在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

- \4 ?4 r% l3 p N& y3 O( y
2008-05-22,20:37:43
* M1 B i% Q, i0 @
System Repair Engineer 2.5.16.900" K$ a* A$ |' E6 B- J9 j$ k
Smallfrogs (http://www.KZTechs.com)
% H9 S# X7 x7 i- c5 F
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能' [$ L/ p9 n: H8 l+ @1 h
以下内容被选中：( _5 C( C( L0 Y B% L/ k
所有的启动项目（包括注册表、启动文件夹、服务等）
0 a+ r5 z4 |$ C/ a; w
浏览器加载项; T, U3 c9 p1 i/ W' x
正在运行的进程（包括进程模块信息）
+ F/ M. ^4 H- Q o. x
文件关联
1 R1 s; H+ C, E. B
Winsock 提供者
& a" E# l' K& o9 ?, r
Autorun.inf
! z4 \% D2 u1 ?3 i; I% M! z* p% Z
HOSTS 文件) e; g( c. j8 P# |! |+ ~5 Q- |6 U: P( \
进程特权扫描9 W1 Y" w" F5 y2 _& ^2 ~
1 e' X k3 U6 ^# c
启动项目: k# L* |* V3 y% B( @! Z
注册表9 p" V! O+ J: o6 N9 a6 c
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
# k& P0 a4 c3 m6 h9 T7 ~+ \
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]! @4 ]6 p+ }) p5 Q8 k3 C
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
2 X2 `' x: B6 `
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]% X( W) I+ H4 ?9 a+ b! G3 [9 k: D8 S Z
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
2 `* e- b" B* O& H- ?) ]. G
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]4 }; b. o0 a% z! D* O, `& U% ]0 V
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
* y( H- [0 t6 I# }0 j
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]0 K! N @5 D: d: M- q: m
<PHIME2002A><; > [N/A]' a8 S6 g& n: s7 e
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
: b9 e. r" [2 L0 D+ N& d
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
8 f W" ~- @/ ]% l6 m$ j; L6 }; i
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher], D4 U' w. Z7 t1 H4 @ v! o& w
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
( |; }! A8 b v
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
! I# _$ M& R& I0 \* r2 M
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]; k5 S4 Z/ p* B5 O0 ~# ~' B
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]7 W4 c- ^1 E& k$ \4 H! C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]6 G; S2 O5 z* E* D& s* l3 V
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]# S a% i2 _, P; w8 r* V. R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
$ s Q5 A! ^0 x% T, k' Q) j# y5 @
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
3 Z. H, M# T$ ]$ z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]. m- l% V% ~0 Z5 F' ` H/ |' w% S0 n
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
% G( U, d2 t7 T5 ?, a* X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
) |/ k: t' U( _+ ~6 w9 x% Y
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]1 T% t8 T% i1 a5 e9 f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]1 K7 s0 \: c( Z
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]$ n0 y2 u' D9 A( [4 L$ `- p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
: ?8 U* o3 u7 ^+ Z: L' g' T
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]3 I& B$ a+ j8 Z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]2 i5 z) B2 }% h4 }
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]/ A: G5 i% h; H7 J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]! ?% T A, } [( ~! q/ u# H3 G; x! R
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A], ]" R# o1 ~! d! x2 b$ o
==================================
0 @9 w. p* G* a5 V
启动文件夹
$ p8 P0 o( Y) j( o5 ? n3 b
N/A: ?9 N4 G% x( n: ^# C
==================================
8 B2 |- |# n; z- r
服务
: A3 J3 O% ~# m
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]9 m0 n8 \. J& e$ I2 ]
<C:\WINDOWS\System32\3wareSrv.exe><N/A>6 f5 q$ |; I: A& f8 ^. [
[Google Updater Service / gusvc][Stopped/Manual Start]
: ~( W9 q! I" k
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
( P/ y, P" R4 O/ c
[Help and Support / helpsvc][Stopped/Disabled]
. ?7 n9 ?4 A6 S i
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
- C. c4 w( a+ ~# [. A* [& F1 p
[Human Interface Device Access / HidServ][Stopped/Boot Start]
7 x4 h* B+ A/ Z/ n$ U" _
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>- Z5 Q# I; u+ \) K$ M
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
* C9 U7 v) M# I Q/ s
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
2 S) O* @ l8 h# ?1 W2 E
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
. J3 A( O2 X4 `- `; N. M2 d
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>2 h: w u$ q4 T
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
! i( i0 P, ~' O/ g {( h
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
1 @4 Q0 J G% n: m/ @0 p0 S
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]- d4 ?5 H! O8 l% b/ w
<><N/A>
4 \4 T( f% p( i2 N8 _( k
[Qvod Terminal / Qvod Terminal][Running/Auto Start]8 V8 S/ X" I$ `1 l6 B" N
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>3 R" j/ R) B0 ]( ~: O, H3 |
==================================
; g: ~8 X2 Z) v/ f
驱动程序' }: K2 I, I Z V, ~* |
[22j / 22jn][Stopped/Boot Start]! h2 ?. \# N7 F- D
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>! c* C6 l6 [7 s! ?" S1 F
[360AntiArp / 360AntiArp][Running/System Start]
( E1 T, L; m. X& {
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>2 K; x/ p4 Y* M% ^% K
[43ec / 43ecu][Stopped/Boot Start]' i% a6 R3 ]: B X" ? c1 N
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
/ C3 R1 ?( Z1 n: R/ _. O9 d
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
3 X( J- W) f+ M# c/ p
<system32\drivers\ac97intc.sys><Intel Corporation> ^4 K% G4 W" W5 K
[Promise driver accelerator / bb-run][Running/Boot Start]
! b) w% O6 ^0 I
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>/ c Y! R& i* t3 |# u& W4 `
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
5 |9 F( y: z, t
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
+ A& w( A' R5 J, X5 a
[KAVBase / KAVBase][Running/Auto Start]
2 e! D$ S0 b( R* x
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>* _: I$ p7 {7 ?7 h4 ~# Q
[KAVBootC / KAVBootC][Running/Boot Start]
* M" }0 z. n. j. {, ~: V$ |& K( b
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
& h, N- Y) O, ?/ q8 G( {7 e5 F; B
[KAVSafe / KAVSafe][Running/Auto Start]
! I# Z( `- Z a8 b" ?/ g
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>6 P/ M/ O1 f! w/ u& |. p3 D% H
[KNetWch / KNetWch][Running/System Start]
; y- H0 p$ Y2 s( k1 C3 M x/ e
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>/ e1 }7 L* O/ F
[KWatch3 / KWatch3][Running/Auto Start]$ C0 Q: e9 ?1 y6 m9 Y. a
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>: @7 Y$ s# ]- W& q4 f: U- t) `) h
[ntptdb / ntptdb][Stopped/Auto Start]
3 v6 p+ ^, W' r3 D. s
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>- G6 x* g) }8 y: n; W
[nv / nv][Running/Manual Start]
, k0 H9 w6 B/ j, e. D/ X
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
2 h' p' M% x3 _$ r
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]2 ]& A9 m- U# D0 a% i0 f [
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>/ ^9 w6 K, P# E! y* z+ H
[DDK PACKET Protocol / Packet][Running/Manual Start]
) F* \# |, R0 [$ W; L7 F; p
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
* e8 a. g' H- L0 h
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]& r; S# ?- h" T+ V" s3 x3 ]8 F) u
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
9 N. S7 m0 i9 d& u% M
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
! w7 y* K5 f" I) \
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>, w. v- P8 K( h# H) ~6 ^, A R
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
% s- ?5 {$ V) A i8 K) E! J
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
2 i- ?3 v9 O0 k' ]8 o( z& n3 @
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
0 g4 E0 t/ ~: [
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>7 \1 l5 {2 [0 B/ T, p
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]" o3 T1 \, s1 K% C0 {& D
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>' n! c# t2 Q! G
[Secdrv / Secdrv][Stopped/Manual Start]& f2 b+ H* \; T$ g
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>( s* ^' i3 H# ^+ o
[SATALink External Device Filter / SiRemFil][Running/Boot Start]8 L! r3 ]4 B. [& X: D
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>0 A* k" n0 B# E0 v8 Y( r, Y
[System Restore Filter Driver / sr][Stopped/Disabled]
5 E% t: s0 J9 D" j
<system32\DRIVERS\sr.sys><N/A>
$ k& i$ j1 g4 R) j. c! Z
[TesSafe / TesSafe][Stopped/Manual Start]
' }( i5 i2 ]* \# H+ W5 N! p* U
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>/ |* `' Y3 ~4 `! s& L
[System Services / unzxzsrs][Stopped/Boot Start]
; d6 z# [% O ^3 H
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
( d0 M$ ^8 K5 h! c3 Y( Z
[ViBus / ViBus][Stopped/Boot Start]& O3 E( q+ H8 y, \
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>5 x4 H. m' \% I5 N6 |5 V5 @
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
/ z4 f. i: X e( |. I* i1 X% P
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
* g+ R, r: `& [- |6 h- z
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]; g4 e: W, ?7 n$ n2 R0 w+ `
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
% M1 G% I- k3 `
[ATI Extend / zhibmaso][Stopped/Boot Start]
" T6 U7 f3 i. x2 `
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
- _) y2 N! L( B& K6 _& s7 x
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
. Z6 e5 z1 ~# E
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
( {' Q/ x N3 o0 X( s
==================================
, r; [6 }9 k8 b; I- }
浏览器加载项0 v" e1 l1 `$ N- e. S+ L6 w
[Google Toolbar Helper]/ }3 Q( O/ q$ J P& |
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>+ j, x& ?+ ~2 Z2 S( D
[Google Toolbar Notifier BHO]. {5 Z0 P$ U7 R8 C
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
- `+ P- O, E) J% @/ n$ b m
[SafeMon Class]. f4 @8 l# A1 V" H
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
( K) f" C" I0 C4 {
[kingsoft browser shield]$ E$ e% c* _( G3 w* a
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
" T! Q/ Q- S0 s" i4 Z+ s( Y# L
[IEBuddyExtControl Class]
- K) p7 M( d6 g) ~3 j9 z4 J
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
0 j, H& s( w( {4 d& w6 z) B4 h
[Zcom 杂志]2 H- x4 D9 I8 Z7 t. V+ y' g/ Y) S. w
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>3 b/ g/ `3 B+ m( I" d
[&Google]
" a: s. S& B6 w0 i
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>7 j0 h2 J) z6 I$ y7 z" w* Y' i
[KooPlayer Control]- s" F6 v# B) O% l; J" U, U A
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>6 V3 N2 e! A, |! ~, }" h; j
[Shockwave Flash Object]
" V- h" w& ^4 K. e& @9 A1 G
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
. T- G( d8 g$ [3 K
[KUpdateObj2 Class]
Z3 Q4 H' \$ W9 Y p
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>7 x' y; s# m! o" t! |
[Google Script Object]
( M, R0 t+ L1 L- ^, d: g
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
2 Q7 q! u8 S `) s! S6 F0 e4 Q
[EWA Control]8 `; a1 K8 q6 L; @: B! ]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>2 G3 \- z, z1 e1 p+ l6 \
[Windows Media Player]3 l$ y. \! x: S6 }$ S5 }
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>6 P) ~( c" o3 A- y
[&Google]& u8 H2 |& R. A, l
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
' T0 d) z* C/ L6 E+ a4 g* l
[HTML Document]" I+ ~' w b1 x# y- N8 g
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>2 Z7 V! u# V. C
[DHTML Edit Control Safe for Scripting for IE5]
- ` Q$ m+ \. Y8 q2 P: O" @
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
; L! I! G! e4 Q# n
[RealPlayer RAM Download Handler]
1 V2 N8 Z, r/ v3 ^* k* S
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>/ }5 X5 b3 W3 Y% S
[IEBuddyExtControl Class]1 n6 Z( I: \9 J8 M" c& a' A5 g
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>5 V5 @# l2 Y0 ~4 A4 e: I
[XML Document]
3 A" D$ ?5 u9 p8 N$ d# Y# x
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
" w: L& C1 ~+ F7 G7 p: x
[HHCtrl Object]
' C* i$ X3 c1 x0 Q+ j; V1 ~
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>7 b7 s: y, o6 i# ]4 j; e
[Windows Media Player]8 ]1 n$ u, Y; e. J1 y2 ~$ _2 h
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>3 Z4 a: f' J, z7 j8 _
[Active Desktop Mover]
7 p h: k) G2 i# N+ `
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
7 X! L$ q: `- I0 C
[360SafeLive]
3 f, `( T7 g, E( F0 \4 F, n. t
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
) h: f# q! v) \, c. v; q
[Microsoft Web 浏览器]
' D2 X" A- j! J1 j
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
# F! I* p' J7 q9 _* @6 y( I2 D
[Browser Enhanced Objects]
3 @) E: J1 l+ t6 L! x$ W# ?6 G& S
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
) b7 B2 d5 F4 O; A2 P
[Google Toolbar Helper]- U. D7 `5 Y% N6 ?4 t
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
9 u1 M- B2 g0 h: D
[Microsoft Scriptlet Component]
( T: H2 K6 Y: Q0 W: K5 t
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>5 D1 g. I2 x+ e- A- ?5 h; ]
[Google Toolbar Notifier BHO]3 V1 R. W5 v6 q' ` }
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 c" ~; ~0 S2 a3 e
[SearchAssistantOC]
4 A5 ~8 P3 u$ {
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
: T- g0 Q9 Q( H7 G; }
[SafeMon Class]
* V: p7 l1 s7 ^
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>3 T' d3 e+ Y# h& Y
[RDS.DataSpace]
- F/ i, H" {& S5 ]% l
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- Y: ^2 f% [! f( w% u0 o" c
[KooPlayer Control]
. e$ F5 y8 F2 d2 n+ n3 _4 [8 w
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>: V& J# t0 W1 p
[AUDIO__MID Moniker Class]$ p& M; |: I. ~/ J. ?- `/ d1 F
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>( o: q2 m6 F+ L) S
[AUDIO__MP3 Moniker Class]& s, F. \( S3 l- ]5 _4 _
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* P( [. M# \, u! y
[AUDIO__X_MS_WMA Moniker Class]
' T: R% ]6 ]6 v. V" D
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 P8 I, N) v: c3 k0 \, x& o7 {! D
[VIDEO__X_MS_WMV Moniker Class]/ p W' ^$ K- H4 I. W5 ^# w
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* I& _4 u, V, \# o9 ]
[RealPlayer G2 Control]1 z# L) M9 f$ f$ c6 M% h0 e
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>. b$ r: C% A' z0 z6 o
[Shockwave Flash Object]
: b- K5 y4 U3 [/ ?3 I( @! |
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
7 Z; f& i4 S! g
[KUpdateObj2 Class]
6 O: x, l! V; T4 T9 a0 C' ]) D O
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
- w0 `8 G. a7 A! X. }
[kingsoft browser shield]
* j! U3 X7 `, P6 z
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
5 o2 g c8 l% ?3 Y# A
[PasswordEditCtrl Class]& w1 o; }: K2 P2 ^, D
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
; x% |/ [: x9 z2 I" i' s# o1 f
[QvodCtrl Class]
( T9 Y0 j' h o. O1 d4 r# V# d
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>: A Z) c; \1 v3 u( j
[&使用超级旋风下载]
' o$ R# q" X$ C
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
9 B: {9 E0 W! A2 ^1 a
[&使用超级旋风下载全部链接]# U. W% _9 w2 w* z3 d
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>, d' O/ q+ {+ d
[使用迅雷下载]
; b/ t( ?; W0 _
<, N/A>
' R p) A# d7 V% H
[使用迅雷下载全部链接]
' ~9 T8 W! D2 s4 |% S
<, N/A>& D1 @) @( u" D" ?$ B2 k
[导出到 Microsoft Office Excel(&X)]# l3 z+ ]9 K0 z4 E7 }2 G3 x
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>2 p7 |- |- ]; W: L* J. l: A& f
[添加到QQ表情]4 t/ F6 ~. g# M A
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
- }; d2 k" K/ G1 M, A* ?; w5 T9 p
==================================
) F/ R e6 {: V& w2 x c
正在运行的进程
0 i# P8 T. u# i+ E& l4 k9 [
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 {3 w B6 |3 T8 I0 M" |: y
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% k3 {- E, w& A( ~3 D8 z/ V
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ o5 G9 M* e6 Q0 z; A; O& x" h
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]! V0 a$ |- v# m/ b' H
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], v. v! x; F- |, H" T/ e" G
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ R' @ k6 Y- h! ~7 q- z
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) `6 ^; ?' e1 j3 r2 O3 P+ U
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ }' w" A" {- g" I+ J$ S; O+ X: v
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. f* _: A1 E) k5 y3 ^
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ v# p% _1 Y) y* r5 d
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; f' V" u8 e7 G+ R( E
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
- X5 c/ }$ K f: K) E4 R' f9 C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]1 ^( C( E& m- \- m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]$ ^7 a! z4 G; b) v( g" o
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
+ Q, H" K" f" C) I) W7 O- t- g
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 r* ^9 v2 `" \0 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
" N f( a+ S0 n
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]0 g; Z( ^' ~. ~! @7 u4 g
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]! Y7 o9 N( h* i. ~6 c0 h& s
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]: z+ Y2 ?% D' L7 P% f$ H# K
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]! A2 }: I; j( W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 `! q6 U& k* }5 k& e/ \- I
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
1 N7 o3 U: n' W g6 a5 E! V6 |
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
5 ?( U5 d; `: S! V/ M& w$ C
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
{2 t, G" y# F/ G; |
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]2 L' x1 F: q( y4 R
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
" v1 h6 ?$ V! R: R5 o" L9 X
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% J1 _* O+ ]4 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% ~" C) ]1 O2 V8 _; n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- L1 Z0 B2 \) O8 t8 J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]$ U& @" n# P* H2 T; A
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% Z. Q/ @* H5 X3 @) j7 `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 ?* ?, a, H, l0 ^# _9 { Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
+ o3 o3 V$ h2 r$ ]3 l. c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# P! @+ x. o5 l
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]( ?6 n7 S) h" n9 ?" k' c4 h1 A. t% X
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
7 c. O& T( \. L% p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]3 k0 _- ]) B' F) t5 O; \; |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; G% s) g1 Y1 n, }6 R
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]: p2 {5 C( P4 | g3 k3 i
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]- u# }! ^! f7 N" R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% K$ M# d* ]/ W3 ]1 ]* A
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 j: C1 T5 U# T1 B
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ A7 T& N2 D8 q
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]3 C9 R3 g7 w, ~8 O
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 R9 ?: T7 @% @+ R7 ^1 H+ i
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], H' ~+ }* _7 @3 _! u$ _2 d
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
6 u1 a I# E5 I; O/ C, j4 D4 _: I
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
$ ?3 T7 x% ~) N
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& q' F4 u4 b h4 L' P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ l, V- l- x' K4 o( X8 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. \* t/ A6 ] x/ N
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]8 [) O! z" C# P0 S
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]0 l3 P& r8 H; a" l5 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
* P+ h! y% p9 @% z+ O8 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
. i$ { K* d/ y3 z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
0 q! n* I- z1 d' \! v3 w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]& m% R6 w: @3 U0 m a6 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
8 O3 k6 E6 {, H+ O/ j& b
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
2 B- K* A5 A; j/ `. p
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 Z" h1 [- }5 ~8 `7 R, ]
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]; v" f V' @3 V5 @0 A
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
$ ?# y* _* T2 A8 Q
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]. _) O2 k8 `. o
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] J- _9 R4 _9 L7 O2 Q) ?
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]* ~" ? N" |6 p1 X5 m
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
* H/ d8 }# R; x3 O
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]/ M% E9 N( E- U
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]. R7 Z; @ X! S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' O; [/ p. v* }. Y" k
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]+ G# {- _, o2 j, f; V+ A& m1 }& k
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 b% k) J' W) ^( N' w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( j4 b/ | a0 q" q( l! d; I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* b; L9 m5 [' r# V4 w) {# U
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; y& a) {7 }( L1 b/ o# y( e
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
: l8 [" H! X- n! r- ^" o* T" ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. {4 J6 m% z# S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: v# P1 B4 O) p2 s1 W& c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) J" v( T& e1 d$ [0 I* Z4 b- D
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ [% n! f3 _9 A7 R8 e9 g7 J6 s
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
0 M7 v0 y, z: K! T& `5 c" q1 M$ h
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]1 J0 y. ?! C! S& c6 y# G
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 n( V3 ^5 c+ ^" C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
* U% T8 J* }, H/ L' E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( w' ]: U2 T) g9 Q" c; L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]! f- I t" x+ Y4 H+ Y9 ~. M5 t
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]; E3 \; b2 x9 f7 r
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& }3 t% K6 T. b/ a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 _7 M+ f2 Z& W6 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, W+ v- M+ _, A v( V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 u9 D7 G# I: v S0 i
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
6 [" u' c! \0 E+ `' K: s: @
==================================
5 z- ~" y4 c* o; A9 b
文件关联6 p/ X* S+ X6 r3 |2 E: b" T/ @
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
" {. Y6 C6 v6 I, Y
.EXE OK. ["%1" %*] t$ b& Z$ c1 u* C+ \
.COM OK. ["%1" %*]
3 G% I, F8 m% G: z" ]; x8 O
.PIF OK. ["%1" %*]
" H0 I! W3 z/ c9 _+ ]
.REG OK. [regedit.exe "%1"], d9 |. I3 \+ z2 j. t8 O! [
.BAT OK. ["%1" %*]
2 p8 z% o$ X6 C4 c% m3 l/ P4 @. h& k
.SCR OK. ["%1" /S]
1 O7 ~& i1 Q# U( l" B8 u! \; s: O
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
1 {1 c/ m+ E+ x/ V$ S$ _$ I
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
1 N& X; h3 t5 C9 `3 J4 I
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
5 ?2 U! O3 b3 T& B. ~0 Q9 Y* ?
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]: \ ~5 k) @2 C8 L( k
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
4 A* i! b# G& A0 s- |
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
8 ^5 g6 f. A/ ^4 M0 @
.LNK OK. [{00021401-0000-0000-C000-000000000046}]+ L$ ^1 d2 q1 ~% x' {
==================================9 N1 o2 Y1 b8 V9 e& D, O" q
Winsock 提供者5 p3 C; P; r; P( t6 d# t
N/A1 ]/ i9 Z, q1 S, x' c
==================================
& ~0 e7 v4 T/ d6 ]
Autorun.inf. \1 m& f6 m% R
N/A
1 J# f# }7 U/ C/ v2 W: `( r8 k
==================================
HOSTS 文件
; n5 j9 j) d- F6 g7 \: K
N/A. f0 Y$ S' \& J
==================================9 g2 c9 x2 d" P, o
进程特权扫描$ Q0 Z, @0 {7 P
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] _4 K8 @7 u9 [9 [/ M8 W
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
6 I: V8 _. T3 z
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]* M+ C2 S/ t2 N0 e; S
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]0 b1 x, T3 ~- A; ^
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
. c! Q6 ?1 a! s0 @5 ^& J5 c5 b. B* g
==================================1 F5 T4 r- S+ O- m$ V
API HOOK- o) C8 x" W/ y. y) Q- {
N/A1 ]4 a1 l7 u7 I' G; z
==================================' A4 t7 H4 T$ S% z# @
隐藏进程
; ]4 k) N9 v& V3 v7 U
N/A
; c: Q% ~/ {$ X/ E2 x6 {
==================================7 [; y$ p7 U- \. W3 }
) N* p9 }$ |- x0 ^( G; G

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115