在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

: O& D; s0 W$ I+ x5 A0 g
2008-05-22,20:37:43( f' `) H( ^8 z- w c: i! O
System Repair Engineer 2.5.16.900 X! U9 G, `+ b9 l: b$ m2 w
Smallfrogs (http://www.KZTechs.com)
) ^" X4 o* p' z5 C
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
' y% S, H/ X3 Z6 W0 m/ O1 F: Z
以下内容被选中：% H0 ]' b( g2 E: K
所有的启动项目（包括注册表、启动文件夹、服务等）
3 D' l& O, T/ v9 O; z0 S, m
浏览器加载项
& P" p- `2 j; S* N# @9 ~8 W7 j
正在运行的进程（包括进程模块信息）9 J, C; K% V9 b6 F: |- z, I
文件关联& P2 P. q8 T2 L. f4 u/ V& C5 [
Winsock 提供者
- S/ t6 i- y! h4 Z9 v4 k! M* ]
Autorun.inf* t- s5 S0 d% l
HOSTS 文件' q# N' h. S. U! m
进程特权扫描
% M* Z C B. S' W e' ` P
1 ?8 g: e4 _: n/ z W
启动项目/ m- Z$ i4 r7 s+ Q) f( M: f' I
注册表
' y* N* `: L1 q% ^2 o- s3 H& m' S
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]2 Z U7 T& V6 U6 y
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
: b6 A0 w: d& i3 E7 `, V3 O1 F4 ~
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- e$ }' V: g( n3 l& r- c7 i* |( S5 Z
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]/ _) S5 f* g I2 n# A
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]& n2 B1 C7 J5 ?# A1 T. k
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
' M( G0 u2 U( O: |
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
' D/ V3 S' Z2 W# A7 v
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
4 C" \* @4 n" |( h' ?& _( `9 d
<PHIME2002A><; > [N/A]# n4 S! S% F- W* V" W; r
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]! i4 A8 [' K. t* x: z& Q
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- m* B4 q& j) p4 B8 M; a
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] z' v* e1 G) }" I1 i6 J% L
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
# j, M) `! K( Q$ I4 b# I+ n
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
* L2 ^! A" r4 i! m4 ~8 B6 ~0 r) g- V
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
* X! w" y: j, F! d
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
& \7 [ L! Z- |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
: M5 ~# v" W! j" m% ?, H
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]; T" h& c' `3 a; y9 X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]/ o, K. X# `9 y4 Z' @0 B. g
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
" Q# w# K) {; a5 \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
$ g* n0 I. O# a; u0 A5 [
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
9 l0 `9 }$ ?; v2 x+ V
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]. N& s9 V2 `$ w" l, Q
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]& _: \, k* ~/ n) j* k; y9 q/ y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]# o( p1 Z* o$ x% r# s
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
: z* N( ?+ _& r, j {0 e, D* v0 y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]) Z$ h: v3 r; l; r4 M I
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
0 O; Z. p6 }2 {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
! N1 `) m8 ]" Q3 {
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
+ x% k9 }/ }2 j s1 g. |( i4 n
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
) Q" n4 m! b6 P
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]! q1 V4 j6 a3 v
==================================5 A, X) f# n$ y
启动文件夹& C, I! e! F( V
N/A' p! g4 l7 O1 s* M9 o; f
==================================; u8 a! T, M+ I8 ?) V! n
服务
# V1 H0 ~0 @4 R; G
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
! }: F# t( f9 j7 o1 a `
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
$ Z) ?: [/ p( n7 V$ X
[Google Updater Service / gusvc][Stopped/Manual Start]
( q/ m/ d, \2 V
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
4 V3 q; A+ W7 @- H! h
[Help and Support / helpsvc][Stopped/Disabled]$ J% ]4 ?6 _2 ^) y; r
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
! _4 _9 j+ z/ V% Q) y1 r1 |" \
[Human Interface Device Access / HidServ][Stopped/Boot Start]7 @$ ~3 j, m1 m& I
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>: O0 o4 d9 o! ?. t; }( _% Q9 \
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
4 h3 V3 u" k5 r5 z3 D" C
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>% f/ O( }! `/ L6 T2 G5 e. i0 L' n
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]/ A8 _; l; Q. W2 k- c; d- F
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
5 u2 y" o( D8 G* A* l5 ]! ~
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]0 y2 N2 f1 _# S- J# j% h
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>7 q' o% |8 P' Z C
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
$ O/ x+ D1 U* g0 N! V- y
<><N/A>5 g3 M/ v$ K/ D2 l; l H, L
[Qvod Terminal / Qvod Terminal][Running/Auto Start]3 V9 l w1 F2 U$ @. A' {: M; n7 y
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>) m6 }) ?, v% }7 Y. B, o
==================================
- ^" i p$ i0 @9 X7 \9 n& q8 W
驱动程序( T' E6 D5 R9 W* \. s( R; E& k6 o2 N
[22j / 22jn][Stopped/Boot Start]( m3 ]9 U7 ?0 o
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>! L* `( p% u; p( O0 H7 s
[360AntiArp / 360AntiArp][Running/System Start]: w6 [; r: j9 X6 t
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
4 S( u5 T9 G! ^
[43ec / 43ecu][Stopped/Boot Start]
! s. ^. t/ q- m1 f: x7 u
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>/ s- B& O7 B' ?; {
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
. _$ u# p+ x/ K3 M; ]+ x; q
<system32\drivers\ac97intc.sys><Intel Corporation>
% M8 q6 y& w1 V [5 v' i$ _
[Promise driver accelerator / bb-run][Running/Boot Start]
' p9 g5 Y l& ?4 j: M, x" E# _
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>1 z& M- {: B* y( T1 H
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]$ C0 q1 l, i" C' } F o1 [
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
3 X- `- H5 t5 d) W N
[KAVBase / KAVBase][Running/Auto Start]" b$ k5 g* ^; b
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation># c% q: T# B8 ~
[KAVBootC / KAVBootC][Running/Boot Start]
. O ?$ A* q* M- U
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
. B8 I* J% f" W; ?/ o
[KAVSafe / KAVSafe][Running/Auto Start]/ I2 T7 J% c# O- u; _9 o' [
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
9 T. v" E$ w! ~1 \' w
[KNetWch / KNetWch][Running/System Start]
; X, m: f8 s1 W6 o# s
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>+ n1 y5 g: f/ D
[KWatch3 / KWatch3][Running/Auto Start]# ?, f9 B" G8 C
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& Y4 K; B# ?0 i7 D
[ntptdb / ntptdb][Stopped/Auto Start]# H8 O) I2 P$ v0 W( v+ m# i
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
$ O4 n3 n+ r1 g# [$ o" ]0 a
[nv / nv][Running/Manual Start]
) A8 j8 w4 i: \
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>8 B6 j' b; i/ F- |+ D- _+ ~* d
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
9 [/ {* p* N; F u2 P
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>2 ~5 e% B1 ?/ x% H7 j: O$ G
[DDK PACKET Protocol / Packet][Running/Manual Start]7 l: B" ?. @8 z5 h
<system32\DRIVERS\ProtoDrv.sys><360安全中心> @5 ?- C1 \( t
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]' F" E+ l% w' T: n7 @, d
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>$ t7 v0 c% P. Q) Z& |% ^
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
/ O3 K( ^( d0 ^! t4 A5 ?
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>, [6 t( r6 ?. Q1 K* ]+ T
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]$ V3 E2 Q+ U4 h3 U. P) d
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>( w, \" c( ]& {7 t% P
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]2 R7 F: b- ^3 Q, n
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
+ m! s, `1 G' Q; \. n) H+ |
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
& o1 I3 a2 W; M! I
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>- ~: {3 H* O. q, C
[Secdrv / Secdrv][Stopped/Manual Start]
2 h7 M. W" ?6 l4 G6 F k! S2 _1 f# }
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>/ L. X9 }5 I5 A8 v
[SATALink External Device Filter / SiRemFil][Running/Boot Start]' J' G0 @' G7 \# z9 {" {& r
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>+ Z3 }8 }! `2 H& [4 W
[System Restore Filter Driver / sr][Stopped/Disabled]
7 T+ ?1 R* V7 ^1 p9 o: P
<system32\DRIVERS\sr.sys><N/A>
! K d. d0 l5 M9 a/ l
[TesSafe / TesSafe][Stopped/Manual Start]
% F* @0 }2 e1 F! Y4 M
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
: c! ]1 z. m& J7 S4 m, a
[System Services / unzxzsrs][Stopped/Boot Start]
^7 D" P5 B) e& ]1 _
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>! y3 d. k* B7 b6 {9 K9 v, w
[ViBus / ViBus][Stopped/Boot Start]1 D# G( X* c0 R9 v) p
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
* N+ e6 P( Y6 @9 A2 ~0 H" r4 q
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] T2 N; C, F9 N$ V6 l
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>' Q9 ^3 Q; ^5 |4 S9 c$ v' ^! n$ r! O; k4 q
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]$ R$ d9 v# N' N: T2 ?
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>" L2 `# a% \5 k' h
[ATI Extend / zhibmaso][Stopped/Boot Start]
7 g& N" q: G1 q4 a
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
7 }( C# c/ o1 B K0 Q
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]( A. s7 c; \: \4 w' W
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
, \ h" w5 }9 i5 z7 J7 ` D% a
==================================
/ z* H! u& m* s' I0 I$ v% z' R4 t
浏览器加载项
& J: x% u# e( Y
[Google Toolbar Helper]
7 h. E; D" }& E$ @; O
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
( J. P9 g. r$ L2 u! M
[Google Toolbar Notifier BHO] t! |3 y# }+ O' {* \3 p; `
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 _7 Q8 U; i8 m8 ~
[SafeMon Class]& p& n$ l4 F# O
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>3 U: O, r; E( E4 D3 `
[kingsoft browser shield]4 T$ G; ^- n, K
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>* v/ o; q* U6 Y& ~1 k7 g
[IEBuddyExtControl Class]
, m8 v U$ [* ^
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
6 j. o5 a4 L; D% d
[Zcom 杂志]8 e" s# s/ ~2 Z
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>8 S+ y! \5 X4 b
[&Google]. w% e( V6 E/ ], i D7 z
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ E( }5 F6 c/ _; n, s0 a
[KooPlayer Control]
5 i" }! h' g. t/ u
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>$ W; V p! {% A0 u. }! q' U# X
[Shockwave Flash Object]
) y/ b- K. `* P. p
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
# ?2 z0 H% ]$ y; `& G G8 E
[KUpdateObj2 Class]1 X6 G4 a! _- O( [# H& K/ G
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>' T' w5 n5 H8 T, L
[Google Script Object] F [6 q9 i+ A1 E' r" t; i! Y
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>/ ]- n4 `, s" h2 G! V
[EWA Control]: U( ?, Z; \1 ]! H6 z
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
e# s1 m4 @! K/ E D
[Windows Media Player]/ E0 X t( T$ S- A
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
5 ?8 S l" [8 H
[&Google]0 Z; Q# _4 l7 } ~& }9 Q: P2 @; B! h
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, ^/ ^1 F, v/ e4 s' c* R- \
[HTML Document]
" S: d2 M' E8 J; E2 p
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>3 N# f7 J, n( Z+ W
[DHTML Edit Control Safe for Scripting for IE5], R5 B" j2 s* v m: u! x
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
6 J+ q8 r% w' b3 E
[RealPlayer RAM Download Handler]
- `( D; O: H( h; G
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>% M! s7 T' }# i, t
[IEBuddyExtControl Class]/ h1 a$ x( m% h! ~3 t( ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>$ \* U# R) `, d* n
[XML Document]
9 {- i. H' _+ v5 p
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>5 s( `; l: p4 c: H5 r* A$ Z' m
[HHCtrl Object]
7 r6 m3 K6 q- ~7 J0 N8 w
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
. @5 `0 j3 H" ^1 Q) u+ X
[Windows Media Player]
/ w' }- n1 [2 Y+ i8 |! n7 Y$ l
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- B; C) U# u [
[Active Desktop Mover]9 h0 ]* e! ^- Y6 p/ e
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
: u' J: B! [0 ~' Y7 u J- a
[360SafeLive]
4 ?; ^. M9 M$ |" P2 t& w
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn># {( m; X9 K( d/ Z( Z7 Q/ j: w
[Microsoft Web 浏览器]" m N3 Y9 I" B Z
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>( ~/ r7 `4 n7 r$ t6 O
[Browser Enhanced Objects] L+ p% U* ~! f& e% ]& V; b& c
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>& f0 [' r. t$ a& H: m
[Google Toolbar Helper]
! ~: U6 N7 m+ X) X, R; |5 B
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>; l* `( i$ l! C) v# K
[Microsoft Scriptlet Component]
$ P. w" F' O8 z/ J6 G, i# O
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>' `+ h6 T; ^; @6 Y, N1 ^
[Google Toolbar Notifier BHO]: N& p* }; n% J! m8 f
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 b" _# o) w( J" k# y. d+ I
[SearchAssistantOC]& D% B- d: v- F4 {( S
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>4 l+ F2 K6 R( u0 w/ [4 @ f6 c% f2 J
[SafeMon Class]
' {: @- g$ y: M3 p) D9 s
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
) H$ N0 J! d& J7 w- C' ]
[RDS.DataSpace]6 Q) J! C" g( f! V" @: o" S
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>$ n& F, y$ W n( H
[KooPlayer Control]
: S) s$ e, R6 R
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>4 D( Z) w- _, }6 A' x2 _7 A' p! K* Y' `
[AUDIO__MID Moniker Class]9 V7 `. K/ p: b3 n4 V
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 t# v1 [ c* h% h
[AUDIO__MP3 Moniker Class]
$ m3 [8 B5 R6 k( x. A8 G2 I
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. q0 [4 U: Z: Q& L6 ^% w5 c
[AUDIO__X_MS_WMA Moniker Class]. C* ?5 i1 Q4 ]& K7 D
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
" b3 g5 P/ s0 _& W# Z% ~/ V5 t
[VIDEO__X_MS_WMV Moniker Class]3 [# ]3 }/ Z: U; N" O
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* V2 W* s+ |$ K, _6 R8 U; ` o
[RealPlayer G2 Control]
4 l3 l: i, x# I
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>) p6 y) O$ m4 J0 m+ z5 L; `$ ~2 u
[Shockwave Flash Object]/ e( W5 i$ ~+ D! J/ K$ l
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
) D* b1 Q, M" K9 [7 D. _
[KUpdateObj2 Class]& Q5 }0 H, D% l* j& z& @4 l+ x/ k
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
8 b, v( j/ u) }7 l7 \7 T
[kingsoft browser shield]
, o( H/ I5 E) \
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>7 X0 Y& n0 }# t7 ]5 l
[PasswordEditCtrl Class]
, b A1 |7 M7 F) X3 S1 t6 e
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>0 C9 e/ _% z" j+ D
[QvodCtrl Class]4 h3 N4 M# e) s7 c' K
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>" g$ T# T" l' e" E" Q
[&使用超级旋风下载] w- o/ z2 ~0 @
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
: ^2 k4 u4 ~& E8 e5 e- d
[&使用超级旋风下载全部链接]
9 B+ H x) b) I6 d. t
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
1 r1 D( k9 { t
[使用迅雷下载]
" O+ K, d% i' v4 }! W' c
<, N/A>0 G2 Q& L6 c6 N3 ^- C+ v8 K! \
[使用迅雷下载全部链接]: J9 G$ _$ W! \) b
<, N/A>
; a; [0 _& r2 B5 J
[导出到 Microsoft Office Excel(&X)]# R2 M7 a% t% n8 g
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>4 \" v/ N: i) N9 I6 x
[添加到QQ表情]- {& p) H/ e1 Z' [% N. t
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> |- ?9 H: I+ p5 e J
==================================! c% e) l" M% u$ Z7 [
正在运行的进程( V9 }" a8 p5 e" }* T) W, ^
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 ?1 W9 \+ ~7 E( o( C
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 C1 V4 w3 |. u8 P v9 \3 k) |! e$ t
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] {2 z$ n# `' R: g6 b4 J
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]( a# J1 {1 o: i# r- R3 V: j" R- Z
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ _3 T+ _6 `1 L* z$ D
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; J# k$ E) e7 r8 \5 ]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 s) b: q( @9 y
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! _% j3 n6 J5 l/ {
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( X2 Z/ Z* q' l$ N& g* G+ O; t2 k
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 }8 X! W2 ?% f( T: }: h
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( n- Y/ X( q# T
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
) n5 Z4 I6 J2 w& ~0 p) u, N- x; ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% _; f5 j( ]/ a, U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]3 \/ {2 b4 R2 V7 g
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
/ q2 q( x' a( }5 O
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 R" V- v/ _! G& D% ^8 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
' J$ X; T4 h6 ]/ K5 p- i* L
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
$ m5 x+ m2 O5 ?+ C
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
' B# y5 S0 ]- E F" }8 f' [
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
$ n, p" I. Y3 c |9 o' s4 c" @( H
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
3 x) }$ {% y* c1 p5 P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" A! V7 [9 L' G
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
4 }7 F5 I5 |/ |9 o. Q
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- C: M( R' Z6 l ?; V: b
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]/ {( W" X7 ^ t% J5 s7 o9 a
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
( z7 O1 z" T; ^! p
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
* f6 Y+ |# _- m u, y2 m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
_2 P2 x6 @- i; u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 S- g" c( k) S# j2 v( u- s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* Q" K2 X; X" I) s
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 y1 _% d1 \* u H1 F
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 }3 ]: [! G3 L3 D; y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) V' l! U0 R9 z$ b' i6 [: n. e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
! y% y" R* \- J7 W3 e/ h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( v& w1 j2 |& T6 R
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
' B4 p. _8 c \/ A9 z1 h7 Y- N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]7 m* y/ K' h8 l, V7 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 ^7 _+ q* l" ^, y* x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: O1 ^8 S8 U9 M' A! N R7 L* W
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]* F( w. v) D2 b# g2 Z
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
. W4 r4 W7 b! ]5 }1 K/ G2 e
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]) c& k0 z9 Y1 ?' S7 i+ t( w! | g
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
) q7 K3 O) j t- D! Z* N$ ~) M
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 N$ |; r; F) B5 P$ L" q
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
u j e$ H+ K2 c) x L
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 W4 b* x) r; }5 d0 O$ e1 L) S
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ Y/ c& r* m l$ t$ ]7 ^3 \4 U
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)], S8 ? @+ I" Y9 e
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
( }* S O, w# l5 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 H$ c6 S8 ?* t* t! r" Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) U7 n4 m+ N9 r. o( P# b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]! R1 n6 f5 l1 W/ b C' `+ K
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]! ~% P, @- J4 u6 `1 c
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
3 u4 O$ b9 J3 x) e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]! r( t3 h) u. j4 c$ j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
% s! d% g" |- d8 G8 E6 \! v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
6 f ]5 j" K% x1 h1 @% S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
2 K+ j2 g2 d' S4 T8 |: P' @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
3 ~9 D1 ^4 y$ W& T" K
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
1 [$ o4 Z( a" w4 B |( `
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
' g8 H! f0 y8 f: X
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' M! n6 f. u; ` [
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
: \3 A9 ?$ l3 _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]- p% ?7 T e9 e
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 M# Y0 Y2 @, L: p j, B1 H6 M
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
0 Q2 z/ {! Z+ b; M+ w# M/ A4 q
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
: o- c2 \, M/ v; q
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
# P, `5 e9 n7 t
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
3 B R( K8 T: H) b% N
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
( U0 S$ X, E1 r& L
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]: r6 v O. n( a o0 {* k, \* z7 u3 ]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ P# m; n/ z9 P2 t Z5 b0 {! p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) W* P! n. b2 D4 R- F4 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) s/ r) X" s1 b0 H1 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 |, f9 W$ B, z' \0 z( u5 c
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201], y7 `2 Q' w* l) G1 V& @% X
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 |/ Z% Q' |9 Z$ A) S) N# a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 t9 a3 }' h" i7 l; l1 Q8 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* m- { @2 P- n3 r9 h. |* X& o
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 ~1 i9 W" A# \
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]- n7 a; a( p8 s: I& O- p
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201] K, ]" [) v. B( F: ~, B) q' \, `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
; L5 z0 M& M5 Q& P `% l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, n' M' {8 b, N( u5 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- q% i: y$ Q! r7 r6 Q- ]) d
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 I( [" R S2 w- X2 W3 e
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]( w5 @" u: t7 K' X0 v7 @8 T6 r0 P
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* ?' }" V4 s4 O5 @* @9 B; O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( ]& i7 E/ M2 V* Q' E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( L7 W: M: d, L4 _: s, k: ]
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]2 S$ P) ?4 _' f
==================================0 @/ t& g+ t6 A
文件关联% p2 A3 k ]- ~& |
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]* B8 Y! K; O4 {1 @! f0 i
.EXE OK. ["%1" %*]+ Z* c G% [# j$ `' N% d- ^
.COM OK. ["%1" %*]% }; n: h' c( j9 t7 h% q8 J4 T
.PIF OK. ["%1" %*]
; P3 M6 L4 ?- B
.REG OK. [regedit.exe "%1"]
7 ~& ?# j- R$ @7 W# [+ K! H
.BAT OK. ["%1" %*]
% Y. t( w3 ^' p$ Z# c
.SCR OK. ["%1" /S], ^( c5 M+ I! {$ Y& ^
.CHM OK. ["C:\WINDOWS\hh.exe" %1]. y) v3 A" r5 b3 u: q& a
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]5 V4 b/ q. i- H" b: `( o
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]7 Q. o6 ^/ [' a& i, i
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
$ N' ^: I; i9 S' o, w
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]7 @3 w" i8 s+ f. I4 y* ]2 s7 m2 ^6 ]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
3 t" i3 E' C; ]9 r
.LNK OK. [{00021401-0000-0000-C000-000000000046}]+ O& t0 M6 B: y& O5 U2 Q
==================================8 o; a \ a- z: W
Winsock 提供者
6 P4 l! y4 q ^6 z* d3 S/ E: N
N/A, c M" j# F2 a5 |( ~! r% R
==================================
* O; C- ?- f; k1 a! v, |! l* {
Autorun.inf( Y! I5 q T. N6 Y8 ?- `
N/A
$ W( b& M8 G3 u# R7 C$ T7 x
==================================, M: u' D. m- K6 Q
HOSTS 文件
6 f, k; ]) ~1 y+ V4 [0 O
N/A" @/ \$ `5 J! n1 m1 g; z, x
==================================% m7 ]- j. [; F$ ] m
进程特权扫描& Z$ y0 b$ w2 t6 u: o- E
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
9 Y/ @7 L/ v+ M
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
2 e/ f4 |5 B% {( C
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]& ?3 }8 {, {0 U& H# E
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]: d+ F) b1 Z. J
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]: T# p- B5 {# T# ]; p
==================================
8 _) _, z3 j' {# a; A
API HOOK0 Q3 E+ p, V8 j7 p: f. V1 N2 w
N/A, \4 u, H, n) P# O
==================================" r% @0 c7 O3 o3 n! \' z
隐藏进程
1 H3 @2 F6 p3 Z: O* \
N/A* `+ c# }9 _! n: S
==================================+ B6 }6 n5 I$ m2 [% v! ]
) p3 u4 d4 ^( i- K, O

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115