在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

# m# h1 J4 S) ]/ H( {+ n0 l6 @5 C
2008-05-22,20:37:431 g2 ^ `! a& H: X- c
System Repair Engineer 2.5.16.900. N( f# q. {; K+ n/ g; r
Smallfrogs (http://www.KZTechs.com)( R/ W" s; ?( Z1 B1 w
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
) S! V% y ]( E M D/ I: ?7 I! l
以下内容被选中：1 Z: I6 L+ K; K" j6 G* _
所有的启动项目（包括注册表、启动文件夹、服务等） V0 z; \6 Q. O7 {' l5 k+ G( l
浏览器加载项
# M9 Y$ y- B4 i) ]9 u4 W/ o" ^" p
正在运行的进程（包括进程模块信息）: ^3 l4 ~/ g! ` @3 I8 R4 {
文件关联4 ~8 [7 }8 o* R2 x+ o: h! q: E
Winsock 提供者% S e+ t7 }; O0 r2 a/ m
Autorun.inf1 e5 f6 e' s' d
HOSTS 文件: J, j5 e8 C9 q( J- M. l2 ?
进程特权扫描
/ }6 L; ^$ [/ @" L. Q
) B# i. O6 O0 R1 w3 u& ?7 Z
启动项目
* b. y/ Y2 y. d5 x
注册表
! [- Y2 Q( j* Q: E
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]% n# ]7 m4 o, G$ s+ w( U) _
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
1 ]* S. F8 W& Z' s
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]# ^8 `# l) l; e2 }& B) X
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
% J/ H" \' l: A/ N
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]) `+ b: b2 m2 Z% X0 ?& R
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]/ n: ^/ c/ k$ `; J8 i. n6 Q$ U( e
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]6 A1 p* C D( X
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
$ x% \5 L) E/ r
<PHIME2002A><; > [N/A]
) @3 L% ?; d5 B. k
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
( l% z- v3 r. T, _3 v
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]$ `! U3 k u: N/ Q9 m) z
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
5 f# m) s( z% y! W. [- W, m8 d1 n
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
' O+ x. |& e8 f- m4 y6 k
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
# T8 {- J4 | H( ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]& V: a+ H" F7 j/ w9 C/ T
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]8 v5 m! {. J* C `. h2 Z1 s# y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
" G, `1 s- p) Y5 _4 d
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]& o Z$ E" C4 \( M' o% H( q) Y4 ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]' n) v* R& Q0 o- u- M% G
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
; l" J7 G i; J9 ^7 O7 r# {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]4 T: _2 n: W: [. \
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]+ Q3 [& G$ O' M, I; O
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]: X! n& S, E' f3 B4 r, ~' h/ H$ Z
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
2 h6 f& b7 Y0 l2 U0 R; X3 a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
: ?# m/ L& ]3 q' k6 A6 [1 i$ r6 Q* Z
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
7 g1 w+ a9 v7 ^/ ~; @# `& l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
: R3 f3 G* J, ]/ a# }. w
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
3 v4 |7 B- L8 k i, M* Z4 Z/ o
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]' D A7 w ~8 [) j: W$ F- I/ o* J
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
: s& f* y0 ]- j8 Z% I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
" w# \1 C. s& ^
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
3 K2 G% R0 I" w! |8 p1 S: O9 S
==================================
$ {# C+ W9 p9 y% a6 J
启动文件夹6 S! a: Z$ k: t; t
N/A
; k( j" p3 U4 h) r0 p
==================================
% l0 O: z/ C e; E! Q O( D/ G
服务$ |, s% I% m/ I# N% u! {
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]+ S- @" E" Z2 M* L
<C:\WINDOWS\System32\3wareSrv.exe><N/A>! h! x) I) Z9 Z0 z& ?4 w+ z' N
[Google Updater Service / gusvc][Stopped/Manual Start]
7 s+ R5 u) s K0 l0 o
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
, F+ z" F' K) }) l
[Help and Support / helpsvc][Stopped/Disabled]
3 {1 O, s5 G' L# k) o; N0 \
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>* R* U1 ^, f& D# D& {2 H; g% K, V0 t
[Human Interface Device Access / HidServ][Stopped/Boot Start]" m5 \" Q% v0 n) z( {
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>4 A' M6 y/ y7 i* {! V- a
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]+ n# Y8 `( F5 x1 G1 o) z! \; ?
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>0 L/ z ^% @! X9 e! G
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
, G* Z- q& z& a7 m& M
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>, F/ q( Q3 F* S
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]7 f1 ?; V1 @! R; S- |0 @4 p
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>. [5 L1 g/ w/ t3 q, a
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
4 }- |, H, @+ y4 X, H7 r# ]
<><N/A>+ s' N) `+ b( N5 w, n |; Z- y. q
[Qvod Terminal / Qvod Terminal][Running/Auto Start], [ L" E6 S" ?. C0 D6 r3 h
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>2 w0 h/ E. u, F5 v
==================================
% ?4 W" R e5 M# e* `& v7 w# N2 Y
驱动程序
* c2 }1 n+ c' b. ~
[22j / 22jn][Stopped/Boot Start]5 ~5 k, |1 l& S, A* A" E# g7 X
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
" J6 i/ ^7 }, y2 j, @% ]1 \
[360AntiArp / 360AntiArp][Running/System Start]' E$ K2 R+ @/ X4 n! Q& A8 T/ a
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>/ D. J) i: e5 R$ |
[43ec / 43ecu][Stopped/Boot Start]
- B1 ]* U, ^4 z9 s6 D; i9 R3 p L
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
; }3 O+ R1 r8 r# B( h! L3 J
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]+ Y- q) R# f# q) Y
<system32\drivers\ac97intc.sys><Intel Corporation>7 Y* p& f: ~- e" w8 n: M" k
[Promise driver accelerator / bb-run][Running/Boot Start]
9 Z2 y2 w7 Q, {/ r
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>2 k" }1 e1 z. |6 i) ]4 A
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
9 \0 f/ G4 L, z5 v
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
0 s. U9 l) e2 K' L$ T: C& Q3 f9 S, o
[KAVBase / KAVBase][Running/Auto Start]
6 Y/ K2 Q, @' T
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
7 Y. c; e2 o* H+ u! _
[KAVBootC / KAVBootC][Running/Boot Start] E8 k9 m% Y, ?0 g4 p
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>& r$ s4 t6 y, N( N; W4 Z+ L+ r& |
[KAVSafe / KAVSafe][Running/Auto Start]/ [5 L* ^$ d; P
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
7 ^# J. Z4 ]2 u" k
[KNetWch / KNetWch][Running/System Start]
X4 A2 k+ S: e
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
z; d) M& K b' D
[KWatch3 / KWatch3][Running/Auto Start]
: k0 v, F: s+ l3 w
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
* L8 {- b; }; V
[ntptdb / ntptdb][Stopped/Auto Start]
" [/ A8 j9 D( q+ d$ m1 V! k/ V t0 d
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>. V; C' c3 z1 Y7 F% i
[nv / nv][Running/Manual Start]1 M: Y3 ~# X @" W
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>* ?$ Q7 M, b1 k
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
0 r5 M0 T5 y3 g \
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
& m/ s, G6 T% z5 v; S; m* h
[DDK PACKET Protocol / Packet][Running/Manual Start]
2 _, s0 S4 D3 G9 p9 e4 @
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
0 b8 k; X6 v+ ~# Q9 L% }$ ], i
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]. V4 ]/ i& c# f3 A
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>( q' {9 f7 Q3 Z0 T
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- I8 f5 s, ?9 L. x6 u: h/ Q
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>7 ^+ m5 q/ C. d" m6 V E3 M
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start], {$ o9 I, q: @: t m" |; @9 P7 b* U
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>' e; B' p( r- `+ u9 n. \
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]3 R7 L- _! ^" z! T1 C' C- z* O) D
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
) {3 x9 k% i6 ?6 K" A% Z( P2 N
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
% T7 {, |7 Q/ X. T# Z! S! j' v
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
) k G; J" q! q V) n' D! @
[Secdrv / Secdrv][Stopped/Manual Start]
7 f j! z4 L5 R# ~! W
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>) g; ]" n0 a+ L+ B# a2 A
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
7 C" Y2 u$ r6 O
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
' V# p/ a% \4 E! W
[System Restore Filter Driver / sr][Stopped/Disabled]
3 Y4 m' [6 b$ i% J
<system32\DRIVERS\sr.sys><N/A>
2 X; p) H) f) a( ^4 r; v* t
[TesSafe / TesSafe][Stopped/Manual Start]
, R5 {9 |) h6 l
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>9 ^! `' P% u# j( p0 l
[System Services / unzxzsrs][Stopped/Boot Start]
, e, C# ]( t5 t$ l
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
8 [8 h7 n0 a, b$ k9 k8 m
[ViBus / ViBus][Stopped/Boot Start]- u" y( u& {( l; E: O* A* S
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>- s% O2 q; u, D! m8 P. _' Q3 @" R
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]* K6 y5 Y/ ~& P
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
& I; w2 G3 Q" T# W1 Y3 u
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]2 D0 d' M& E3 _ f
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
* }$ E. X. ^% j+ {) o, b/ l( C
[ATI Extend / zhibmaso][Stopped/Boot Start]
; h% _* t5 t" a3 ?6 |( P
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
) B$ V2 C; `. n/ n
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]4 q( \* I% r0 |( b. n7 H) ?
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
8 a: r! o$ @6 r( K! n
==================================% z6 ~4 i1 m$ F9 g
浏览器加载项
& i Q( \; v) t7 k2 _; u, E' K( `
[Google Toolbar Helper]
* f- X: a/ P; b5 a
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
: W- K; G( R; }
[Google Toolbar Notifier BHO]/ l7 {0 b* V# b5 Z$ L
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>+ M, i* `1 j1 z5 R$ h3 M
[SafeMon Class]
6 f$ b7 ]3 _" c5 u
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
" q. ^* ~& |9 C
[kingsoft browser shield]
. q# @- ~2 |$ b0 V0 \ o
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>$ z6 t, J" r8 e! f+ k5 P2 O
[IEBuddyExtControl Class]& T" K; _/ ]" a
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>1 x+ U% X- ]5 e( @2 I& }7 g& x3 Z+ E7 b
[Zcom 杂志]7 f+ e. a1 [4 l N. ~2 |
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
: R; A6 S9 k5 K/ i% P5 P- v
[&Google]' K/ v/ B Q X4 a; T6 [4 G7 z
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>2 e4 |+ Y, C% e: x3 H( q1 y
[KooPlayer Control]
4 \0 R* V" H( o) g) V
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>8 u7 |! ~& I' ~; s1 K1 [7 b
[Shockwave Flash Object]7 l U4 ]" Z6 o# s: W! C# b
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>1 }) V* Y9 T/ W0 y; |8 d
[KUpdateObj2 Class]( I' F4 N/ h6 }
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
8 B2 I& h4 ` z3 Q7 n. N6 q
[Google Script Object]
4 o" ~7 D; ]8 `
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
v" t5 {* P& ]; x6 X1 R
[EWA Control]
' G& r; E( s. _9 h1 d
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
$ u4 E$ I* N- I' ~
[Windows Media Player]
' N9 r7 k% E+ i5 _
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation> H( a: M0 J/ w( D
[&Google]5 [8 G4 U6 z! y: t% Z1 }
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>4 U& K; }& [9 W4 {3 T
[HTML Document]9 m7 j# z! v8 w* K9 x, [1 M
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
6 Q- a9 h+ A; Z4 n p9 m( u2 E9 m
[DHTML Edit Control Safe for Scripting for IE5]
. E* N$ Z/ u3 ^# t& I2 }
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
' B- M4 S* O2 X% S6 C2 _0 J
[RealPlayer RAM Download Handler]
" D. G. w- X4 Q$ D
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
! m2 H: }' K& i% p' j+ O! H# E: U$ j
[IEBuddyExtControl Class], r) K: q' A; j8 s! X/ H
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
2 }: Z& Z. U, _8 a! A M! e- j: \
[XML Document]1 i0 B' P- P" }' S5 F4 R
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>' C4 i: j. A7 l9 ~' Y
[HHCtrl Object]
; J e7 k$ V3 M& I0 m
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation># k/ u3 [+ t" Y5 ~
[Windows Media Player]
* U8 Z: S$ r2 i8 \% T @, F( }- E
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
; c5 I: D/ u/ Z
[Active Desktop Mover]" J; I. F1 v8 O! a
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
$ n j& p L" \9 u: z3 {
[360SafeLive]2 {4 n0 A8 K1 M p m4 G. T
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>8 b: l% L! E5 N, S! W& O% {
[Microsoft Web 浏览器]
0 e. C( @- f7 [) g \
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
. `( T# G4 m9 T% C
[Browser Enhanced Objects]
# Z% \7 q S/ s
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>4 {) q; a+ K* P2 u5 ^
[Google Toolbar Helper]
, ?5 ?# c' P6 d3 l
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>3 }& S% b% `4 `
[Microsoft Scriptlet Component]7 @) ^" `+ y2 I
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
9 }1 s- X, n- d- l' c" `
[Google Toolbar Notifier BHO]* K! t3 V) t$ w
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>$ A/ H! S/ f, Y1 g0 A+ y* p
[SearchAssistantOC]
6 _8 ]- B: I3 f6 m% f9 A
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>6 B$ F3 J/ V9 R" E
[SafeMon Class]
# y+ e0 p& q. i" e _
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>3 j& T- q- T" B6 R% e! P) c
[RDS.DataSpace]
" y" o/ s! _$ M4 Y; F
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
2 h( V# M. V1 k
[KooPlayer Control]; `" S5 k" `% l3 [6 ~2 m/ [
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>& G& ^" m) N$ T4 x4 _7 d6 s$ ~
[AUDIO__MID Moniker Class]
) w. ~# @' r' M p6 \5 I0 b
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 d: ?/ g" F: Q9 y! f- _7 T
[AUDIO__MP3 Moniker Class]; {* W d% d( o4 u7 j' `+ M3 G
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 u. z) d f. \( T; F* @0 X: ?
[AUDIO__X_MS_WMA Moniker Class]' f* b5 _% E6 V# ], Q4 }; f
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>2 _3 W6 s7 A3 `, l; D
[VIDEO__X_MS_WMV Moniker Class]
1 ?, e" ?. z: A. t2 P P) o
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>. M0 ?6 k: e+ \, V1 `6 ^; |5 x
[RealPlayer G2 Control]
& R8 g2 r% f4 S
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>% j( Q9 e+ n6 H6 }& n
[Shockwave Flash Object]
, |. W2 g9 r$ j. }6 f
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
; f( W5 ~* N, M+ s& P8 w! x
[KUpdateObj2 Class]! V, j: K' X3 e4 {6 @# w+ h
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>4 w0 S8 B/ P1 T. J
[kingsoft browser shield]0 o3 j/ l0 `; w5 w6 Y
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
8 f* P9 E0 d+ E( M0 y$ N- J
[PasswordEditCtrl Class]
, g J6 s, Y @* e- A
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>9 F2 z1 r4 S1 l- K; Q" d
[QvodCtrl Class]
, F/ O: _/ h i, p5 ^- b0 O
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
$ o9 {7 B. G: u
[&使用超级旋风下载]2 x$ ]7 t( Q0 D/ c; I% ^4 `
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>& ?% {0 p- H( s6 `1 W+ F( F! m
[&使用超级旋风下载全部链接]
3 {( n+ O) B, ~6 d+ J u- c
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
* D6 z3 ]4 e( _- I( K# ?5 F8 D' C5 v
[使用迅雷下载]$ I0 H, a i- V ?1 a8 D- `8 F
<, N/A>/ f. Q9 u. j2 c g4 Y7 i$ y! @% S
[使用迅雷下载全部链接]( a' i* U0 x* l7 u$ D. S* B" x/ c# A
<, N/A>* r9 @8 _) u9 f! \% p
[导出到 Microsoft Office Excel(&X)]
/ ^' s, d: _0 W1 A" T
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
( p/ R8 J$ ?% _; F" _# H
[添加到QQ表情]
9 V1 h+ t+ Z1 i. e7 |% A
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
$ p' ?2 ?/ t" g4 n
==================================
: ] N. K8 ~% h) i# i/ \- M& S& U/ c
正在运行的进程, n1 k8 n; S6 m1 v: D- Y
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 m8 b- g) U V
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# F/ f) p* W9 ~3 C
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! a; Z8 F- o* f; |9 o
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]: }* N' j. M% J0 V
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; y, T. }7 E/ O
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) }( C1 w- t, h4 I3 ]0 [8 n
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ e3 k `% d: p1 {3 E& ~ `
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* O( m, J/ I$ W- l: Q: i4 c8 m5 D
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% O$ m$ [, a+ h0 [! @8 D( D* A
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ A- F2 G! m& D: Z3 N9 m% Z
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
# M4 G. l. U: t5 x6 i( j) H: b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] ]- q- M }% S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) t; W5 j/ F( E, {
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
5 O8 I, E2 m& n$ U# E
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" u4 n9 j) ^* p# f5 _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]/ K& g. o6 c% H' J' w9 L
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
2 z0 y' U- x9 c% l( A) f5 i n( v8 j
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
: B& k8 g8 q: f9 `
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]: _/ q/ o' n7 g
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]! f2 R( V5 [4 v; ?
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" `7 t1 e/ u5 Z7 Y3 i2 |' i- w
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]6 A* h8 w @% k+ X$ S$ a
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]" D+ S/ t% r7 s
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]" Q( g+ e% d7 R$ t6 [! @2 F5 n3 I
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]% V5 ]2 i& f" d) E5 C0 Y; u: _% B
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008], C. r; K7 {2 n6 r/ k& w" s; j) L
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]1 ~. q7 Z$ j: Y# M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% C1 m4 C0 E, K# ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
8 i3 D8 D2 h8 m+ H/ }0 D2 a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]2 `* o Z, d/ |8 z3 u+ y
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# S2 A+ O' s2 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ a& R- E2 t) [* @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
8 S% c9 k3 X f. n- l
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 W- ?- p) M2 J+ H, c8 s
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]) a |5 |4 d3 j3 H/ n
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]1 q# t' R# E& l" f" |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] e9 l9 d8 P5 c l% F% v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( i% X* |0 w1 J+ L# f( b
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]& k4 l5 e& Q' S8 G. v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]) p1 e4 H8 e3 u* n' }. L: o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 x* f4 E3 Q+ b! e7 ?+ Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
O/ H# k, M2 z+ m, R3 m
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 {- _: C0 z" @! d. S7 N
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
1 W: X4 D: \; S6 e2 S6 X0 o- S* r
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# s! Y. {' p9 d/ c
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% S# R! s4 W3 p$ \* A
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]: B7 Y! v* [2 `& \+ p C4 n( Z
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
2 o, T+ }5 a4 i4 H& u' s7 M2 k5 C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- \9 c( |: _! j/ a1 w0 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] l, K: }( j2 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 C8 R: Q, H; I: w: q7 Q' h+ w
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
1 g& N$ D0 @$ }( s3 z
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
! A* k# c+ k, I8 Y0 ]8 v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]; P1 P1 e" {9 v% L1 O( o' Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
: {# h1 M( J6 X% q6 f) z0 {- e* g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
[0 w. G% |" g7 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
9 ]( C. \$ r' g' r$ c K$ \& N) V) e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]" d$ o* P ~7 [1 X2 C0 y
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
9 K1 y: `( s ]" c6 j
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
. R9 J( M$ {# Q
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]4 ]8 ]3 b7 k; Y1 x; B
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
4 v* _8 @8 m, d( R _* q
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
1 H# M) r) T4 ~
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]% {1 ?# K) {6 l- }! G
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
8 Z3 y# ?8 O) d+ ^3 ]' n* q
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]. v! Q( ~8 T# E
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
0 _' z; ^8 K! Y
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]% a# [9 n* o9 a' w2 [$ _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% T6 |: x5 @! q. ^1 R
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
: _" p8 w, z2 u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# R- k7 f# s" U# J( N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& f& L" P2 S9 Q2 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 E1 J' Q# f0 ^, @0 @& g) b0 Y# b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 \: y" T9 Y5 c8 ^
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
- L8 k" g; F2 j1 n% D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" Y7 Y1 @ h" ]5 p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& B( f' a8 \) ^& ]% J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 q" t1 m+ F6 ~* I% S% W8 u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- ^6 ~1 S1 P( r3 S
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
: J4 ^- Y- h6 r- C6 c. n4 B
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
1 x; w" ?, {/ D5 G
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
: o, T5 x6 s: [7 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ R: T. A' @) I% J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- |& I, C# p6 j( R. V" {; O- \$ O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]$ }/ W C5 B& j) k) ^* a: ~* {/ D
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]0 s2 u* c3 E, \' {% c6 Y( q- E' D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
+ Y) {, V, V+ @2 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" m7 o$ E7 ~/ u4 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 K# d" ^3 u( V A, A d, V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ x7 ~2 H: O7 C0 ]
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
' ]2 X( r; I, s; t5 {- o
==================================
& A5 o5 S; t, E: k2 @. S
文件关联
, c& {4 x; F, t6 @+ ] ?. U
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]1 T* Q; ~1 Z4 G! |6 H8 X
.EXE OK. ["%1" %*]
" [, O( I! @) l1 C3 c1 L6 |, H7 M4 @' X
.COM OK. ["%1" %*]; U2 t9 U6 H0 x9 m7 H8 Z8 [ z ~
.PIF OK. ["%1" %*]
) @9 u3 f# f/ z& d P
.REG OK. [regedit.exe "%1"]
' d0 u! k6 L. d7 B
.BAT OK. ["%1" %*]2 U) H( {4 A) G8 W7 R+ c* g
.SCR OK. ["%1" /S]
`4 p! r* k" z0 J
.CHM OK. ["C:\WINDOWS\hh.exe" %1]; Q' t) k8 T7 o# p
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]6 R8 N2 A; P; B d/ }
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]$ \: Q+ q1 [5 h$ ]5 p+ G! v
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]# ?3 k: O. d/ H( s
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]3 G9 f [! g5 `: t4 C: j
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
# f. r r/ l9 s4 B( Q2 o- T
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
6 p0 g; Z3 l* h: ]4 R
==================================
, h( A! X* \7 C# Z; @9 O
Winsock 提供者
Z. m3 n' J, ^- }% T6 X2 J
N/A
9 T9 B6 U. |+ g+ s% t }8 X& ?' h+ A
==================================. B0 S B% {4 ~/ }3 V3 }) B
Autorun.inf
3 x/ p2 Z, ?, g! R& Z( A. e
N/A
2 l; l3 \, p; I& i- d
==================================' B6 E1 l% n$ e' p2 I. E$ w4 u9 }! U
HOSTS 文件9 V6 i+ f: S# f8 Z7 w
N/A
. _( ^2 w* b, g
==================================& l1 q/ m& D: G( I% S& g. `
进程特权扫描
/ Y# {1 }/ N% \/ f, e) t7 \& w2 A
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
0 Z* E( w) ?8 J$ G! B
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE] a+ Z( u" a, ~
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
( h# d! l$ s, c! W, I9 T$ @
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]" O# Z( u. c4 s6 [. ~
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE] j6 [9 `$ q+ Q/ g$ b
==================================
% ]+ }" {9 h7 ^( e X. r4 G0 a5 b
API HOOK
4 w" ^2 ~9 W7 V4 f
N/A
2 l% `" [3 j7 l, P% Z% w) m
==================================
# k v2 o1 Y" [2 u8 z
隐藏进程
6 S6 Y) E# g2 p/ a% X) B- @
N/A
! q0 R- [ j. j" J$ k" Y$ G! S" |
==================================' g& ~0 _6 e- h* C: q/ z
3 x( V& L ]" }, ^

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115