J
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>* X7 K) L2 c' ?
[360SafeLive]$ c' y/ m7 d3 u
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>+ v$ w' K+ o% [- {
[Microsoft Web 浏览器]9 z3 U5 O$ g: N: R' X
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>1 o) P; p3 i1 |7 t( h3 Y
[Browser Enhanced Objects]
: e$ x$ Q( B/ `9 Y3 n, q, K, D$ o3 Y
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>/ M5 `$ Z' b& q) q |, o! Z! W
[Google Toolbar Helper]# K! E+ U" Z5 Z+ V( { i2 E
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>- }$ y! F0 L9 i1 U
[Microsoft Scriptlet Component]2 J7 ]1 m, M7 V! d
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>8 d! Z& k1 ?4 ~' a; a
[Google Toolbar Notifier BHO]
* d3 n7 K) {( `0 ?2 h1 p7 ?
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
, Q; R, b( F: Q0 R' [4 v5 K
[SearchAssistantOC]
1 J% o M3 L! V5 ^5 u
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
$ _+ g8 X0 Y W& Y
[SafeMon Class]& p7 H, n$ T, c* J* C- }" R
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN> Z& K( J) @( K
[RDS.DataSpace]8 A7 g$ O4 W0 R9 v2 f( p1 g- N% R
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
+ w8 K5 D: U! u. O W. g
[KooPlayer Control]4 b& ^, j, j0 T0 e, r8 S) V
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
. t- x& n, F$ F2 e6 L9 W7 q
[AUDIO__MID Moniker Class]/ X1 l* C! A' P5 o7 n2 L! `
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 t9 ^ ~5 l. i& z
[AUDIO__MP3 Moniker Class]
6 c- t9 @6 \! q2 @, e
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 [" c: B3 m! ^: P3 d( r& F) E
[AUDIO__X_MS_WMA Moniker Class]
5 a, @! W. R0 x H
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 i I. y# s) g
[VIDEO__X_MS_WMV Moniker Class]
# w( `3 s/ v1 p+ _, k# V. u* V9 m
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 \! k7 I% o/ o6 N
[RealPlayer G2 Control]0 W/ ?' ` H/ b- j# R
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>, s# {2 ^) d( b1 g. y" V5 L" F
[Shockwave Flash Object]
! B( Z O2 g% j s1 |( `
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
! l/ x C) Y; _! q
[KUpdateObj2 Class]$ ?( L5 e" b( ~9 o+ p) S
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
4 h: V! F2 j6 F! \! ~2 e9 t! R
[kingsoft browser shield]' k8 {9 s3 Z1 b" V
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
^, k5 Q3 ]4 x
[PasswordEditCtrl Class]8 ^" s* v4 ]0 H' D$ b, l! a
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
1 ^& c+ T; W z
[QvodCtrl Class]
- L; ~( L$ q; o) a5 P X; P
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
8 ~/ q# A4 j, e: Q; o
[&使用超级旋风下载]5 |8 T3 i l) g8 `/ O' {9 V
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
6 N' A! w8 f0 F2 k4 P! A7 V
[&使用超级旋风下载全部链接]5 G) T. _, l. m0 O$ q. \' v) t
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>3 ~( \" O9 T* p; U J$ F6 D
[使用迅雷下载]4 W; N! q0 ` F6 T! U
<, N/A>4 n# O4 B3 \* ]. W+ o4 g! O8 j
[使用迅雷下载全部链接]
9 g$ R- E$ D/ i& K0 i5 _; `
<, N/A>( I- \9 X& d7 l. ^# t2 t
[导出到 Microsoft Office Excel(&X)]% F" H' @1 ^0 H
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
4 S C% d) H3 l/ [6 ]& I
[添加到QQ表情]3 Y! N! B `; b) T. j4 M# S
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>& j9 x* I0 Y* S+ c0 Y @
==================================
, w% u# ]" k8 u! e
正在运行的进程
' x; _) T; E# y$ f& D
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 F; k8 k2 @( _- n8 L8 S
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
+ ]% o7 _+ @* ]( H7 [! o
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 I7 N8 b8 Q' T0 D1 U6 X D
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
. y5 c. D( W( s5 g& x' k
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 G, D l: @ n% X) j
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
j# `+ o: q4 H& S
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 O, ~7 ?1 X. q
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% l1 O* ~" h$ F% [8 u9 R
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! t, e" T. M& O
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ W0 e; G" R0 N1 j
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" A y5 t6 f' P
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]+ D: m/ L) l1 _% P; N1 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 h, Q$ i) [% A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
$ Q: \" @6 p* k( K {' ]3 i; }' H
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
8 d |/ k0 [" Z8 h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ k+ F7 s, T- A" l" f, ~% u( x, {6 O" j; x" s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]- _) T5 l0 {+ L4 w: D& J7 S3 T' ?
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
5 B0 r! t* h5 I
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
$ `* l- S. F; v$ k
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
" c3 l" ?5 f9 i: c3 H7 ]0 k1 z8 O" ?
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
0 w7 p$ j6 P: ^4 p$ [, W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 t. Q# L7 x. v9 I! b
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- ]- {% h* b. v
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]* N8 p% s6 E u, f4 u! Y
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]1 i+ Y. _, h+ C1 h- H
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
$ A: O. h. S3 ?$ p$ r7 C: T! v
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
$ e; N! b- H5 u& x) c9 h4 L: D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# v" i" z4 F) J. Q- |% v1 v* F' {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& l1 r; N; M# }0 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' j( g% F3 C7 ~2 P' n* j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( I4 Q( H. `& o4 j
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! Y, X7 Z z' @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ H; o: d. @5 K- p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 v/ g0 z; o$ S5 \0 G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 \8 E0 |2 e. |" M2 G1 J9 b( `
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
8 Z4 I/ V% a/ @' f9 R( ?( B
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]* c! M/ p' u8 r! K* T+ D7 p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 D$ }+ }9 u" N' N. {; m, \. L6 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
$ k# |' ^( t) P% L" t+ i, o: M
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
1 {) P! T4 {/ v2 c5 x' R/ F4 r* I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]6 R+ T# V `% b' N2 e x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: n; M) Q% C2 }' Z( q5 J9 d
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 s' s x# H/ {# `) l. d
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 d |# l9 L( W. ?2 a
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
- ~5 N1 T# [6 `9 R
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" ~/ V! K# A" f7 u3 u$ Z0 B5 E
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; |! Q" L* q0 D0 F# W* O
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]7 e) h5 l2 Y5 T5 ~2 ]# J
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
% n. q2 k: q8 \* X- j% d$ M+ K% B) c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* H/ h% S6 J3 o/ G' y1 E& t/ Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( G5 U% p4 Q, p: f9 g$ q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 N5 f; n$ B8 z9 y' d' _ k6 u
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
( T5 E7 s2 C+ k4 u
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]' K! u( h8 H, B) R; R- N' U+ D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
1 a& @8 w" o8 w$ v; \$ d3 e& M. Q1 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]" x. h! ?0 u7 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]7 z# i. T1 m; E" W2 h/ f$ r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]+ D$ I6 ~9 f- |0 t" I7 [+ N$ O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]+ B, \* n$ _) S# [$ P6 r
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
' O* g* u1 Y6 X/ K: ?$ s- Y0 c
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
, w0 Q. C, T/ X7 |
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]& O0 y Z) W- \0 d1 P
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
$ V, ^/ H& K( C' K! V5 ^+ J
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
J5 @7 m! ` \, ^
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
5 H' R; r! b4 B# W0 g; M6 n5 h! I
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]% H6 T. A b# D3 y! g# }8 k) `
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]& Z0 v/ F0 V1 `- P# G I( ~
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]2 W7 M V0 f5 y; [3 _/ P+ h
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]5 H7 h, x1 O# L& F+ g7 o. O3 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: Y# \) N" W+ l3 r, E0 a! |
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]$ o5 G' Y& X4 w/ u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 r( i+ m- M9 x9 c) t7 x; G, S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 b* q! K8 `) Q3 t% T; j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
2 x; f2 {+ Y, Z4 J5 E
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" R6 x& S9 g' u1 u- D5 Q4 Z
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]& u+ ~2 a( g" N" p* L: f3 u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 c p8 L, i+ {' U0 h- I1 V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) ?1 ]4 \' Q8 E1 P( Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( i- t0 ~: T, X V% y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 V U! Q- n( I6 V9 p$ p
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
. [6 L/ Y$ p% z; J1 W
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
/ D" U# _# s0 I7 ?! _/ A
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' W# u" X5 c- C9 b; j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ V! Q$ F% O6 I- B8 Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] i- U! s. z. p( e D; y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 C. [/ L. Z2 }0 n% x; I
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]+ g( v g% z7 h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 C# S- U3 R3 S0 y \, z) q" k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 b4 f t! T$ f4 z- S9 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( e! A1 o* v2 ?! @: s% ^# O( G, o2 J) j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' O* d; B& I' }0 \0 d) K5 @
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
: \! g8 |" i6 o$ O% x2 {2 D" y
==================================) K2 f9 D; c7 H9 K" D; v- [) C9 {2 s
文件关联
% t0 p/ K+ `/ B* B( d
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]' L3 T ]% ?5 k8 t' B7 @
.EXE OK. ["%1" %*]
2 A) }! T0 q& @" `
.COM OK. ["%1" %*], \$ f) V% H$ s3 y$ Y" |* t
.PIF OK. ["%1" %*]
U/ z6 z0 V2 c7 l+ O( G
.REG OK. [regedit.exe "%1"], m& r. ?- I. T
.BAT OK. ["%1" %*]
% ~$ `$ G7 s `, C# y6 E( p
.SCR OK. ["%1" /S]
- I& O, k! U Q2 r2 b9 L# _
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
: }! O1 w1 l/ t
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
# R4 {0 l+ o$ y
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]% I- O) f$ J! f9 V. c- a# O
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]7 _# i6 s3 v( j D* t
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]# e6 g* f! ?1 |; m5 t- ?
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]. u: [( _! I/ f& q
.LNK OK. [{00021401-0000-0000-C000-000000000046}]& _0 \- g* s) }! t( ]6 n! h$ a
==================================
( |9 o1 q0 z% e+ n
Winsock 提供者" H$ X+ L5 U0 Z9 [0 I
N/A- b* W$ {$ M, }5 a
==================================: j, J7 @: a4 h, \; n7 [
Autorun.inf& ~- ~0 s% o: O& N$ M5 C
N/A$ ?3 |. C* T& z
==================================
8 U4 l: P+ B4 f% v4 z4 `, Z
HOSTS 文件
) ]$ Q+ Z; |+ W- J
N/A) t; h% l% Y# ?; P0 [1 d4 b
==================================
6 i- M+ w; M, C: _% U
进程特权扫描
" {8 z% P+ H9 K4 @5 c* G' T1 {
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]4 t, l5 W; J$ N w5 a, n0 s) T
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]; e' d9 s0 M; l
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]0 c9 G/ ^# O. _, C
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]3 u8 A% @ a) f7 k
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
# p! O: z% Q7 {2 G
==================================
% N- a* j4 S6 n- x
API HOOK; ~: _8 m" S. l/ u) z& F8 [
N/A* C/ m. w, q3 v' i8 a" p9 p
==================================
2 U5 C8 U5 u' v! u9 z y
隐藏进程
* f F- F0 X( v& q M/ H
N/A
& |. }' A1 ?+ d Y! S
==================================
% O. U" f! r. L# X) _* J
9 P" w+ Q; K) J

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115