在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

0 ~8 |: @. X9 M: X9 W8 A ?
2008-05-22,20:37:43
% G1 X0 M4 L; d2 F; i0 X
System Repair Engineer 2.5.16.900* X" V: \3 |/ B" }# i
Smallfrogs (http://www.KZTechs.com)1 z1 q* w0 w/ E! C% \% n! e8 D
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
3 b- b& ~2 T( }( J, v2 C
以下内容被选中：
0 ^6 ?9 P% S/ x& f l
所有的启动项目（包括注册表、启动文件夹、服务等）6 y5 F& a- z/ o- p& @) G, C, u
浏览器加载项
! O( D! Q4 s$ P3 ~7 D( H% l
正在运行的进程（包括进程模块信息）8 \7 P3 M' G( o% i
文件关联( ]# O3 H0 n- R, \4 M9 Q& `
Winsock 提供者- X! ~- \; l4 C! _. F8 t
Autorun.inf7 p5 I, u _% N- D% o3 Q
HOSTS 文件
, u, N. J" a2 | O5 ^
进程特权扫描
; O; f1 O( @( D
% P# s' \7 @5 {9 K6 }" D
启动项目 g; f; h! [2 ~" e. c1 J1 G* l. x
注册表+ G8 e4 a' q( M+ s7 h, W
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]# ]$ ^/ [1 S2 j% e+ l/ R
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
* x$ ]; \1 d' l# T* }1 d. [
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
6 K) c5 C& ]( @4 p4 F# m; g' e
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]7 A0 ?3 i$ b) N7 N" I; g
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
6 Y" A# q" n+ c* s, O
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
. E7 U6 z% |( M4 d* F
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
e. z; K: f3 D' o9 }* {$ n# ^0 P
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
- r; C/ i, T5 h6 h
<PHIME2002A><; > [N/A]
s( I `4 a1 p0 [
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
' s C$ S& Z- d; I
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] @5 W3 j; G1 t: J/ b# R
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
" u! t4 \1 Z4 \3 ~, v6 m
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]6 c- F3 n X7 f* b9 D
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]* a6 Z3 h H% Z0 [
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]2 d! V, k" a) `" Z& [, S* {: g: H8 s
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
5 D# K2 K' [6 C% [! Y7 m
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]6 u `8 w" w" C% \0 t
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]# k% a9 S/ x v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
+ B0 h5 M' i* J0 k5 n p
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]" ?3 O: o! X" p6 x8 p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
+ h$ p7 A5 D' x) ~! `
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]4 F3 r; Y# \. B
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
: e- o! q8 b( H! s
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]+ ~7 k$ [: {7 y/ I$ c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]3 ^( R4 a; ?4 j) W
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
2 p6 s/ Z4 ^( ]; b3 C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
3 W5 L" R/ p4 b- a4 m1 B. ] {
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
9 n! D! T0 m* o% A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]. M% J0 W) q3 w. j7 u0 ~' G! C2 }2 w- w
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]8 A) z! s0 Q7 U: `( E
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
5 f% w' z" W; }
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]: D$ P0 j3 i, h
==================================- A8 _" g& b( S
启动文件夹' O$ K# l+ r; g9 c! G7 k9 |
N/A5 P h6 D# ]2 M/ D
==================================2 Y( Y: H, ?* Z/ h7 Y
服务) \7 @2 s* W1 R
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
' ^; j6 n n+ _3 G
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
3 [# S5 e y: }! q- p6 J
[Google Updater Service / gusvc][Stopped/Manual Start]
+ _* s( c0 i9 u0 B4 g" z
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
* x2 Q0 ?( d7 r9 _1 a3 C
[Help and Support / helpsvc][Stopped/Disabled]& a' Y6 [/ X& h
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
$ g7 h' Z0 d, a' y" N3 A
[Human Interface Device Access / HidServ][Stopped/Boot Start]
. E6 y0 O4 @$ T& I3 Y. ^
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
5 f+ O, w: Z, B6 K3 X5 O% \; q
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start], l3 b0 B* ~' Y+ J: v8 i
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation># [, H1 |7 |5 b
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]$ m+ \: t! P" J" q
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
, n6 \& n- H e
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]% D8 z' H) {' l5 t3 J2 i/ S
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
- A+ ]6 v0 c/ X6 M- J! E: M) _7 o
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]; z! s/ m# M" J" `$ J* ~; F
<><N/A>
% a3 D5 |7 L( R* }
[Qvod Terminal / Qvod Terminal][Running/Auto Start]7 |2 Q7 T; u5 ]
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
8 R6 f5 t) K0 u. P& h0 p( Y
==================================$ V; b. t. { a) B$ d0 r" D
驱动程序
5 i3 v" ~1 Z( R/ @$ Y/ ]
[22j / 22jn][Stopped/Boot Start]' z2 e( b7 b2 |, x
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
) [* N! {: r% B, Z# w3 u
[360AntiArp / 360AntiArp][Running/System Start]
. x4 B7 U3 W" W; @
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>; _4 e$ j/ r7 y8 n+ K
[43ec / 43ecu][Stopped/Boot Start]# i8 o! @% \$ A5 z6 y- n |
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
0 E$ }9 |: r* U7 X3 f0 [" {
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
" E; s( R- P0 A/ e& w( ~
<system32\drivers\ac97intc.sys><Intel Corporation>
9 p! g+ @+ t, N8 g2 p1 p
[Promise driver accelerator / bb-run][Running/Boot Start]- @& S: l* O3 u8 N
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
) B- W; o$ \7 g; f
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]+ d* b2 g s0 `- \6 b
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>3 M' M, ~" u" Y4 R# P
[KAVBase / KAVBase][Running/Auto Start]
Q& Y2 C& v! u/ ?- l
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>" z! _, A: [4 k) w
[KAVBootC / KAVBootC][Running/Boot Start]
) U/ _: A1 O! n6 g+ j* t4 x
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>2 i1 z# |4 K( {1 X& o/ D7 R
[KAVSafe / KAVSafe][Running/Auto Start]: m' e% D/ s' m& h5 r" k% l- U
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
1 F4 U+ ]- D* I/ A; z% p
[KNetWch / KNetWch][Running/System Start]
' z0 z0 [ N2 h
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
- B+ m$ a" S% i3 w' F2 \" y! A
[KWatch3 / KWatch3][Running/Auto Start]0 y. B( n: M/ ^. y# p* ~
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>. k2 `5 B! Z! t3 r' ^ R' Y
[ntptdb / ntptdb][Stopped/Auto Start]
7 K2 f8 y2 X# [
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
% W- w4 r. M, I: r+ X
[nv / nv][Running/Manual Start]
) }# w! ~4 b$ i3 u
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
7 f; O- a0 L8 I6 L+ F0 P, y
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
) { F" P3 L1 w( w& P8 _5 A
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
! m! c' C! ]- x, F1 R! e) g
[DDK PACKET Protocol / Packet][Running/Manual Start]
" t. D ~7 g3 |5 l
<system32\DRIVERS\ProtoDrv.sys><360安全中心>. W* L8 a% ~" b
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]( o: g# |" B8 M
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>! {2 o1 j0 I) @7 y5 |3 i' Z
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]( N$ Q; B; n9 X% u- p/ D" f" E
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>" k8 {. X8 u0 Y; S5 h/ z
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
; m% k4 m! C5 A! s* y
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
! ^ {9 E; e! e) ]$ w- P9 h3 g
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
& b. ~2 B3 m3 d+ v0 ^$ f! r7 m
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>+ F, `; X( ~' y1 Z3 Y
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
. X7 T, W, y4 z; A; q5 w( V
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
( _" Z& r7 K Y+ U# v
[Secdrv / Secdrv][Stopped/Manual Start]! J7 ^& ?# o q+ C4 }
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>, o- r4 E' |, h9 D
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
1 g) a9 l* Y* h! E
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
6 j J0 \$ }8 e0 M8 N2 i6 q
[System Restore Filter Driver / sr][Stopped/Disabled]
3 P" t" I% z8 q6 n+ E* \9 ]) Z
<system32\DRIVERS\sr.sys><N/A>
; B3 B9 D. v! |; d* v5 S2 b7 `6 v! I
[TesSafe / TesSafe][Stopped/Manual Start]
7 _# o. [) e* U5 {" x
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>2 t' J- h7 o/ ]# i5 E
[System Services / unzxzsrs][Stopped/Boot Start]1 p9 A+ G1 N% i% n+ b1 j
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
; l% k" e. o( y2 c9 J
[ViBus / ViBus][Stopped/Boot Start]
4 T! r# z6 B$ U1 Z: y7 y
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! C8 V$ a. i( Y+ M
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
- }* O9 ]( I8 M5 W3 ?
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
; {4 S( [1 _2 Z
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
4 P4 _9 l a8 P+ h1 v4 ?" F
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>! P" }5 t" G. {) z- |8 D
[ATI Extend / zhibmaso][Stopped/Boot Start]
( x( F! \; ~+ O' l1 x/ n
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
6 A0 d! o+ ]! c' Z
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]+ b4 D9 Z% y" u4 L; a
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>: \2 L1 [7 b6 Z$ k6 H$ u
==================================
; j8 M! c6 p$ [ O- U V
浏览器加载项( a l. \- K; [1 A" ^, S+ P H
[Google Toolbar Helper], n8 J, t$ W2 X& X& f) L# `2 Y
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
5 |0 \; U) R, v) c2 h- B( K0 B
[Google Toolbar Notifier BHO]
4 A; X }$ H F( s' Z3 |
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 {) J/ T4 H/ L
[SafeMon Class]9 E$ x+ ?0 l- v0 ^: e; l; J% Z
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
A8 e1 c4 N& Y0 w
[kingsoft browser shield]
* q; \0 ]. e4 @4 J& v+ N
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
) ~% X6 Y1 [9 s( E
[IEBuddyExtControl Class]* a7 }" p4 v5 B" P# i
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>% o/ {( o5 I. w
[Zcom 杂志]
6 V/ G4 A: M/ G& O, b' r
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
g# e5 \% b5 B+ m2 w3 }* _, ?
[&Google]3 R! a/ `# D, s, C% R4 v1 p- E9 A0 E, a
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>1 u6 L/ j' O8 B, Q
[KooPlayer Control]. x9 W" \# i1 A1 {0 V" P" i4 L
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>5 M7 C/ I6 E1 O% W
[Shockwave Flash Object]
; V; Q9 w# j7 {1 q8 \- {
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>5 G- _- P: [; X5 t. q
[KUpdateObj2 Class]1 |, E( Y; C) p6 R
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>+ D9 ~! X5 f7 G& R
[Google Script Object]* h! x: S5 X/ `4 D
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
4 z8 A/ d/ O" y2 ^4 A8 w5 n
[EWA Control]
- T( s# K3 ?# J3 h3 O% m( v
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
! ~' F/ W) m: s
[Windows Media Player]
9 r- }# h; G0 }- H6 a. p
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>' m: a: ?4 y" m( i1 \2 b$ b
[&Google], P- T: ~; @. o# h) w
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>$ A- R5 m7 u4 m1 h
[HTML Document]* e! `; u# e9 ?5 o: s
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A># H& m) A7 }0 i$ S5 H# x: c! g
[DHTML Edit Control Safe for Scripting for IE5]
# D j) x7 m2 S8 V' _' r, ^
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>- B' ^! v J8 e8 }4 F
[RealPlayer RAM Download Handler]& Y0 f( v! w- V; F$ r# f7 U
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>" l2 P4 K; c6 y9 z' o4 O
[IEBuddyExtControl Class]( y* h |2 L+ w* ]+ t6 ]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
# |7 f9 X. L, V/ V: b1 v& i! O
[XML Document]
6 J7 m- ?/ G- s4 a% t
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
" j- K v" f% B8 {
[HHCtrl Object]
+ ^* @4 d t0 Y
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>5 v7 V/ Z, u* E' o
[Windows Media Player]
" ?' m. v& y% L) I- m4 H d, s8 P
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> C8 R: i) r" k' r7 C8 H
[Active Desktop Mover]
& m: C8 r8 {3 @- K6 g: s0 X: q% a
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>9 ?' \# B: z/ ]
[360SafeLive]
4 p6 c! K S; T
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
7 o2 a1 z" ]+ g, ]* {* c3 L6 b
[Microsoft Web 浏览器]
6 n8 E$ [' e" S1 r. n
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>* G Z( m+ a! Y6 R
[Browser Enhanced Objects]9 ?+ j: N. Y( y0 {* ~5 f z
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
9 ]; I% @6 J/ [
[Google Toolbar Helper]# F; T- X1 x. m0 o
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 p A, L4 Q$ f7 Z+ z
[Microsoft Scriptlet Component]
; G& O8 R: O2 x0 O9 O
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
3 d* G3 E5 }. w2 q; S z
[Google Toolbar Notifier BHO]
, {6 L! H. M. ~/ c
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
- u* \9 V6 _. y
[SearchAssistantOC]& I$ X0 [. e) W
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
+ b6 P0 w- v- N% a4 q9 w( Z
[SafeMon Class]
+ \( h5 R/ g. F, f# n
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN> n7 O" I6 ]. c$ Z$ T$ B+ g+ M6 u; f4 Y
[RDS.DataSpace]/ b, N; }" g4 {! H, S. ^ ^! G
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
$ Q3 M h' y% q& T; h6 N! J2 i: ]
[KooPlayer Control]* n* Y* v. s' p) V
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
% o/ w# ]% j" s+ A+ k$ \/ R) [
[AUDIO__MID Moniker Class]
0 B6 r a$ ]" d1 _" {2 @! O
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
C0 M6 |$ n- D2 x8 L! D8 x/ g
[AUDIO__MP3 Moniker Class]
9 Z8 d3 g) C9 q) J, [
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>' O6 V1 S; i0 d/ ^+ b, W
[AUDIO__X_MS_WMA Moniker Class]
4 i+ A- U$ V( C/ e/ F5 _# q
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
5 F0 s {6 s' j* U R0 U
[VIDEO__X_MS_WMV Moniker Class]
/ R6 z4 x; y9 f0 z+ L; s- g
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* F9 ]7 c( ?7 |% s7 J' N) a
[RealPlayer G2 Control]
! p+ C7 c0 Z! [" m1 a) |
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>6 M v1 i1 Y g4 P
[Shockwave Flash Object]4 a8 t1 ~1 e7 |
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.> y1 y" ~6 I# b% j" t8 b) D
[KUpdateObj2 Class]
( v' A* O! \8 L
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>3 h( I6 x3 g% P9 ?, O/ o
[kingsoft browser shield]
) R2 g) r/ H7 i+ D% f( F
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
( W& K9 \; @/ Y8 G
[PasswordEditCtrl Class]. {& j$ l) F' Q$ \2 r' g
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>- u2 n" [ R. Y( @7 m
[QvodCtrl Class]
6 R9 u( _/ g8 }. m# I& W5 }
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>! F# z1 w! m0 v* ]
[&使用超级旋风下载]5 H# E& E+ G. c4 z+ r
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
3 C1 j) d& p$ \3 }2 R2 z6 s+ R7 m1 ?
[&使用超级旋风下载全部链接]" M+ P# ?+ F% ]! u
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
1 ]9 O$ c/ B/ O. p! B7 w4 C# P
[使用迅雷下载]
# e7 ]9 c: [# U7 [: t
<, N/A>" J+ D* U' W4 J |; E
[使用迅雷下载全部链接]# y$ K) ?# t. V0 ?( k( u
<, N/A>4 Z. u1 t2 i" n
[导出到 Microsoft Office Excel(&X)]! W- P9 ?0 a3 {$ Y u+ b
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>/ L% ]) [# `8 o- h1 ~7 x
[添加到QQ表情]4 l# B" o( }9 s) U% S5 z; D0 o$ D/ l
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
( {: V m4 i* B1 g9 y- Z
==================================9 }: M3 }! J& I) {
正在运行的进程6 E: J4 M, P* I" A) Y. n) i0 j
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 h- j4 {7 ~0 X: h: M
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], H/ C a+ p% A/ e9 y* {8 r# V/ \
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 Y) k# K) D) T, d4 D
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]& T% A: k* h. n! L: |# r
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, `# [) Q; }+ P0 X8 q
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! v8 p. V6 c+ E- u: H# d
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* {7 u2 t. J$ B; |& a# ^* R
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 Q3 Z/ {; @% m3 h; |
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 n% @8 W: ]+ o0 ?* G4 t( ?
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 K+ c6 p1 h# t9 C; j
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: k. f: f A2 y s' }7 C. g1 _
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]# G4 o$ l) G& f4 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# d1 G: W! U& L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 f( N! h4 V; L
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]3 f3 e5 N, J' a0 k
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# }6 `0 P- f3 `! X* n5 k: {: B8 T3 d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
7 G0 i' P `5 {/ ~9 E
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
( _; r* s% I/ ]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
! R o8 P" U; Y
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]1 W. A: B8 I* o2 O; a
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]9 c/ l3 [/ R9 x0 _# _2 r3 [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' Q3 p ?& S- ^, g4 Z
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
. y' Z# G6 O8 Y" j% M' |
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
7 \% I! C3 ?- a' V* L
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]6 E% R9 v( o" }
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
& X; I M4 T- [4 S2 [/ o1 u9 A
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]" a1 c, w& _' u( c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# m! b f' m2 k8 v: ^1 v) p: m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 {$ w7 H0 F" g! s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: d a8 e: Y/ |7 ?6 G$ m7 \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]4 o$ G7 T$ M2 N* d- B
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& ] Y) Y4 i# @! i& K5 n! Z/ P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
5 C9 l: ?3 p/ H4 ^/ s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ ^# l$ M/ i1 I; K
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ Y/ _" u; h, P# @- D) S. M
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]* H5 w: [) N1 _4 Q r
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]+ L- ^' a" k+ a0 w) f6 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 p7 T) b: p3 U. F/ H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- ]# I4 @1 W9 }7 B% l: ]' X
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
* ]5 P2 P. e& w* g1 ]* i0 Y
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
( c4 C7 U) R% p0 X: q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
0 w" v2 d% f! u4 B4 p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 B& b: E8 J: r
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. f6 v; l* G7 o* B) M" h1 C4 u
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
& V+ Y$ s7 I$ ?- O; C" c( O
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 s7 ?& L$ l' P1 Z1 s0 ?
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# P3 O f3 N1 E' B/ z- S
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]3 M- @- y. U1 S* p$ D- F) T
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
6 D' x5 g+ R- h' W+ M! v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 v/ D' z" n$ o, C4 b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) p: ?1 m4 W% t4 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* o: z4 i. L6 x! `* J& `& G
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
6 q/ c: B S7 X; d) x- `
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
. f" U7 J& [0 F, X6 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]3 o) G% r7 ]7 B' A8 f! c* e# i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]4 q0 z, v4 q- V; i B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
7 \) y6 S5 G- Q |5 v' G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
L; o5 a9 a. @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
8 {9 V' d' f0 |7 T
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
: z% t" p& n- w% ]8 v1 v! Y
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]7 D' O% h' R+ O/ L, v ~
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
5 `$ I/ e' T6 O
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
; @5 x0 @& e8 o
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
1 x% b0 O% e7 M* V, T( r4 h
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
6 @8 B- F2 J$ ]' K1 P/ p8 s
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
$ B3 R0 w( M& s. T: e- ]
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]7 s! R6 ?! b: w* |
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]3 s) i9 }9 k- S1 n/ ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]; e! y1 t) c6 e/ R+ o& g' g" U5 v
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- }) @. `- R6 M7 k
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]2 Q/ l6 j: V4 n% g7 t
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]$ N4 e; E- F% s* w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] T8 k/ J7 s1 t! c& \2 a' q, Q* q2 j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, ~) t& S, X6 Y: q" E7 Q$ j' _6 G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% h0 i3 e3 W# M9 h1 Y) q
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201], X: Q: l. O+ ]" ~
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]; G- t8 o1 N$ c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( S7 F7 g* E$ o# K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], k9 o& A7 N# |' O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& R. l- `% W' j
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]# l7 B% A2 H# q& G
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
2 H$ Y) P. x7 w, L$ x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 V- s- {6 E2 O2 g7 r* Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 B# f, n. x" z! p+ J: Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 F, E h; m. [* k5 }8 e# J3 S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], c I, ]6 m, L9 J
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]7 P$ F' N3 |3 E ~7 I" r9 k5 u
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# ^+ |8 v+ ^1 E$ ^* Y9 U3 k. m9 j6 }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' g% O: M( d+ t0 d" N2 C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' ?: D% `% L Y/ ^; v$ D% ?3 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
) S2 b% j0 s% E8 x2 V, s
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]+ }, Q7 I2 q7 R& p7 \& P, z9 E
==================================
& v7 q: H! @1 l& s9 m' {1 j
文件关联( Q2 E! V- J5 w1 E
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
) T- a! c( `0 K' |
.EXE OK. ["%1" %*]
) s7 ]; \1 _6 ]# F e/ q
.COM OK. ["%1" %*]
/ r! d; u7 \, V0 O+ f/ ?, j8 o- a/ m
.PIF OK. ["%1" %*]3 a$ X% F- B* t! K* E) s
.REG OK. [regedit.exe "%1"]
" j i6 x ^0 o: y# m& ~
.BAT OK. ["%1" %*]; g1 r# [3 ?! t+ o* p
.SCR OK. ["%1" /S]
% J: [4 `4 k0 N* P
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
* J, x" o+ b' P4 [7 r! q
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- |2 @' l# e0 }- C
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]8 U( r5 |+ @$ a) k m
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1], x+ W) B- x4 }4 g' i& @
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- Z5 K+ J6 V( y5 Y! E- T- u
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]. Q. a d; u/ [/ H/ Q
.LNK OK. [{00021401-0000-0000-C000-000000000046}]" Q) u, x) U9 K
==================================
" X8 K9 {# H9 |' T, g: L) m
Winsock 提供者- x: S u2 f8 P# F% Y6 o
N/A3 M( V0 j7 }8 y$ {* i
==================================5 X9 ~% k2 j& C7 M* T& C
Autorun.inf
8 q* a2 I: L( p1 p* E9 g
N/A
" y2 M; G2 h1 O' n) J* ?
==================================9 f; A5 N( {* D8 _
HOSTS 文件
. z; |8 \/ F6 ?8 K: B6 m
N/A
. q' b, k4 p/ b" R2 x+ o# Y
==================================# ^/ }" E* B7 @/ c% i. d n& v
进程特权扫描
* k" c/ y2 J- i" V2 m0 Z$ @9 R- T
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
' J; d5 L& [8 o- E4 \
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]/ C# ~! d% F) _/ _! f
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
; @, V; M1 e8 j6 {
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
5 i. ~% S2 ]5 H- J# M: ?% h5 R
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
8 }8 Z& n8 c) j- ~2 _7 z8 ?
==================================
# r3 r2 U a7 ?5 N
API HOOK
6 o: B6 a6 X$ Q( `% p" }9 X
N/A- X$ R h* B4 [9 t* v; {- [
==================================
3 @+ l" |9 O" y J, G4 W" V+ d' x
隐藏进程( v9 J- c+ P/ I* K
N/A3 A* s8 f. w- c1 B6 ^
==================================
1 o% f' g* d4 ?! U1 O J$ r1 T
* N* W m4 V# i& X1 y. |; z7 `

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115