|
|
7 d% t. t9 m I/ \- g+ e- 2008-05-22,20:37:43
1 n; ^3 E! u# L. l1 P) W$ { - System Repair Engineer 2.5.16.900
7 q: ]# c+ V& q" v$ z) W& @, k% ^ - Smallfrogs (http://www.KZTechs.com)8 J) H$ l( Q8 j! ]9 K' _ i. j
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
% B+ Z4 d" F+ Y9 I! o) A - 以下内容被选中:) t ]. ~6 v6 ]
- 所有的启动项目(包括注册表、启动文件夹、服务等)& C) w/ D) v9 [; ~& Z
- 浏览器加载项
$ H4 b Q. }1 ?9 O- T - 正在运行的进程(包括进程模块信息)
, ~! b+ F. o- V - 文件关联5 z- d8 G, k3 E7 e- n0 ?8 F
- Winsock 提供者
5 z8 R8 w& F u1 z: K% v/ J - Autorun.inf0 z: x- B2 Y4 W. y5 g7 v
- HOSTS 文件+ o8 i# c) G# g/ S7 W
- 进程特权扫描) H- E( j0 C5 K6 k. e4 x
5 D [& ~1 N$ Z5 o8 }& u$ E* O1 p- 启动项目4 K& R" ]2 p# u" J. I9 w9 Q
- 注册表
% {# t' @% s) l$ }7 g1 T- R* I - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]- a1 C Q* R. D: r7 M2 a9 R
- <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]1 f; T6 \: P: Q$ p
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]" {3 {9 C: H2 B: u# j9 {
- <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]; L& G" q7 u5 D) i
- <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
8 q1 P; s) R& J, b% F: ` - <360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
* O9 J) c8 P! G& k - <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]6 P* D1 f. T/ w0 \9 ^8 p8 @2 a
- <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
% U4 V: t5 b1 d' V4 A. j - <PHIME2002A><; > [N/A]# s0 O7 w/ E/ x+ S: j4 c/ }1 ]
- <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]. L* ?/ H5 Z$ W% f9 ^
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
9 N, g3 R; X( \; i9 |) Q - <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]% W9 m( M* [1 c
- <Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]' D* Q8 N4 F1 l- H
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
# n# j9 V5 h7 i! z) o1 b! y% j, f - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
/ J! n' _7 i' W - <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
3 P4 X- T: ~9 [ - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
2 n! R7 a7 K; H/ r - <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]+ L% K/ z8 O$ g
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
" ^/ Q! u! ?! l4 f4 y" C* ]1 A) M - <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
2 @2 i' n+ ~, R- B" Z" ?" A - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
0 o3 E7 u% B+ `- b - <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]8 a6 S1 f2 P4 Z) o
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]! ]# N4 F% p4 J* v
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]5 p+ j# M9 {) t* Z+ C# q" g$ e7 T
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]4 M9 q+ I5 i2 t: G
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]6 b' A& @+ J5 r1 d% h
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] C: |+ t; c3 W2 f4 x# H
- <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
$ \& G# W9 p; t$ ]# x - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
1 B, a, P% C9 A& a1 M - <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] D$ y& S6 ]# O' g& l; b
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]8 H7 `2 G- Y" L5 G% S: j
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]) V! ?' ?3 y* R' e
- ==================================
5 {- P. J- x1 ^: b6 R1 B0 A - 启动文件夹5 a3 p% S L3 A7 G
- N/A
/ E0 c. i, a! \+ `( R - ==================================( o/ @" Y( x8 _4 N
- 服务; u/ |7 j/ v( X3 A8 v8 R0 @5 ]6 u0 T1 w
- [3ware Controller Service / 3wareSrv][Stopped/Auto Start]
2 _6 c9 E+ u$ V: _, c/ H1 a# F/ k - <C:\WINDOWS\System32\3wareSrv.exe><N/A>' W) W$ g' g- n* u$ U' z
- [Google Updater Service / gusvc][Stopped/Manual Start]
; y% L8 u& o8 d9 K3 T - <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>; k7 i; X8 o' C8 k) k
- [Help and Support / helpsvc][Stopped/Disabled]
/ s$ {- v& c9 _3 W# X7 P3 s+ w - <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
! p4 Q/ D I4 T' J - [Human Interface Device Access / HidServ][Stopped/Boot Start], G) ~1 q3 l) l7 y- Q8 N' m4 Y
- <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
0 i1 Z: A. z( o$ d, x% V - [Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]' ]2 n8 m+ w P' {, t: Z
- <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
) }7 T6 ~- I( O2 m) B - [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
3 n. ?- c3 ]7 `$ ~ - <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
9 Y4 D5 s- F4 U1 d5 e* \0 w7 ~! a - [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]# Z4 H, J) }* l2 U
- <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
) a2 p' R0 d \1 ]/ h. W - [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
+ k; x* {/ I' B& O* a: G6 S - <><N/A># Z8 ~. n$ ~: ]
- [Qvod Terminal / Qvod Terminal][Running/Auto Start]# {3 d' s9 T7 x" _$ N/ G2 M; a
- <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>6 l x2 r( q( y" \$ `+ G# u
- ==================================
* @; h. M, h0 _0 }9 F; w* f - 驱动程序
+ \- h/ X1 E% U, q( |7 N - [22j / 22jn][Stopped/Boot Start]
: k: c( D8 p ] - <\SystemRoot\System32\DRIVERS\22jn.sys><N/A># Y0 ~2 q8 V4 {0 B9 K: t
- [360AntiArp / 360AntiArp][Running/System Start]
& r* J0 j# p# \6 R, |& t. _ - <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
8 n$ N9 n1 [# x2 a4 W% t - [43ec / 43ecu][Stopped/Boot Start]
" i' s" S! M |+ o0 B" b - <\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
: V0 @! p% u. S( T% d$ t - [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
, d6 r: @4 Q. y+ y( S2 o* ]% r/ L+ h - <system32\drivers\ac97intc.sys><Intel Corporation>
0 \% U; l+ l1 u' G0 l8 D5 U - [Promise driver accelerator / bb-run][Running/Boot Start]: H- ~( {* U# \# L% {# q6 ]( x
- <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>: e4 x3 t) b- R- a
- [Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
8 O7 J! V* E! A" U( j6 q- G - <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
" v6 S) m$ h2 O - [KAVBase / KAVBase][Running/Auto Start]
+ G1 F k! b8 v: q' x5 A" p - <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
# }; d) l C9 v - [KAVBootC / KAVBootC][Running/Boot Start]
, N% T. b _$ ?; R' d; } - <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
* L! o; w* S4 C: m B) R* ] - [KAVSafe / KAVSafe][Running/Auto Start]
- ]: B$ D! o: m2 w& N2 ~& p - <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
3 x3 W) W* \% N6 x) e0 w - [KNetWch / KNetWch][Running/System Start]
- g2 Q0 p2 r1 Z4 j C - <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>0 _' V6 R; L3 P$ {8 L: `
- [KWatch3 / KWatch3][Running/Auto Start]
& F* C" |) v) H8 i - <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
h3 L" O/ s6 _; b, u' y5 q - [ntptdb / ntptdb][Stopped/Auto Start]9 o& L! p0 t! D0 E2 t+ n0 ]
- <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
8 _. y9 P/ s$ l - [nv / nv][Running/Manual Start]
# v# e) x( c0 }! s; `$ g2 m - <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>7 c- F2 ~- G5 l2 O# A/ e3 z1 H
- [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]: r. n- f2 t- x k. a
- <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>" C ?* ^5 F* k$ c, {
- [DDK PACKET Protocol / Packet][Running/Manual Start]
$ ?$ z, u9 l P0 s - <system32\DRIVERS\ProtoDrv.sys><360安全中心>) I1 R+ q6 Y1 s* w4 k
- [pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
1 W W6 w4 W8 s: J3 J, V" j/ W - <\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
0 r* K0 y+ S2 U: I! o1 E1 P - [Direct Parallel Link Driver / Ptilink][Running/Manual Start]. Q9 t: a( D" t0 {* h G
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.># j o! D) @- @. s
- [RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
5 P- p/ g- Y% j; ~/ } - <\SystemRoot\system32\drivers\RsBoot.sys><N/A>
$ P, G% Z7 x6 y8 R9 q9 o' P - [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]; b% f& t$ v" u0 r( X
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
4 t# t( b8 ?1 o/ D - [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
) B9 p, U2 x/ ] - <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
8 C5 W) h0 n# h, ~6 V - [Secdrv / Secdrv][Stopped/Manual Start]
( y& c9 P' y0 {, P( ?0 o3 @' M - <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
/ l( Q$ C1 M7 c7 d - [SATALink External Device Filter / SiRemFil][Running/Boot Start]
& O6 H3 ] s% i/ d - <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>: }, T* }0 b7 f- X; L4 D u2 C
- [System Restore Filter Driver / sr][Stopped/Disabled]
4 m4 t' N. F q+ I: V/ s- x- q - <system32\DRIVERS\sr.sys><N/A>
1 I8 s/ h k, G - [TesSafe / TesSafe][Stopped/Manual Start]1 R# ]! n4 o9 E$ S
- <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>/ y5 W. A7 O( o: _; F
- [System Services / unzxzsrs][Stopped/Boot Start]
5 j0 O& Z$ q7 {6 E - <\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
5 t5 E5 h j- J, H; q% J; b1 @ - [ViBus / ViBus][Stopped/Boot Start]0 c6 F0 V' Z) F* b ?0 S8 N
- <\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
8 u1 M( S8 S) j" T - [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
3 p9 d! N- y* q' T2 S/ m/ G - <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
% {* `5 d3 ]& A - [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]; [ c# B* E/ Z" A7 C9 |
- <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
! [0 |' ^9 E3 g* N# U! v+ v/ L. t - [ATI Extend / zhibmaso][Stopped/Boot Start]% M3 H$ `. d1 ?: r( L
- <\SystemRoot\system32\drivers\zhibmaso.sys><N/A>( e* L+ x' x5 T% s4 h! z6 o
- [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]0 Q% ]8 C2 [3 Z
- <System32\Drivers\usbVM31b.sys><Vimicro Corporation>* y# }* d( X9 k
- ==================================% U% v" I) q8 R3 I" I. R" g
- 浏览器加载项/ W4 n: y& `! Q# a* j
- [Google Toolbar Helper]9 A$ _" C b/ I c( }) ]
- {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 p/ l% ?) C0 Z% E+ z* ?3 x
- [Google Toolbar Notifier BHO]
) X2 n; z: V+ a3 j* s% O( [ - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>" h' s H/ g" |+ v
- [SafeMon Class]
% f& T' D% \1 j - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>! k, K3 n! R( v$ U8 G/ n$ @
- [kingsoft browser shield]
5 J/ L& K7 O4 i/ }5 R( b - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>+ H' p' n+ N3 l# {) R% J+ Q
- [IEBuddyExtControl Class]
* N9 z+ a5 }3 q7 r" ?. ^+ j/ p9 l' j - {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>. K% w: h( J4 z) ~! d
- [Zcom 杂志]% n7 f5 e- e: U8 P
- {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>+ B2 @" M/ ~& f/ t. V6 f
- [&Google]
2 P( k$ ~" w6 Y5 a* s' |9 ` - {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
( k+ g6 U5 h/ r9 k1 L4 W- ]8 w - [KooPlayer Control]0 l3 J8 S1 ?6 H+ X
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
% W2 ~1 N/ C/ h - [Shockwave Flash Object]8 B r0 |- Y5 b, L+ I/ }5 H9 u
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
$ X- W" W7 T& |8 h+ l9 I - [KUpdateObj2 Class]
% l3 g/ T* T0 g) \% t - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
5 p) P7 c3 l* i5 m, C, w - [Google Script Object]/ t' o' |1 B; g: t: `
- {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 G- o) Z4 [) _* h4 k _3 ]) l
- [EWA Control]
6 i W. H* o8 ^% w- O) u) D8 k - {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>+ p/ ]8 @% [0 ^5 c) d: S2 v
- [Windows Media Player]
( u$ E% J5 }$ W - {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation># n' C' u& j% H& n$ J7 |1 s
- [&Google]" m; ]. T7 j3 T p* a0 [2 w
- {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ Y7 _) ^3 Z" s - [HTML Document]
3 [0 b" R4 D( L8 `9 d- x+ q# V - {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
+ U, ]5 G5 i6 F6 W0 K1 y3 p$ @+ I - [DHTML Edit Control Safe for Scripting for IE5]
' b6 E- `+ H/ f8 n - {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
- i' K* f# d2 H - [RealPlayer RAM Download Handler]
4 M. X5 J, t; @/ h1 b - {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>) \2 b0 C" \3 W* s, O3 T& c
- [IEBuddyExtControl Class]* j1 E$ Q+ Y# X
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
0 K3 f0 T6 ]% `' Y" R7 L - [XML Document]
( g2 [7 C4 B. X% T2 Z. ~* O0 v4 ` - {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>; L5 d7 I# _1 T5 X' [! j: |8 }
- [HHCtrl Object]
. w0 u7 E% l0 {+ j+ V, N - {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>7 k* `: Z1 T. I4 f0 s7 u! \; W' K
- [Windows Media Player]) g4 H+ V9 u: Z4 l" M2 S& g. n
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' G% T3 s" V% q/ t2 k - [Active Desktop Mover]
. b+ N8 g; |6 S! \& R+ k - {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
7 g. K5 F, C7 e* e8 d" ^, X - [360SafeLive]; }% c6 m1 i' q0 n1 A8 ^+ }
- {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
1 E7 P- O) B* s. b7 W$ F% } - [Microsoft Web 浏览器]
9 ?, z& S' m' m, q: z - {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>& `. u' U- w3 ]7 P4 \
- [Browser Enhanced Objects]
@. s D5 Q5 V, U% T0 p - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>$ ^) B: @' u1 x# d
- [Google Toolbar Helper]% p* x* A) w7 \4 R
- {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
5 O5 j2 o" D. ]3 G+ h: |6 v - [Microsoft Scriptlet Component]9 d$ t# C& Y/ z
- {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>/ h" x9 D. x/ ^$ q, f8 b
- [Google Toolbar Notifier BHO]
+ {/ y- ~* ?! P; ^5 J - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
- p% t8 y7 m: m4 ` - [SearchAssistantOC]' _5 [! ?5 }" [ `' [9 N' h5 G
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
/ T+ t! k1 f) x, s - [SafeMon Class]' M) a& Q i- F/ L7 b
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
, s. i. x1 `/ Z7 @) k& W - [RDS.DataSpace]
7 g7 i; Q3 R, ^0 o - {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
8 T; I( u% f" Y1 [' o - [KooPlayer Control]) j/ i: V$ ^; m$ a' c5 q. u K
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
( a' ~8 u6 p. C% ]* x( B* |' ^$ W - [AUDIO__MID Moniker Class]3 R b1 h+ w+ ^) @$ v: Q
- {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
6 P8 ^9 l" s( B7 n8 M6 g7 |7 ~ - [AUDIO__MP3 Moniker Class]
# I) F3 q w( k* O) J: {* f - {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: W! d% L T% J/ S$ g0 G
- [AUDIO__X_MS_WMA Moniker Class]3 q x: F& A' T7 ?* y E$ }& j
- {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
7 c/ [! c ~" p9 F' h5 r/ n8 x - [VIDEO__X_MS_WMV Moniker Class]
% Z2 F1 [5 n( k2 r# [ - {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>. a; U) e$ N$ B3 S
- [RealPlayer G2 Control]* h0 P, W0 l* G' O9 J. Z- ^
- {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>, Y* a0 X% w3 [- m
- [Shockwave Flash Object]7 `" }) K' ^& D) C, x3 r) i6 T$ R
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
. B! j: m) i1 t$ S - [KUpdateObj2 Class]
+ A& T9 N% S3 i) c* x7 Q - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>2 Q" b0 R, ~. E% H4 t* t4 i' m- o
- [kingsoft browser shield]; `6 H; u5 T; K. D% `
- {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>' b+ i$ t* s3 E; X& p2 m$ q& N
- [PasswordEditCtrl Class]
7 z' t) J& c" q n - {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
, l8 ?; M# h2 n2 ]3 v& Z! V - [QvodCtrl Class]
, ^6 L6 M0 p4 z( q. S1 |: Q - {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
2 b" S6 p3 r: P2 W4 ?% E$ S - [&使用超级旋风下载]
$ d* {% w, j9 ]8 V" R3 Z* c" ?( Q' o - <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
' Z. R7 N) r7 `7 p( ~ - [&使用超级旋风下载全部链接]& M9 \4 _3 x! Z/ t4 @
- <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>: G/ \: ?& Z* Z: w B
- [使用迅雷下载]8 p1 Y% s8 q# ?6 B! H4 G1 I1 J( Z
- <, N/A>
& ^1 h! s e# m! F+ g - [使用迅雷下载全部链接]
! h j# K* U8 P+ B& S* c - <, N/A>8 W, C0 }/ [% g* g8 L6 u/ t. P5 a
- [导出到 Microsoft Office Excel(&X)]- L3 H/ k* R* p4 x+ t
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>3 u6 W- G& Z0 D/ n7 H1 b H
- [添加到QQ表情]
6 o, `; \+ N. v8 O - <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
# N& O5 N$ g; P( z! l( B- U' l - ==================================
9 f# D& w, T. q$ m' |0 f - 正在运行的进程* i. }1 V9 V) v1 I
- [PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 J9 r2 U/ m6 B: U, g* e3 m
- [PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- ], |( c$ I; i7 R) n: `
- [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ o% a* S3 D. `$ C% V3 J8 B. K
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]1 x( X# U* y! m( A W& k
- [PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 y' n& B+ E3 p f" D5 Q
- [PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: k) e& c4 N, f* d* {' ?# j* k) z+ l
- [PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 \, T8 `0 y4 G5 o: a; ` - [PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 x" U, Y2 L3 t% o& j5 }8 X - [PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" U4 O0 n* d2 U+ T
- [PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 q, P2 @3 r0 p% z3 B
- [PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 i: n" I" B1 i1 M% r, j; L1 w6 x; |
- [PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
3 D$ c. q! |* ?/ n; @' r( s( N - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 t/ Z U" e# U7 s/ @1 w
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
# u' ^. q7 r' e$ E! D; s5 J$ q - [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]* Y1 R9 o& o$ D- J# j. H' C ]
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 G3 `5 G- y2 X, O0 c; j: w! { - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
) m' S+ Z' C1 | - [C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20], _/ K/ R- Y& P1 E0 Q
- [C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
' C: f3 B" P& _9 c: `& t - [C:\Program Files\WinRAR\rarext.dll] [N/A, ]! p0 s& \. c ]6 e% J
- [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
2 f4 L) C# V j8 D/ u8 h1 a* D) V - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; f9 q5 U2 B/ `9 R! n8 w
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]) ^! Y# {0 w1 z6 F
- [PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]/ Y2 L3 ?3 C8 z) ~
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]0 L4 A( D4 n3 @ F H8 E
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
' `7 a% k" l& S+ N6 t - [PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
) a8 R; l/ L( c$ ?& c - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. J$ U8 ?% A0 c7 B8 P$ W
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, @6 B7 Y5 L: _% A7 T$ k - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ C( p" Q' p- i8 r- R* p& f
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 q0 X5 K& K1 Z# E/ G - [PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( U9 `9 x( a0 N$ C - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, F; }. f9 v( O3 Y% s k - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]0 q+ u9 a& `9 L: d1 r- j
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 r( P4 B- f+ q, l3 m; g$ e - [PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]' @9 ?8 k. G5 M8 s; n
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]2 q0 M5 W9 s% Z
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' {/ I/ \) }- M E0 _& p6 l3 K
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 b8 P' T5 i5 O" ~# d. m l9 O - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
% F' r2 L: [+ D3 L, I9 U$ s. J$ E - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]' P! b8 c9 B6 H5 g% v5 t) D
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 H9 m, o# G9 B E X - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- e- {$ H; A- w4 G3 }4 L. [$ Z" a - [PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- b D( v0 P$ Z0 N$ @1 A5 u6 r8 P! T - [PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]- ?1 @. t0 n0 E5 V; ^, L$ Q" {0 V3 A
- [PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 s- ]% D7 }; o2 m1 @6 O e
- [PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- }3 f: Q. E, v5 ~0 p% N - [PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
# P. Y, A- ?# m3 C, U6 a - [PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
& a6 f$ e, N; N: ?8 {" } - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' Z& J+ z+ o# O; F0 j
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 m, Z% D6 n1 }- W5 q) u* f - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
% Z4 c+ ?/ n0 m G3 o - [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
" v8 N. c7 G" D9 k M* H; P - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]/ K9 k; p( S5 v* l; E' z' M
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]5 R: L) _6 x8 t0 T% ^% ~6 K
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
* p7 o8 F0 V; U4 X0 v, \3 u - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]0 W# [1 P/ L* C1 b0 z' f
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]. n( D0 e6 J: L7 P7 [
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
/ X4 j$ b; m0 ~0 C2 N - [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
; i( E( U1 x n2 }: L R: | - [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
$ C( B' \/ z( i - [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]8 ^$ X/ H% J+ N. B1 o
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]+ s- ~0 v3 ]( Q0 o: X6 M5 g
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 r4 S" y" U* {, ~2 a. L. ^
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( r+ M# Q( c: m# w. H$ `6 \
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]: i) _/ p- o1 D
- [C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
+ k1 _1 x/ h7 L7 [! z. L3 B" n - [C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]. r5 [( X0 `+ w# D* Q
- [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
3 ~7 b, i# d- s1 S - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. t9 Q M7 l* y( \# V( d4 l
- [PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
: g6 H& S+ ]9 h3 {; G! X/ p) q - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 N5 i$ O1 D' I - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
+ p) V. p; f* ^% l - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: V; y$ q( n2 S$ k
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# n* E0 ]9 G9 O
- [PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
1 d$ p# r: Y4 B) D - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]4 p1 B& o7 O$ o( C$ r5 ?- p
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# n4 [$ `6 z& v' x: l1 i7 z7 K
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; j! h E: F- g" `; z - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
, C4 l% W9 ]9 D# u5 n! y4 n - [F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]/ c2 R/ {/ v% A1 Z+ q, r3 N) }
- [PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
5 O+ b- r" _* [$ M8 r - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] }" ?: o& i. s) i& ]8 v
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 s/ ~: @0 G$ u% o - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
$ q* `% H9 f4 h9 j6 m4 \1 z2 { T2 s - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
* P% t: I# \" K9 ` - [PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]; `2 d- `% i8 j3 Y0 ?# t
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ o) _% j- ~! H! \/ M s
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 X! K+ m- Y% ]5 P+ ? - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 j" N+ q$ U: P/ n. z9 P. s - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' g- ?& O4 l" k! n - [d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
, x5 }3 ?7 i6 e5 s# i - ==================================" m4 F9 ?' e, E9 H4 K a) V
- 文件关联
: _6 _( `' X! n/ l2 n4 ]8 P5 Z7 A6 p- z - .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]3 e6 P9 ?; q' b/ C" `) K% N
- .EXE OK. ["%1" %*]* r) t3 U. `4 d \5 L. [6 z
- .COM OK. ["%1" %*]) G' e4 ~7 |( B& a4 f
- .PIF OK. ["%1" %*]
; J: F' J- K/ m" L: @ - .REG OK. [regedit.exe "%1"]; r/ N! F6 i. r+ o7 f5 s
- .BAT OK. ["%1" %*]
& ]- k# q# O6 K8 b1 Z% B: v+ R; K' u - .SCR OK. ["%1" /S]; s. ], X# o! N- s+ L6 g. w9 u
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
1 B# [( g7 o1 }8 Q5 [" x1 K - .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1], t0 Y U8 J* M
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
; x- G7 i6 @4 k. o. v - .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
+ k( q i( \ j0 b - .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]" U/ p$ R% A/ m7 c
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]* v4 D b& W, M( s- q) T3 @
- .LNK OK. [{00021401-0000-0000-C000-000000000046}], O4 |- |. X6 _ I. b1 H1 I
- ==================================
' |- a/ W7 A Q - Winsock 提供者( G7 z! z- P7 z) ]+ a
- N/A
o4 Q9 p# r: u- S - ==================================& m N6 j: y. M2 F% T# I
- Autorun.inf
1 d* I7 |2 | ]2 K$ x; c - N/A2 k8 _$ K) B- v% v" N# v3 B( x& j
- ==================================
- z/ J! v: C- a' d* i) u( T9 i1 ` - HOSTS 文件
1 {8 C+ V) ~9 w) \% q6 i - N/A
$ a5 [3 y$ R$ k - ==================================( V$ ^( X' d; v( x. [) M
- 进程特权扫描( ~% I& M2 U) h( q4 x. X+ m
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
$ e2 M. r0 g0 @8 f$ L - 特殊特权被允许: SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]3 S" [9 a0 F/ T) t5 H' c% W
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]$ m* J. W3 q# e* A+ f# u- _; G
- 特殊特权被允许: SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]" C+ p, v2 p" u$ g
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]' _3 x7 w* X" D9 Q- ]6 N$ n
- ==================================+ l z- g2 [8 m: f
- API HOOK
; T& g& S& O H! M - N/A: H7 ?, @. Q4 b4 B" S
- ==================================2 R: w6 W6 z. w# t0 [: k
- 隐藏进程# ?9 @9 L! x; E0 { H5 K. A
- N/A
, m9 Q p- I2 e! r - ==================================
+ Y8 s0 k: _5 l- n9 ~+ F' }& v0 ` - 2 }+ ^2 s) k/ `& h3 Q1 H( c
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
