在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

m# U. w& e* X9 C
2008-05-22,20:37:43/ H/ S- h! q) o( k
System Repair Engineer 2.5.16.900( `: |( f+ R9 j$ U. A
Smallfrogs (http://www.KZTechs.com)
1 G; A m& @" d
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
! ^5 I$ B& L) i1 G. j: i+ R- g2 l
以下内容被选中：+ |2 E& N0 ?: \. H) N6 l- w4 R
所有的启动项目（包括注册表、启动文件夹、服务等）
* L# g' S3 t/ W
浏览器加载项
- L) a* A. i! v6 [2 m* B Z
正在运行的进程（包括进程模块信息）
8 c. u' k/ ?9 o9 B& i* y R
文件关联7 n3 |& G0 a/ i! {
Winsock 提供者" y. M* ?/ j8 k1 `# @9 @/ n
Autorun.inf: u) J2 Z- [0 ~$ s9 C7 Z# U( J. V* w
HOSTS 文件+ P Y6 A7 G. d' Y* E3 K
进程特权扫描5 T$ V6 w0 J) p# C" f: j
4 u A* P" B3 E U7 J
启动项目; r, ? `/ H* M4 @
注册表# m& R, z% e& O) A9 g1 K& C# N. o
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
/ s" J7 h$ W5 S4 [2 G/ {
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]1 W" \4 f+ a* L" b7 s8 q+ R/ ^
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]2 z6 {) y% N ~* g$ M: [
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]& ?, I+ k) K. t9 d" ?7 G+ ^
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
' W" o( n e( W4 Q
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
# d9 z' Z* ~2 T. |6 F. |
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]* I4 M! h* t9 v4 J6 U
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
4 C0 `2 R" h$ V" k ~8 F" `' G$ {% \
<PHIME2002A><; > [N/A]# T/ x, V1 [; f$ F8 ~% Q# u; n$ z
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
4 M: J. \$ H0 s' B1 g7 |0 |
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]( c( y1 K1 Z- o3 ~# {/ t
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
- O0 v+ Y6 K; J. r n
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]1 b9 P& k6 t* y9 c3 w
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]2 n: Y% U C3 t, i
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]$ V6 Y9 O" K3 v; s! h# D
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
7 b6 j' Y! D) E3 {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
4 J+ M* e" y' W a' D
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
/ [: T& S* \& C3 n$ H" B7 C4 b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
A9 [8 S( W+ D% z/ {9 ~
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]2 h3 Z) y. A4 \3 s3 v! j
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]. }( l; j ~8 v, s
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
+ X$ [ [& _* J! `* W# H- F, R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- U" S# [* F; {' `6 M
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
2 V, f% n- A4 L! d6 I( D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
* c6 D2 q/ q: K( W
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
. H$ }3 s9 I+ D4 u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] X; i6 H4 j# [- p& |9 t
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]1 z% p8 E0 }6 i" W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]$ |4 `0 n3 {7 p0 U: p! S
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]6 _& e: {. _7 P6 v9 @* N
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
* l4 U# l+ L7 M
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]) I* |% S' f- L8 |2 L
==================================7 n, v( a5 f1 C. O m
启动文件夹
6 r* t B* F# g2 S1 O4 D, ~/ i0 Z
N/A+ J( g) N& Q; B7 @; z/ h1 L
==================================7 a; I y# g* O* }
服务
! \6 o$ o) g# M g }
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]* b( X+ ~9 A1 O
<C:\WINDOWS\System32\3wareSrv.exe><N/A>: h" k7 B' Q0 }' o, p, w( O( b
[Google Updater Service / gusvc][Stopped/Manual Start]
. U( O% L% }: h% }9 T. {
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>4 Z9 l, b7 r) N& e/ s, G
[Help and Support / helpsvc][Stopped/Disabled]
7 l8 n9 X( }, _2 m4 n B
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>8 w7 ?% m5 g2 W2 r. T' X1 c* h
[Human Interface Device Access / HidServ][Stopped/Boot Start]
9 f9 A( N% n9 g3 s/ I+ [) l
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>% l4 X* t& _! s7 d4 z: @7 k; Y C
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
5 L5 c# ?/ r1 w
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
# z; h7 l: `: i8 s/ J
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
5 T& o* X2 u$ G b
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
# t! ?, [* L$ I$ y. s# X7 ?: b/ A
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]8 h) h# l: D) s9 y7 ?1 d
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>5 P1 j/ @( @5 W1 V. k! }4 H
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]! c" k1 F8 b6 D4 E' Y0 L$ U! g: S
<><N/A>9 ^ @9 v' K) u2 [5 z
[Qvod Terminal / Qvod Terminal][Running/Auto Start]: H0 h0 A3 N- l
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>: e9 K1 c2 Z9 a) _
==================================' ^3 ~4 g% _/ J) _; M/ t
驱动程序
8 @1 a6 k$ X& r5 X) z6 L- b* D) u4 y
[22j / 22jn][Stopped/Boot Start]0 x* ?# r3 x6 F e
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
0 N8 y n8 J; y1 W8 U
[360AntiArp / 360AntiArp][Running/System Start]
9 b/ y/ R- Z* D
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>3 d6 x; H: y2 r/ _: `7 P$ K" o0 k
[43ec / 43ecu][Stopped/Boot Start]* |) L$ q `: g& ] m
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>" ~0 u' f4 P5 J. G6 O
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
s2 _9 }% C5 s& \# i& I8 R
<system32\drivers\ac97intc.sys><Intel Corporation>
8 t) Y$ ~; L/ j: u- p9 }
[Promise driver accelerator / bb-run][Running/Boot Start]2 f7 e( s+ R$ R0 |
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>8 R; ^' B& w. K3 |, A! {5 t+ d+ m
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
7 R# ~) \; w. }4 O
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
$ v# ` `- l! x
[KAVBase / KAVBase][Running/Auto Start]
7 n; h8 [1 b- n# x
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
- k9 ^! n0 j T; E+ @
[KAVBootC / KAVBootC][Running/Boot Start]& X# }) o2 B) G9 @4 Z1 U
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>4 c& a/ o) B: y# w
[KAVSafe / KAVSafe][Running/Auto Start]( l3 b; s6 R; A3 C' E4 l
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>8 @: r$ J4 B: K4 p. g
[KNetWch / KNetWch][Running/System Start]' O4 @/ c5 D) }9 N3 g
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>8 q* p( _+ Z" C5 |9 ^) g/ J
[KWatch3 / KWatch3][Running/Auto Start]
, l! d3 p* F3 j& u" }
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
a; ^6 S2 d8 {* g* x9 X
[ntptdb / ntptdb][Stopped/Auto Start]
9 z+ a' a5 O& |, [1 L& {
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>- r6 |6 q/ E |$ Q4 b3 _
[nv / nv][Running/Manual Start]$ ?3 _% M6 Q6 }5 ]1 z$ V
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
/ _+ y1 `( [1 x; H' Z T
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]/ i) C/ h7 R8 ~' Q. S7 _ ^
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
* d8 G% E, P9 l5 e0 o: B" H
[DDK PACKET Protocol / Packet][Running/Manual Start]( ]+ |. }7 j3 D3 M8 h% {, M
<system32\DRIVERS\ProtoDrv.sys><360安全中心>8 u- k- j! m8 o% `* P- |
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]; C- M2 C; ? d1 `. J* t
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>" [' r8 U1 V( c2 \1 l
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
! V ~6 S3 _" p2 e
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
5 @, W# z/ V. Y' L( p X
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
. l8 | P7 L& F9 U1 k6 N
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
9 o0 @" n h' N3 x( J; a h
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]7 V: f" K, L/ F5 r/ C. J
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>& h7 _1 g' \5 \- }) s( A
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]/ J- q( _( A# S5 V6 P" k
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>, H3 C8 p' N; U+ }
[Secdrv / Secdrv][Stopped/Manual Start]. B9 L6 [1 m) K% e1 [/ W
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>" G5 W% V t" Z/ [- q8 c6 N$ k' D
[SATALink External Device Filter / SiRemFil][Running/Boot Start]9 T( _) ]/ `% b& L& m, L
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>+ F8 D2 ?6 S- n# A5 t9 A; x
[System Restore Filter Driver / sr][Stopped/Disabled]( g: {% Y0 c' L3 a1 {
<system32\DRIVERS\sr.sys><N/A>$ y; V, v& `( B% X3 `' C
[TesSafe / TesSafe][Stopped/Manual Start]
2 @* \' j; V! w
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>) `6 `, E5 o, E
[System Services / unzxzsrs][Stopped/Boot Start]# q. [; F9 S; |; o' o- |8 M7 x
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
& s- c+ q* j: r, c
[ViBus / ViBus][Stopped/Boot Start]5 F! q+ B6 l: _: v
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>7 y5 F2 c! T/ o z/ ~
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]# Q. U) z* y/ E& L6 t
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>" K! u- \6 l% e$ n$ g" @+ d
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
0 q) e9 e- X+ ~0 P/ ~
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
% F- s% M+ Z- y' Z, T+ D& p
[ATI Extend / zhibmaso][Stopped/Boot Start]
& z7 K0 {+ A3 J/ }% L
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
4 r$ f" I5 E2 W* [) w2 i
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
1 ^* @ ]/ r6 X1 n+ Y' g
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
! d0 P( y( x! t* m4 ~2 K, b
==================================
1 S/ j, R: j# `4 F7 @) X U
浏览器加载项
: b6 \& S7 V, r" h
[Google Toolbar Helper]
( b# [5 ]6 W7 s x! Q
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
& a/ w1 V! {7 w) D) S/ a) e
[Google Toolbar Notifier BHO]4 e" F7 Q6 W8 N7 z1 n+ v
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 w) [2 a9 W( S$ {
[SafeMon Class]3 v" n7 ]1 L4 D r G% q; B4 I7 l
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
3 x2 z+ F4 @& D& ?, A
[kingsoft browser shield]
* f' d e2 Y; b1 v* s
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
5 k# i9 ~5 E4 f1 b
[IEBuddyExtControl Class]
! w$ E; _( l ~+ H
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>' Q: \! z/ i' j' ]
[Zcom 杂志]# I0 {: C1 y) F9 J
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>1 f& Y# |) l/ c: b% A5 E
[&Google]3 V* d+ G0 W* E( z/ B l
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 ] b* Y; q* w& L. M2 ]! u/ W
[KooPlayer Control]+ k6 Z% b7 G& c' k3 k3 U
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
[. q$ E0 K" q3 F" i D
[Shockwave Flash Object]: V4 R% @. E7 h; d* M: Q: ]8 s
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
. |' e- f. t0 L0 i; F; f
[KUpdateObj2 Class]
0 x) A2 d4 [+ V$ V0 o
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
, W! B5 @& P: x* V5 [7 M
[Google Script Object] D& a6 }: M; n( \' j3 D
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>2 y2 o; V; p! F( o5 }* Q
[EWA Control]; c: h9 S3 {; g- L* M! C
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
7 d4 C# d& y" c7 }" y
[Windows Media Player]
9 H# p- R( A ?* d8 ]6 q
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
# T1 x5 D4 ?' w+ T8 k' j
[&Google]
! v* M+ U ^$ r5 R/ q' l3 \
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>0 N/ ?2 L+ R. O" M. Q$ X
[HTML Document]
; u! X" F4 E9 g# q
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
L$ i) r* d6 [. r
[DHTML Edit Control Safe for Scripting for IE5]# F, s; D- b; I# o
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
1 T7 Y# N- U% x6 ]
[RealPlayer RAM Download Handler]6 g9 J4 { D! u& X, z6 p
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
4 K$ x* E- _$ X5 k6 }2 u- T, n
[IEBuddyExtControl Class]
" O! t4 j* o @1 Z! r9 `
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>( n; } F, O8 \$ l; [
[XML Document]
$ y- i8 U2 B; X4 p# N
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
# f7 w# B1 Z3 J- |+ u% a
[HHCtrl Object]* n/ I8 m) Z1 g: G! V4 P$ i
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
' J$ e6 i0 X$ u# B1 q
[Windows Media Player]2 x( E: r. g' @; t/ J
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>9 } J! n/ j2 L8 k. M
[Active Desktop Mover]% P5 x) D7 X7 R; _
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>- R# y3 q& A- r/ R5 b5 Q
[360SafeLive]- L9 d, ~' `; t+ k0 w
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
& G" \: E1 v' S" [& f, @
[Microsoft Web 浏览器]
0 y" P' _; k! ]8 p
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
: u% t5 B! ?: y' {: f8 K/ ?
[Browser Enhanced Objects]
* U4 j+ S" a3 k8 d
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>3 g. A1 U2 I! i* e/ r! X
[Google Toolbar Helper]
: e9 Z F6 T, R. }
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>! r' q9 O% t$ z" W' _6 D/ I1 O: X
[Microsoft Scriptlet Component]
: O" w8 ?, T' s. v, {
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>0 x4 |6 T! V" Z4 P2 H+ J3 }
[Google Toolbar Notifier BHO]
# A* a4 b; c0 J# D8 L8 t3 W
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>* c l! [- K0 Z9 I9 c! ~+ z
[SearchAssistantOC]
! j7 |/ R5 t% K* s. F
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
% c5 Q: y3 ^* h- i- w, T; d
[SafeMon Class]! P" M# e. Y9 X& Z7 H+ g* _
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
- b+ ~5 k4 d, l U
[RDS.DataSpace]0 n+ C7 }' v' M8 S0 ?$ B
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>$ g* K3 p/ s, ?! Q5 r
[KooPlayer Control]
) S: Z3 J3 s8 s% X0 `9 N
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
% I) ]- G$ h. r: C( _! l
[AUDIO__MID Moniker Class]# }6 Z. \, l* t% B+ }
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation># |, a0 n; K1 |2 E' u) e8 n* |3 o
[AUDIO__MP3 Moniker Class]
6 y: X, _8 i1 Y4 n
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
( Z% C- z- `; n9 f7 {2 `
[AUDIO__X_MS_WMA Moniker Class]
0 V7 I" n+ ?, y2 F8 M4 D8 v. y7 K
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 S. F+ ?- R( O' A, N3 K
[VIDEO__X_MS_WMV Moniker Class]7 Y, F3 a# ]2 t7 _+ a% J* G
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>2 K9 ?# B9 V9 C# |8 H
[RealPlayer G2 Control]
- q4 L' S, Z# |: h7 I/ V- X1 h# q: Q
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>& k6 z5 G p3 Z& k# a# X
[Shockwave Flash Object], H5 K: ?6 k, e8 r: e
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
3 O" L: f7 q1 e7 I# v
[KUpdateObj2 Class]
% ?+ L( Z! R# W9 h
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
2 y1 Z4 _+ {3 x7 E- M; |: [
[kingsoft browser shield]( C) X( ^2 y7 B3 E) `( `
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
3 u3 @/ a/ s' N4 d
[PasswordEditCtrl Class]! @) m7 x- H7 O( S6 b7 u7 e
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
: r, Y5 l- x3 ~
[QvodCtrl Class]' m& \% x- N, {" C7 z+ g' g* b
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>) H7 @( L0 A1 r2 l- d
[&使用超级旋风下载]- ?* T' P8 M/ ]% _
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
! _! c2 j$ c5 |; u
[&使用超级旋风下载全部链接]! K* [) S% a& s6 C9 N
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
+ ~) ?1 ` @4 d. ?$ ?
[使用迅雷下载]. Q* X- f& D T# K- g
<, N/A>* X7 m) L: S; \0 o/ O9 G+ e
[使用迅雷下载全部链接]+ L1 L) W% h" m/ p
<, N/A>
5 Y0 r+ z0 H$ U
[导出到 Microsoft Office Excel(&X)]+ s* g0 |: K4 H E: T* j& H! K; \
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>% V1 E X5 J" c9 K
[添加到QQ表情]* l7 |2 u4 `- K& |" j
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
) t& l, n3 a" A! F
==================================8 N7 }9 W; w X7 _$ ]% W; f% u3 S
正在运行的进程) x' P5 A* @% B! D! o
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 g& D' L' |( v
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# B$ ?; b6 x# I! K$ Q
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]0 d( b0 k* i+ X
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# X+ v- t; P: q
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 }3 L7 |1 x6 ^4 n- A& _5 D1 V
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, ~7 Q! S$ L- z
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) g8 A$ H; O. T
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ R9 t! Z( P9 U
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 Z4 [% ]; G" g% L
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% Z. s) D% t+ ~
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]" H# u2 G: `& E. g$ P# o( a; w* G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 t) F: j. K- \: o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]9 m2 ^" S2 M8 d7 \$ [ ]& ]) }4 j
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
' R( C% v" W2 ?- j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 I; d1 c( J8 C7 P. \6 [# A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
7 y- T0 X3 d5 z$ S+ ]8 Z
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
$ t- w& V/ I* A) @% m- G# }
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
) v9 Y& {4 {) g5 Y9 F( ~
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
) _" R/ L5 p+ q4 a# F I
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]6 G% e' u5 p x- ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 D& `% @: w& \" K I
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
+ {, E8 T+ ~7 ]0 v
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
" |* p* {5 _( d5 ^$ e2 R
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]; d _. s& }4 r* P' _" ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]0 n9 S- q" }& @) t2 d
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
' ~+ b% c9 d( t6 l4 e
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
3 @6 Q* c) T% c+ @- A& N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' b- k+ M& o9 {. A% f1 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 t. ?1 B# y/ A4 Z; N& b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# x8 b( |$ r" `' P
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 ]- [! W4 f5 T$ Y/ a& y; u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
\+ ~) O' r8 R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], c7 C, {/ p! E3 a/ j+ [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 n; H5 t- v4 W$ s
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
3 M' K. C5 v% B: K3 H6 I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]4 S" d* \0 ^4 w6 m6 y$ S* O& j, O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
- q, o- f) c/ Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) L0 c) B+ @- a- m
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
3 V' [ P; p) x/ Q, B
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]! r' i* q/ E6 S
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 B$ M+ Q. p' e \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 X/ S- ^7 v7 B
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* [2 r4 J8 l9 ^" f0 x6 B8 U: S
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
$ d% D- T. J1 `) z( n8 ?1 V
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] K2 c- _8 Q4 c$ S( o
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- ^: e/ U- _# V, E% W2 w
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]$ T6 ~" N& T% F$ w9 ^
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]/ d4 n/ N0 x2 c. P: q7 F
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* t/ _7 b7 Z: e" M. {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 W# @9 p! _3 i4 x0 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
! Y8 r6 z' c6 _6 e8 E5 ~
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
8 F( H* Y* ?/ k) s c$ j
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]. L/ t6 f8 L- w- Q9 a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
+ p1 G8 _8 i+ v& Z6 k5 N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]6 A6 i% m" D; T' g- c" _7 _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]& t, F- _6 e, b$ p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
* h$ ]. x2 F9 K1 A- [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
+ ?) s! P/ a# p: H
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]! o4 l1 h; @/ O+ L- y- p4 F
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
1 S& v9 d& ^; \" y% U
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
. A4 B6 A2 c% X# ]
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]3 O; e+ P9 _4 ` F9 P' a
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]0 H! z( R. G! X' }: A( \3 _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]# i' C' {' V5 [, O, k+ b
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
( ~ {) b7 v+ `# b/ E5 H& H6 g1 j9 Y
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
$ O i- u& j! H0 r7 J; @
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
9 q' C9 n; f8 E) \; r0 D5 }
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
( B/ U& [9 ?( E* A* ?& H2 }* S& m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% h* J8 U# ^/ ^- \; b7 a0 Z- i
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
A! Y; h8 t+ d, i/ p3 J
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
) K) z3 C! G% X2 u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 }; |/ n2 j" _; K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
+ \; ?) {# E5 P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 L) o9 P- o, S& y2 @, H
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201], E5 N9 Z+ m3 q. w. J: _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& {( b1 @6 B) k7 P$ U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# Q" X" n, i: l) M# m8 e% \8 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ _, S* g/ }4 m @9 m+ Q2 D
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. x/ z8 g/ Q: @2 [0 y2 W/ Z; c+ [
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]% S2 R; O, C8 J7 x, h8 l
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
2 M$ x& G& @1 y" M
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" g& X) r* n6 }3 [3 h& m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
+ m; P' w- |+ T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) k6 A2 B' W( J2 r8 R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]5 [4 `! S) Y/ r8 ?
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] ^0 X6 O: ?3 w4 n) {2 v4 [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: s/ Z) ?& x9 f& p) N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ \2 v( S! r: {# j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 Q; @8 l, m, t* z% j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 I n* U! Q6 t5 j+ S; D4 G. y# {
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]- ~7 X% q% ?3 K8 a& S7 C( X( E
==================================* u# C0 a4 M% a, y. \& o- X! G
文件关联
/ q- {2 b% T1 @ G6 \; y: p; V
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]$ q& T9 p3 y. v( m" _& ^
.EXE OK. ["%1" %*]
: w9 a6 a; S! ?; ]0 p, X, w$ Y
.COM OK. ["%1" %*]; G, r. s- S! |7 m
.PIF OK. ["%1" %*]) y1 D& l6 M6 n. \/ N D/ F
.REG OK. [regedit.exe "%1"]$ @; Q/ h$ |/ j0 v- s& C, `! g9 o
.BAT OK. ["%1" %*]* N; }' K6 a( X+ ]4 C# W
.SCR OK. ["%1" /S]5 j; y/ o/ m( r1 g6 N p; t
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
2 p# E& T4 ]1 j' W
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]( x. }4 K7 r3 D3 t" L5 `" g6 h
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]" Y. `1 C( b% W5 m9 z/ X' X
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
( g: d) V. k; v
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
0 k0 Y% }+ h2 o1 I5 k
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
! D& _1 M5 F8 f6 _# \
.LNK OK. [{00021401-0000-0000-C000-000000000046}]4 @+ C8 S/ p! `3 c! K
==================================
8 |' ]7 ]4 z+ o# w2 b: Z' X2 F
Winsock 提供者
$ i/ q& @2 q, w4 y8 Q5 c
N/A3 w2 v: G( Y! U; o
==================================1 c$ M2 W$ _" U5 M1 k6 \
Autorun.inf
' o8 h- u; X! S
N/A
3 k8 i% V6 G3 \
==================================
. ^; n$ x! \# {$ C% G/ m8 B
HOSTS 文件
/ g" X! i: X6 I% C1 n
N/A
/ m/ p V. v- Q9 k9 k
==================================
; V; x" X( f7 y; [# ?: r6 o
进程特权扫描6 d+ e8 i. M$ ?
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]% Q6 i; ~2 a/ {4 a. J
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
J+ O6 t4 e+ u; a7 G E e
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
3 k& R7 F1 J' A% e* n% f( o
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
7 {) D; Q N# N. U5 c: b
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]/ F% g8 Z0 o; `! @5 ^
==================================
8 u n# b% f/ x9 l* ?5 ~
API HOOK5 }/ M8 L R% p4 L/ L
N/A
2 v$ _! L) k6 ~' D
==================================
% R x+ v3 ^; a" v- V/ b
隐藏进程. l: o3 d% T# y* D
N/A# ]$ {. C' _1 H- J' o
==================================* H# @+ l1 w) }: H% \1 u
8 e# o3 Z! _ T6 e1 Z

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115