在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

J* _. b+ J* j: t: ^% r k
2008-05-22,20:37:43" s1 D- u. p0 H4 G( s; B
System Repair Engineer 2.5.16.9004 b% Y' M( x' O! ]& G9 w: j7 S
Smallfrogs (http://www.KZTechs.com)
1 {4 X$ S, z4 W9 I$ s% u- N+ K
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能4 y# U. ?' O7 Z, a' M
以下内容被选中：" R, \7 ]% o r6 E. M: [# l, Q8 U
所有的启动项目（包括注册表、启动文件夹、服务等）
) k% H4 j: |) ^3 R$ m
浏览器加载项
: `4 q- J5 m s }" j) N" W$ O! c
正在运行的进程（包括进程模块信息）
- A# V7 X/ p$ U5 S* W; j
文件关联
2 \2 }* S; b Z, Q. q3 \: ^
Winsock 提供者
# B* i. }5 D* H( Z4 I8 i* G Q
Autorun.inf3 G" k% A4 M: W% C
HOSTS 文件- l, A Z7 b" q
进程特权扫描' w0 D5 G1 p6 F! P
# p r2 u1 L- {8 g% n$ {8 x: L+ Y1 J
启动项目
! {7 X) m3 G" o) m9 h
注册表
# Y8 r( ?) J X5 d- h
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
9 K$ R1 ]" `4 j6 C. v" h) b
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]8 n# V4 H! B$ t
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
/ s7 C: Q e( O4 m
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]8 b9 |* v4 G7 V$ L& V/ }
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]0 z& S( {2 W) B" J: q4 o& k# e
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]* Y' Y. F4 I( P7 {& i5 B) H
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
' c3 [8 f3 ]& ~3 p$ F8 q3 O9 E
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
3 e5 {: Y9 a* z9 ]- e5 ]
<PHIME2002A><; > [N/A]
$ L5 x+ r; e1 O0 G# t
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]2 x& X# @5 F5 \5 H
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
6 I3 y" l0 D% U! g2 x
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]0 w: t2 \' R$ G
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]: h% P9 N8 ?# l# s [& ]4 c
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
. g0 `% Y5 O. q0 \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
; q: E+ X5 ?* B& O
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
1 k9 p, \- a+ x. N) G2 L$ Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] y! i$ x$ x1 W; X; O' E
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
/ a' i0 @# e, X n/ S4 f" T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]$ L8 ?0 c5 X# o7 k% E$ u, f
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]2 H4 }& i4 t3 A3 y" a' D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]8 v6 I( Q1 P8 j/ M( H
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
' U2 Q9 E( w' x# w6 U9 m
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]- f% I; f7 R& m t' w: A& @+ I
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]) d& |- Y8 `" U6 y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]: ]0 N5 r$ g/ w3 Y
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]4 I$ c9 H6 f4 O9 k
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]- {5 I* C. ?, ^1 a6 b
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]# O; R3 L6 g( l4 _5 _) {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]% r& r' q- |% @
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]- K* k2 \. b9 u+ @+ u, U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]; V! O' B) n/ U
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]; G0 B/ o, g" A+ F
==================================$ s0 l; D" m( p' R& |
启动文件夹1 {7 ~$ L, N& f+ k( Q2 w/ ]" k6 i
N/A1 j4 J6 ^. W5 j7 q! } B) s$ r
==================================
7 H: \9 h$ {4 d9 s+ [- [3 z
服务
; D$ v) ?1 X0 r$ w$ p5 t
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
# c# `. y' y8 k! x9 B$ e6 H+ G; f
<C:\WINDOWS\System32\3wareSrv.exe><N/A>6 J& L. V* r% b4 j7 x# `
[Google Updater Service / gusvc][Stopped/Manual Start]
) ~3 c9 X" ?- S! g5 I
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>1 G2 [0 F8 x8 A$ C+ n6 g
[Help and Support / helpsvc][Stopped/Disabled]
, |. d7 K4 o$ j, e2 l
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>, q" a% d8 l; o5 O# \9 Z8 Q( x8 O
[Human Interface Device Access / HidServ][Stopped/Boot Start]
* ]2 Y) y0 I# J1 E
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
# {# A4 e; w# v# ]5 |
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]: X* v6 [/ _5 [0 k
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>1 h& A5 s5 Q4 A- s
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]( q# D/ `5 t8 U
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>; T* t+ E. B" P( G& I& m' L; e, _
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
, y/ O3 v4 Y" r& X
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>- m+ l- M( z$ I3 ]3 N' y& A. ~
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
8 b0 o! r) m5 G M! Q. v& F
<><N/A>
6 r) R- S0 n: b) i
[Qvod Terminal / Qvod Terminal][Running/Auto Start]; M' W" X0 M5 E/ z5 L
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>8 G% h. r2 |2 d- Q6 H- Y7 J: J
==================================/ `, m9 M) ^. M% K/ Z
驱动程序
8 A& E, M3 W2 w$ K0 `( }
[22j / 22jn][Stopped/Boot Start]
/ g! e' W. b3 p) {7 F6 B3 _+ T
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>) X' S+ s! E+ J% H' A3 k
[360AntiArp / 360AntiArp][Running/System Start]+ o: F$ v5 \5 A! \
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
2 ]) B! V/ {2 _% W/ T( [
[43ec / 43ecu][Stopped/Boot Start]# Q' r( @" D- p% `' n% u) ]) K
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>7 z0 G: w/ E6 g8 M
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
( d( u, L5 n# I" U3 k' d; F
<system32\drivers\ac97intc.sys><Intel Corporation>! T8 R: {# y+ a- @
[Promise driver accelerator / bb-run][Running/Boot Start] c3 D( T& j ]! v# z
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
1 K, d6 {5 l; X
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
# r- N' q0 M$ F# G8 e
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
+ p7 K( _- ]0 |% T8 G+ v0 Q
[KAVBase / KAVBase][Running/Auto Start]
4 f3 V5 S+ m+ H7 t V2 B0 Z: z$ T% y
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>( q5 j, x! L7 V# B. H! \- t }7 x
[KAVBootC / KAVBootC][Running/Boot Start]9 z' @: `. Q2 m+ I
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
' l/ u. T+ b9 x* k% c9 M& a
[KAVSafe / KAVSafe][Running/Auto Start]
( Z+ K6 C# z0 L* @. l h& d' [6 Y5 ^
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
$ v( {; O: W {7 j
[KNetWch / KNetWch][Running/System Start]
* c+ Y* D* Q( |8 B9 D% N! [" e
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
% z) u) u& R1 i# j% _
[KWatch3 / KWatch3][Running/Auto Start]
0 t: o0 c, h1 r% J' t
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>$ O+ E8 m x5 w# Z
[ntptdb / ntptdb][Stopped/Auto Start]
; ^4 a( O- S$ ]
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>! `7 \2 D* D' c9 c% H( M
[nv / nv][Running/Manual Start]
5 P# I8 J8 J9 n/ r x4 d
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>7 s/ _! P- Z/ |0 _) w0 A
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
; w0 _% V. j0 E8 L: [) u4 j, i+ P
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>2 {. K$ \1 V: ^( ]4 j: _
[DDK PACKET Protocol / Packet][Running/Manual Start]+ z5 Z/ m, ]: b% Z7 G
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
1 k4 k) D( l, \ l8 _( X {
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]' W; L; ~# O5 Q* u( m' A: [0 L
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
6 I! y+ I! S1 m7 I4 Z! G
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
, V7 x5 w9 v' S$ e7 Z ]* S
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>' N8 Y* |- R. B! w
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]) l6 M2 Y0 t$ O! @
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
. L) x L. d6 z; e6 w9 ]0 s
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]3 k# B& n$ t: ^; z% E% k
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>. m/ T# y. M& Q% X6 x& H: i6 W5 w. y" b
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
7 }/ o: f _/ E' h) `: m
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
5 W! h# V" P3 A3 ~* |+ q
[Secdrv / Secdrv][Stopped/Manual Start]. @- @ |0 F7 Z' l! z
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>5 U3 y# ^- c) h
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
( [) u( k2 w% Y9 w
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>( \! j4 [7 O# T6 `2 R" j
[System Restore Filter Driver / sr][Stopped/Disabled]$ i1 r! u, ]. e; I$ _3 j& g
<system32\DRIVERS\sr.sys><N/A>
9 H2 E" z5 } k2 d
[TesSafe / TesSafe][Stopped/Manual Start]# r- a) ]5 l; P) F$ m
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>% I" k2 i( }& b- W. X
[System Services / unzxzsrs][Stopped/Boot Start], X* S0 G( K9 h, I& v* {& B
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>) B4 R8 ~0 L& Z4 k
[ViBus / ViBus][Stopped/Boot Start]3 I* [; Z+ a0 B
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>" ^9 B' W( F% u. I( I2 a N
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
- o# i+ f1 Q1 U' b" J/ S( |% p
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
& G" p* G) l, C' \
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]. y8 o+ m% d& I9 U' q; C: e
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
# C) B9 K# L1 c1 M _$ h8 ^5 @
[ATI Extend / zhibmaso][Stopped/Boot Start]7 }0 I& Q( L j9 K9 O$ @
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
- m2 ?7 _$ I( ?9 U" Z- k3 i
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
, x- s1 r) u4 R: }& d' r9 `9 b
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
/ N }0 ^5 z9 u+ K7 x* @" E
==================================
$ Z) N* w/ E; G6 Y0 Q
浏览器加载项7 Z. }2 T( \; h7 g3 |% |
[Google Toolbar Helper]
6 S H" t# u+ u8 Y+ v
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>" M. O2 Y. e- |$ b
[Google Toolbar Notifier BHO]
7 J3 t! w1 q9 C: O# Y
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
9 F# a [0 V- Y& l8 |" j
[SafeMon Class]5 |4 h; R; u& t0 E/ o
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>* S& ]) ~& i" ~
[kingsoft browser shield] V, `7 w' _7 k7 E8 F
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>$ C& f% W2 G0 J+ X. `
[IEBuddyExtControl Class]8 n. D6 T% U8 K% q) ]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>0 O, H4 k' }2 [8 E$ F! X2 @" _' q
[Zcom 杂志]7 _9 ^. u: J7 \. n0 a
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
) t9 x5 {. e3 @7 Y7 z/ B
[&Google]* f. P4 g& @' e" e' u2 C+ W9 G- [% b
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
8 C4 V1 i& h: F0 d
[KooPlayer Control]: n" C n' @, F% `+ Z
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
5 B$ {" } U, D1 a& n3 `5 z
[Shockwave Flash Object]
3 u' T; @8 @: P
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>7 ~- ?& L) Z1 P- E; k
[KUpdateObj2 Class]
6 V! E& A% t7 k( j, q
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>1 f; t( ]$ U0 I0 X9 d5 n+ T
[Google Script Object]
& O+ }& j8 E( e. {3 P
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>- F2 N4 e2 C+ R5 j _, j
[EWA Control]
s. W$ P% @% n5 c/ d
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
: X/ X1 Q, `' Z9 @( Z1 h' q
[Windows Media Player]! S& o+ u) r$ ?& c( l8 S5 K
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
. Y; `2 s3 B9 R% D
[&Google]
0 ^; z$ w- ~( S4 n
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>1 s8 k# F0 V0 K; ]( {, Z
[HTML Document]7 E) z) y& K$ F
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
4 I6 K* l0 J; j
[DHTML Edit Control Safe for Scripting for IE5]
7 E5 c' _5 u W/ ^! \
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>- q2 _: \' p! G6 O3 {. K, l7 H
[RealPlayer RAM Download Handler]
, f7 ^! C/ M, Y {8 m) B; g' H
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
2 t1 q1 E, j% p0 B
[IEBuddyExtControl Class]
: U% f0 p, c k
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>" ?, N% o D4 n$ F; a4 }. \3 ~ i
[XML Document]5 i' p w2 V+ D) W% j
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>* p) L' `: L$ ?# c; }
[HHCtrl Object]2 w2 X& ]& ~! C/ B+ v
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>; T! ~' ~# t; g/ |1 s0 @( Z! d
[Windows Media Player]
8 u9 x* j7 Z+ G- y6 I* R
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: v6 o6 f E: S/ t6 F# k
[Active Desktop Mover]- g+ K H" |+ D; w4 N: g9 C3 h
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>6 [4 g# `* O! `* g
[360SafeLive]/ q( p! V2 w1 {7 `! s+ p
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
& D4 I' I- v0 `6 x" X0 T
[Microsoft Web 浏览器]
' S9 x7 b- z8 f
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>) g9 y* h+ I# s# _# A: ]
[Browser Enhanced Objects]& k% t& I A h P, z
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
9 [& }4 z- @/ j! J
[Google Toolbar Helper]
7 ]; f H& a7 H! ?
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 p' w5 l) Z4 [: d
[Microsoft Scriptlet Component]
& Y! z1 o- O# J& ~$ _, _, @9 h
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
& {" `6 J0 ]2 z2 |# j8 n$ h
[Google Toolbar Notifier BHO]
: s p2 ]6 |5 J
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
# u* T8 U6 t: `% J
[SearchAssistantOC]* ?& }( Q. ]2 Q& w+ h7 W9 E
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>) O! i* m" z" {/ G7 u* @; ~7 B8 f7 L
[SafeMon Class]
6 x# C: b Y. r
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN> {9 M& _7 ]& x5 v
[RDS.DataSpace]
" q5 K3 W; g% M! P0 k
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
5 p7 {6 T) D+ L$ U5 q8 E5 ]
[KooPlayer Control]: T" r- n$ I, H- W5 |. }
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
/ ]6 N7 N) v6 a2 ~8 X
[AUDIO__MID Moniker Class]6 y) j% `9 P8 k) _4 J, S
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' T& R# I3 X' d+ M" X* q
[AUDIO__MP3 Moniker Class]
) h1 K6 {; }) Q) z
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" j v) F; p% L
[AUDIO__X_MS_WMA Moniker Class]+ Q; l F: B$ f( d7 z. q# a
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
& x# n3 f: c M1 ]+ @
[VIDEO__X_MS_WMV Moniker Class]
3 ~; X1 \! X, l4 ~4 w' I
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
1 e9 `3 X6 @7 y Q$ A3 u
[RealPlayer G2 Control]8 L2 f. P; v0 s
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>. M% r# a: B% \6 e; Y) M, `
[Shockwave Flash Object]9 x, i' d& e0 n" z4 A- n) R
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>! x( n, g: \1 S& k3 f
[KUpdateObj2 Class]% X0 q9 i A! w* v: d5 R
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
" I: N, _- g- x# p1 q
[kingsoft browser shield]; w0 T2 @0 ~1 o9 l
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>: ]2 T4 m* G L6 x& I$ Y
[PasswordEditCtrl Class]
7 M8 w7 g* H# x
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>$ \; c7 A: K+ o$ `6 ]' h7 L1 `
[QvodCtrl Class]; j9 a) ]& o% k# z4 W2 t" l3 v F
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>! [+ i2 i$ V& D. n
[&使用超级旋风下载]6 ?* X, S9 o8 l1 l" `
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
$ {# {) s6 N4 n* {* q& D5 Y
[&使用超级旋风下载全部链接]
* g( x$ v- t$ p/ n8 Y2 B
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
- D/ x9 q1 O) o
[使用迅雷下载]) B, s1 w5 P: `
<, N/A>
1 r b) J; m: @- K: ?3 I
[使用迅雷下载全部链接]% g7 K9 A5 j0 D8 k
<, N/A>- l$ ~7 e5 \$ y8 B( f' G
[导出到 Microsoft Office Excel(&X)]
* p+ r/ x J! O- ]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- G k3 |# | l% W. l) b6 a
[添加到QQ表情]6 ^2 \9 ?9 M a% U, w* t& l Q L
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>" W7 k& U0 h% J4 ~
==================================& y. x0 v4 T1 k1 M C Y$ C& H4 N
正在运行的进程
) `$ t7 \/ [) y
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: M% U; ^' I, ]+ x0 {; q# d
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 K7 w- O1 M# N6 A# F! l3 W
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# J; r% D3 }5 I
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]. m# a, f4 K* j
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 @) ]: y: [$ f
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' v4 t5 B) Q/ d5 r5 x8 H4 M. d8 e
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; K( k- U/ I H( |
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
+ A; h+ T$ f8 q- W4 I( j* D& Z9 }
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ ]# h5 c* h' `! X
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: w7 u" p1 z. @+ W
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( D2 v: f! N+ X
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]1 ^1 x* f4 P E0 W) C5 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 L5 O: n4 T' k8 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 O) _# D9 f; E1 k& u
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
$ F' q2 w" `& X: O: O9 ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. F" X# Q) E$ l% v1 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]! R. n/ s6 Q+ C# o$ M8 \. R' X
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]3 v5 M6 s: e( N7 h; I
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
7 y( n- f! h) z$ p* W" y' s* b
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
+ D' `( W1 i, f0 y# ^9 y! T9 j
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 X5 K2 |, M7 T( P% P
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
/ }1 i1 m( e8 C* ?# M) ~/ h$ o
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]; t, ^0 ?/ Q7 R8 e, p5 D
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
$ d: R) R2 K/ x
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
0 s. S' i" M( H4 |: s$ i
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
* P9 `2 ]$ @0 t/ K0 o/ H, n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 O, e b- E, _3 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 e& A2 _ ^( j. L2 w& r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]2 y& J; q1 q5 v' {
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 [5 V8 R0 \/ d+ Q" h& w# w( n
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] j! q6 `5 K6 w& @1 U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 C9 s# Y/ ~4 D% k+ A' \0 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- Y: J0 y3 n- y& |: E& S4 g
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]/ G* ]) t5 S' P& C0 p
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
2 x$ ?6 m, {/ A9 { H2 S
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]2 K& m% t, P% O" u4 ~! d; h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
: h8 @7 ~, d" ^, j, [* i+ U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 @, q& k* T; q6 J
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
7 l( W/ Y9 x! U0 J+ C
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]! c+ Y! _/ [; g+ A! e( z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% B3 F6 c7 W1 {9 [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 ^' v* p' k5 C( F; Q
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; \! [% g5 R% D4 A" C) w
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53] B: l. E) R* T8 }# c7 B
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& Q" r% U' m; l9 j7 W- L
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. `- K- h p2 T7 l# M8 M
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
1 d9 r; X. s( M8 g o# |, O, N% a0 ?
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] B/ G" A' [( P; Y$ s& a$ e! C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: J2 l K0 [* e) T) Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
" M) C" p4 |7 P! l; d5 {: w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]; s% |9 X: @; m! S, M" g; b) h9 O! |% ]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
9 m# h# {+ I) E+ |" u2 z: s
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]4 ] H" K8 Y2 S6 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]! Z# @$ R* [; l+ b- S6 M$ Q0 @: i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]- J9 p9 x B& h' {$ q2 |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
X" Y% w" g3 J' ~5 A: H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]# X+ `8 D) k$ _# k* ?" T& U* m# q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]. p. w, b4 g; x" Z# K
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]& H; C. O1 c0 ~0 k+ `+ _
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
\( c) u" C6 D, M
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 y8 `5 m+ z" d) S- a4 ^+ G/ ?
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]: C$ x/ u% g6 I& I
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
0 r. d1 r6 x4 [
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( p! g4 F5 N% Z, V& E8 v
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]4 ?7 l) f. o; e* H
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
, i& H! H. k* b L: f+ V6 A
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]5 m- T* M8 v9 Y" X+ o
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
* Q4 P8 `# A% |" e9 Q8 r6 v v' Y0 M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' j9 v- R+ T( Z) w) U) g
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
/ I) [8 E9 g, i$ [2 K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& C8 E S" y, w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 t" U0 r _9 T1 {0 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
! d7 D$ g* k8 f1 Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 c( ~- ~" O- T- T
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
$ c+ Z/ T/ [- K, N$ |9 h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ h' o8 L' {7 [8 ?0 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
G) Z4 `1 f& V; l* [1 t! T1 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 H0 Z6 m5 K; Y: }( R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. B: R1 g( f5 ~: E* N
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]; W+ u/ I0 D8 M4 q" W& l
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
) A" {- x: G: O$ u! p7 P$ x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]! A5 \5 ^4 m, d2 @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; z- `) G# d$ G! _( O- B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( J& y/ [+ z- V8 H* D0 M
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]/ L7 U9 i" K6 ~) t
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
; H |9 r1 z1 T! |0 {8 F
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% \) {8 J7 B0 m$ Z$ F- G' q0 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ ?4 _7 {+ e9 O* _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) b$ v8 l8 r0 h& g' ^2 m/ [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# m9 z, T" b8 D7 ^4 [
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]/ w" }4 R9 |/ j) W2 g/ z# r j
==================================& N+ x; W8 M6 v- ]- ~
文件关联: }4 V& l0 T/ A, o& `* j$ s% {
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]( f$ c! r0 Y q6 J( N' `. K4 G3 w
.EXE OK. ["%1" %*]
) ], l+ [. \$ {: M
.COM OK. ["%1" %*]: Y/ a: e9 S1 y) T/ M2 K- c, p
.PIF OK. ["%1" %*]
u. N3 o" O8 ~6 C, F8 Y" |, q
.REG OK. [regedit.exe "%1"]3 G4 `! t2 j6 O* I' Q
.BAT OK. ["%1" %*]" s0 q/ q) {6 U* A% K. ?" O- ?
.SCR OK. ["%1" /S]
8 _/ H; K5 ]2 H3 L% R2 s" u
.CHM OK. ["C:\WINDOWS\hh.exe" %1]4 k# E: l& q. E% w; j
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] x8 c& T; P5 ~- I/ T. g
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
8 F% j, T( y. v( L3 C# P- v
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
$ [) b. |' j# }, O
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
v2 w# ~6 a8 \5 `0 w8 h
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
0 t0 Z3 D& u6 l+ Y, W; D
.LNK OK. [{00021401-0000-0000-C000-000000000046}], }7 y3 B E8 K. u0 C
==================================
: h4 p3 w- I8 B6 x1 ]0 ~3 y. d
Winsock 提供者
* s! k& h$ u9 t1 B
N/A0 Z7 G6 V2 x4 I1 ~3 _2 o& k4 _$ f
==================================
- D; N0 R2 ?2 }5 ?
Autorun.inf9 b) h6 R0 H& V& p0 `! H2 ~, Z
N/A
# v8 A3 b0 y( u8 N) @4 v- N/ S/ \5 x
==================================+ t) X) b: y- V8 h' G
HOSTS 文件
) e, i2 w- f" T- H( n% ~
N/A
$ }: X5 m3 A, Z+ K# ]5 B6 Q5 X3 x
==================================
$ _8 x; a2 M, H0 N, \9 a {
进程特权扫描
" m! K, g! p, H3 {/ i& ^
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE], B$ V9 f% e v8 I% |$ f5 a) D
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
. h( J" d0 k! E7 @6 \$ d
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]& h$ p! E! a5 D: [: `
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]/ Z/ H2 {: K8 G% O$ [) l! U8 `2 D0 [
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
% b$ O* y _! X/ g, ?
==================================- o' j; T6 v9 H! z
API HOOK
$ f0 _) {" y" ?! V! v. D+ E
N/A
. f" X9 }$ U) T
==================================" R6 O. _: @( D; }
隐藏进程- G* d3 p8 u' k0 V
N/A
% O, l: m. X0 {6 C0 j5 F$ z' o
==================================
& d" Q4 z' Z' {, z+ p
) E! {5 L6 h8 w8 s

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115