在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

( }( ~, u; ~/ J9 y) A( A: W! N
2008-05-22,20:37:43
* \1 ?7 Z/ b5 n+ V7 T" a, g. M, g
System Repair Engineer 2.5.16.900* @8 J* i% z) h1 o
Smallfrogs (http://www.KZTechs.com)
5 d+ R1 v: C% N% u3 N
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能% W% l' ~9 N, M$ \5 i
以下内容被选中：
) ?2 R% k1 k( J1 I) Y
所有的启动项目（包括注册表、启动文件夹、服务等）
$ X- V6 w5 ~! F8 {/ z" f
浏览器加载项
. E5 z' D# ?- t- ^
正在运行的进程（包括进程模块信息）+ i: [. U/ M- ^" r! G. r+ i
文件关联' _4 q Y1 v7 j: b2 [
Winsock 提供者6 j& J3 B4 G; y/ J
Autorun.inf, f n% B/ s! B0 d" z+ c
HOSTS 文件
0 o' E, Y! J; o3 w3 \* j& V
进程特权扫描
* T7 s& E5 Z# N. D6 F- ]4 |
3 I" m, ^* ]5 p) x: {3 }( J1 i
启动项目
1 _$ C6 k9 o. `: D7 {" [
注册表
9 @- B/ P, e& x
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
7 {( D) }3 `1 O! @3 \0 Q# m6 U
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
$ Z! P( j5 I7 N
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run], I" ~9 @- z9 Y: V3 q# Z) g
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]% j# u. e1 c. h/ W# l
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
) D0 I5 i' a' K% b0 f+ c
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]8 o' |8 p2 m* s( Q
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
B0 v8 o, K3 O1 m' z3 g
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
2 T* s. \& Y$ q! ~5 \2 F6 f1 {9 \
<PHIME2002A><; > [N/A]
5 F0 Y8 p1 e9 w! `# l0 }
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
/ }- ]) l7 b5 v
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
# a6 ^6 ]( c( ]- \9 j* y- k
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
1 o' Q$ s& l! R% Y/ ^, o
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]" K5 x$ q8 P& f- m7 k. t4 ^
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]- ^9 O, e1 v5 u! W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
8 f% p, J; ?8 D
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]3 `% h( _& ~1 z" ~4 o! A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
' k8 x9 i/ t4 w: X' g' A
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]+ l& z* }/ N; P# H+ A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
# k( g P! `! i1 j3 H9 ^
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]3 {6 M4 @7 f0 K, J0 V7 N: y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]! ?$ |& f* {3 D/ z+ o, c2 s
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]$ o* Q- Z. e/ W' s! l N9 X7 d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
3 i! D, o# y" X: a
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]; _# |) b* h$ I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
; v& N$ B1 V6 H) f+ f+ O
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]% i5 K; p F) y7 h2 _) \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]0 Y& P6 v/ P$ i1 p5 @- S
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]! v7 i$ h4 e* }, @! g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
. s# j; l1 F/ J H4 t& w- W3 N
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]& E3 J. t D4 y% P( O- V" J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]( d( k: v8 t, i$ F4 r+ q, ~) R' T7 A
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
% r+ f0 Q6 H8 m2 f3 o, b
==================================
, H# A- p& w6 [1 z/ Y& @
启动文件夹' q- [ p* k5 }3 X) T9 F
N/A' A g$ u. ^/ q
==================================* u7 g% B+ X) ^/ m" F5 w% z
服务
; {. q$ y8 _7 h! I2 p* G& ^
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]* J+ M7 R% p, P' j1 T3 _
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
6 O- t0 ~# Y0 B8 h' O
[Google Updater Service / gusvc][Stopped/Manual Start]
7 C2 e% s# u& m, x, v1 Q5 r; Z
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
1 g5 M1 [- o& F0 _0 Q8 Q! y% P/ }
[Help and Support / helpsvc][Stopped/Disabled]
4 U; S2 s/ y9 k0 x) u! h4 F
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>2 c8 X7 Z. s1 w2 Y8 r2 X0 c
[Human Interface Device Access / HidServ][Stopped/Boot Start]1 O8 e' ]- N6 R9 g1 s1 A
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>, Y+ y) B7 j1 w
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
! o) L* d e ?9 d, b) ~
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
2 f7 a/ ~9 q: |7 O$ d( G
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]3 Q( ~; x- n: F0 u. S
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>- Y5 ?' K8 b7 `: z, F
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
9 {. a+ N: W2 x9 O, }1 e$ U
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
2 V9 V3 `1 j0 M& r
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]$ y8 \+ L- R; `/ m+ Z( V
<><N/A>, c$ k. t5 m. L; K/ g/ r8 M; W. v
[Qvod Terminal / Qvod Terminal][Running/Auto Start] k) d" u! B6 F) m2 p, T/ L _9 N' S
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
+ y1 L7 y+ R% |7 g- m8 M: t
==================================+ \3 T1 f- I3 O, r2 D- e
驱动程序! H2 x6 [9 J* C" y. |) F
[22j / 22jn][Stopped/Boot Start]' |* n }4 s8 [# V- Q
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>1 k S) u1 h& C
[360AntiArp / 360AntiArp][Running/System Start]
" w" c! K4 e: y$ `1 Q, F: X$ I7 q
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
6 N6 b2 ~: D) N9 J2 Z
[43ec / 43ecu][Stopped/Boot Start]9 t: R* E, y! F3 m: n
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>9 B0 M+ O- ^) o; M
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
7 V2 m7 ?: X b
<system32\drivers\ac97intc.sys><Intel Corporation>0 t: Z' Z+ O( v: S9 L
[Promise driver accelerator / bb-run][Running/Boot Start]
: g+ \( I8 p3 v# W& }# b
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
7 M! q$ O3 M. k2 T& e0 G9 X e+ d
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
( B& p8 X$ V% [% Z# H3 w% m
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
3 c2 x8 b, J) B+ w1 f6 G1 F. [
[KAVBase / KAVBase][Running/Auto Start]5 J! }7 o( `2 L
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>- Z7 V. s! x" K$ h) o$ F" i/ A
[KAVBootC / KAVBootC][Running/Boot Start]
* z0 f' J1 K: L* Z5 D
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>; E! z* ^, {3 v$ _- `$ v
[KAVSafe / KAVSafe][Running/Auto Start]- A/ Q/ K7 }7 V; L
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>+ Q) d5 J8 M T6 v4 l
[KNetWch / KNetWch][Running/System Start]
# `/ ~1 N: [8 b! N* x% i2 ]4 X
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
, M% z$ U# r8 w C/ J+ U8 c# G, t
[KWatch3 / KWatch3][Running/Auto Start]# ]( e& N8 z4 ?2 s" S3 q8 V
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>% b4 H2 J" V/ Z* f! ?5 e
[ntptdb / ntptdb][Stopped/Auto Start]
) }5 v$ i9 k/ X
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>. ?, [/ A7 @! k7 d& x& [3 k
[nv / nv][Running/Manual Start]
# K2 l: a0 f* j/ u, t/ o
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>) \; H& L- b7 p# I5 K4 a( O, C
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]! t& q; W2 x c
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>8 Q' W) @$ I9 f* Z2 l
[DDK PACKET Protocol / Packet][Running/Manual Start]3 O) V1 p. a' H2 [$ y+ X1 Z9 ]) K4 D
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
6 F6 G0 m4 [8 G9 A
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]$ I) V8 R5 N, @. R& n
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>: u) R% G) a& L, r9 U5 [& A
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]4 l8 d% F* F3 p3 }; d: \
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>1 n! m! _; S g4 I% H
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]% p3 E# N. u) u% \$ @: C' O6 t0 \
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
( F" ^- |6 g: [1 o7 y
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
8 e+ ~: P' r& P
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
: k, _. P% p8 I! P. U9 t" R
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
y' a9 L* p( w/ e* c
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
" l9 U9 D k+ Z W# |3 ?, T4 u2 ?
[Secdrv / Secdrv][Stopped/Manual Start]
; D* m3 l& n5 F$ F: V2 {
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>4 P6 f" P' \) O8 B; C; s7 U
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
6 i! `1 f) [. `" ]/ j# a. B' |
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
% W/ X! k b/ T# n) H3 x# M" T
[System Restore Filter Driver / sr][Stopped/Disabled]+ C$ w; P* J4 d3 k& E" y4 b3 V
<system32\DRIVERS\sr.sys><N/A>
% y$ P6 m! R) ?5 M; ~2 o" S, U n8 B
[TesSafe / TesSafe][Stopped/Manual Start]
+ C. B2 S6 x6 U8 g% i( U' M4 v
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT> N6 m1 t& Z4 M" L6 K, A* S
[System Services / unzxzsrs][Stopped/Boot Start]
9 ^5 ~ Y& y! h/ w5 R
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
7 n# {$ _' Q$ P9 X0 q
[ViBus / ViBus][Stopped/Boot Start]5 X D( @+ v! L& W! P- x) p
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
" X2 _, \( c1 w6 L/ w7 F) R* x
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]/ D& Z8 d% G" d: G; x9 B
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>6 S) a3 z- D3 i4 f1 z2 [# g& b
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]3 \: ]" H% U- q& `2 F6 o, A
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
) O$ c1 C1 v2 \% C5 k0 n" P
[ATI Extend / zhibmaso][Stopped/Boot Start]& C) v+ g, f0 N; b$ l+ w& G/ N
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A> M, L/ _3 R/ h
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]# e6 d# z: }' m; J! s. x
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>0 H1 J# D, ~& k9 P6 o( [
==================================8 D7 C5 B1 I! l! o% e: m8 s. j( b
浏览器加载项2 k& n q, s/ s, t7 A% f
[Google Toolbar Helper]
4 L" k I3 d4 g; U% p9 v+ ~
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>" z5 f9 k, _- b7 Z8 c
[Google Toolbar Notifier BHO]9 t; D- |; n j" b1 v
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
& b2 s7 y+ i4 ]( D# ^) b1 @4 G% h: n) ~
[SafeMon Class]
& z$ I7 w( @" Q# h p
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
1 u; N1 L; ~/ Z* m
[kingsoft browser shield]$ t! f$ z% z9 M2 T ~$ A$ ~3 r1 ?
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
& M- U# V& O; z9 y
[IEBuddyExtControl Class]8 w7 T, D8 o7 S/ F! Y/ R0 j' ~! l. a
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
; U; G8 L' R0 e. l A
[Zcom 杂志]
" M* b- y- y; f( ?7 C$ r
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>( q# g, o) W# n
[&Google]1 F0 {' X% z( a6 ^2 \0 ?
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>- [" R# Q7 A4 a4 P9 C
[KooPlayer Control]4 X4 I/ x7 Z# v' R9 g3 W' s2 {) S
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>3 [+ w; j" d/ b- h* G
[Shockwave Flash Object], J i& G& p o7 h
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
: w1 [7 o! g6 O% J2 r5 ?" d; n; B5 L
[KUpdateObj2 Class]
E i8 k* L% A- k9 ~# q
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
4 }7 o9 G- ?0 p& T- T t1 ~
[Google Script Object]
0 @$ p! y9 [- L9 {3 I& ~
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; p" l- C4 O- N9 W8 V- d& [3 H
[EWA Control]+ w: X& j; d7 m8 {, e% U
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
4 i7 R/ @- c& u# \3 v
[Windows Media Player]1 V5 @, r0 Z8 t" K/ w3 Z" k
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>8 |' ~3 L _- T3 i9 W3 \6 A
[&Google]3 d3 U5 T6 G/ ~/ s/ w# e
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, ^( @' \) b: c9 _# Q
[HTML Document]
5 D2 J1 ?8 R( D2 V1 W3 v
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>/ O5 R0 `6 i) Z4 Z( d
[DHTML Edit Control Safe for Scripting for IE5]
- j% p) M4 W9 E& Z. H; O6 Y
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
8 g" z- L9 d. P: q
[RealPlayer RAM Download Handler]
6 T% U, ^! M( E: N# U
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
- H( J: U5 M4 {- @
[IEBuddyExtControl Class]
8 \: W. Y9 l9 f1 |' {/ E
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
) n g; ?0 _9 ^
[XML Document]
" x0 b% \, I0 `% v
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
( J8 J, N ?5 ^6 Y
[HHCtrl Object]
: w# v2 ^2 v @
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
) y! D0 [! \' P# k; |4 R" }& D8 N' G
[Windows Media Player]
$ T" R- `) g1 d, G/ U0 C
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; P! I. r" U, u6 I$ J$ \
[Active Desktop Mover]
0 k) X& |5 t1 g1 ~" Q5 \
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
! j; x3 O' u7 q
[360SafeLive]
) c* f$ j4 K9 D
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
. C" E0 N7 v3 m4 ]) J
[Microsoft Web 浏览器]
, h8 `, z5 D! K
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>: l9 Y+ ]! o4 f
[Browser Enhanced Objects]' @- [% h- L& ^+ ~) f6 q- p
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
; c7 O. Q7 j$ X9 k3 A
[Google Toolbar Helper]
?7 ~6 v4 D7 y: G* R/ R! [, F
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.># { \/ W+ t5 ~ Z
[Microsoft Scriptlet Component]. l, @& Y; y# S. Z$ ^+ u
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>8 ^; u! }% g. e
[Google Toolbar Notifier BHO]
1 g7 h: q8 W7 s, I
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>& ~: n% T+ ]# v$ D% t2 L( _: x, d; K
[SearchAssistantOC]
1 W1 v$ A6 Z- f( j4 d1 e
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>) {. ~9 P* {- P
[SafeMon Class]
5 S# ?% g8 E7 B# [" u0 \
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>3 O1 X/ E5 d0 |; y* S y. r
[RDS.DataSpace]1 t' \. E2 N! g5 O
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- e$ g# Q5 H6 q" ]
[KooPlayer Control]
/ Q$ w3 u% D5 j% J" C1 }! t; l2 v
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
5 G; P6 E/ l! S1 E& w K) a$ q
[AUDIO__MID Moniker Class]$ J7 R% m$ T7 \/ p
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 X- }5 J& d, ~: m5 t8 H7 _3 R3 `
[AUDIO__MP3 Moniker Class]
' k9 Z0 e% t* G! a x; p
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
% {# a o5 s1 M/ ^1 I" p
[AUDIO__X_MS_WMA Moniker Class]
. R6 v) v. F' [* Y* U
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 @7 N9 A4 S( Y$ m8 x. m+ } Z
[VIDEO__X_MS_WMV Moniker Class]
* Q/ d# T& n$ \1 C" X) L
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 k5 G7 P% J, }' y6 J/ @
[RealPlayer G2 Control]
: a9 [: F: n% y) I4 O4 B
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>: s" _& x3 z" z1 F
[Shockwave Flash Object]/ t9 q8 e6 Y1 T) A% G! t4 b
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
) V- g( I5 ]" J/ H# b/ ~
[KUpdateObj2 Class]( p Y- ^5 K( Q8 c: P
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>- A6 u: _4 m/ D. _
[kingsoft browser shield]
7 A7 A! A$ M! z/ [$ P4 t
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>8 J9 ?& i' L& s; |) i
[PasswordEditCtrl Class]
6 s& U+ G) Y: U' o0 [: E# z
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
* Z/ X" |3 `& ?" H2 S0 I
[QvodCtrl Class]
4 Q6 i! Y3 O5 y% p; T% ~: b4 \
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
7 {3 W) G9 t/ @5 v
[&使用超级旋风下载]
4 [+ O6 T0 R3 g1 ~1 M/ {
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
( r% Q" J( Z G% i6 R7 [
[&使用超级旋风下载全部链接]' v2 C i0 j+ E
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
1 N4 }% @' D1 b) S2 T
[使用迅雷下载]
5 e$ `( B( @: i R) s+ W8 T5 w! p
<, N/A>+ U/ W8 s! t: i" ]% l
[使用迅雷下载全部链接]
8 z) e8 N0 E7 E
<, N/A>
1 _6 M: ]! _; n7 `. J
[导出到 Microsoft Office Excel(&X)]# l: i6 ^ H+ c+ e' ]0 F. i
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>' ~: X6 d1 a2 W1 h
[添加到QQ表情] |( Y* O: r! U* ~0 k
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>0 C7 F) E+ _4 O
==================================9 D8 `" F; ? A( }6 q: l+ d7 Y6 ?2 p
正在运行的进程# [ a* {: f3 o& |
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* C# q! c( M" U/ l3 L1 R/ A* c% s8 Z% P
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 B( l6 p# C- s% \3 l J, B5 o
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]) {1 s4 u% H" p A! L
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 r2 u) }* F q! c% ]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) v& N0 j5 |2 r# B) F, r
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 V6 K& E( h5 @1 d
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 e9 {. w; r) S
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# E. X" X. C% A0 N( E6 j. A
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( k1 q6 ^5 m @. M& v5 X% {
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 Q# w7 i' F {% c4 S! G
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
% s& u/ ?, k. y7 l1 H: V; b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 x9 h {9 S- L ^8 ?$ ?8 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) ~) q( \: k7 O0 K4 {( a. U
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] M5 }: H2 |3 _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]! l" b* r0 s$ E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]7 a0 E! t! X& l% ~
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]4 j: f7 ~% P6 S- ]* A) g
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]/ X8 O* Y! W5 E- }9 l/ Q
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
& b! J; @0 `* d/ Q, G# @
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]) C: b' s# v2 ?0 V. v& I# r, m" a8 m. J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 f/ b, x% b5 ]1 i' g1 U
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
0 k$ k- ~/ |) @- ]* v0 P
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]3 }: U' N" D# _$ J! B# Z% x
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
( P5 \( ?/ c6 i; ]; }
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
' w1 S5 f* c% W. p9 G1 n
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]& N5 o0 Q6 c) Q) r+ j5 @' w, d H* ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 M, |5 p/ R% e J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
- W' V9 r! j, ^( @( g; K7 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 }6 g/ o) V% z9 Z0 C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] v3 Q: a8 h' l6 W( r# E
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] z1 k3 B& ]* J, k, V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 l- b: V$ T/ h+ v7 O& c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 c8 X" D# \( _# P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: T) `0 q9 ^& h# W1 q; g
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
6 [& ~+ d* ], y8 Z% d$ h
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]- c' `% {. S! ?( Y/ `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' l$ ^5 A' W* P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
u" L' v( e5 \% E8 ^5 ~& y
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]% u6 x" M9 G% {4 w- h2 g
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
8 l0 T* \0 m: h Q3 j
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
! x/ S6 P9 }( Y; c7 y! a; T
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 I2 h% W9 i E, Y" D: z. U+ ?/ C
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ ~+ ?+ R2 E# V$ T2 I
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]7 F; z8 l3 J$ P9 C& V# ?5 ~
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& u7 a8 w9 ?+ h$ Q% Q: H4 g
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 G- Z) t- z/ F/ I2 f
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]3 p/ m% _. z" E/ m2 d
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]8 Y/ M" Y. A) Q$ M
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
3 P* H3 K' y, o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ A, J4 U8 o2 v2 `7 J$ G! R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 \; W$ y# u3 w+ S7 H# m3 [
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
! G9 T! |) y2 k" _' K0 s/ E
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]0 ~; e* `0 T% U9 ] Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]/ }- ~3 q. W3 N9 w7 Q; Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]: \7 X5 a0 ]1 y2 ?/ B8 S0 d& n. u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
9 x; _- u- o/ A1 G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
% G( G/ F' r1 T9 V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]3 y3 [) O: O+ `. |3 {4 _$ j
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
% T; |3 x/ i& K6 T& |+ I
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]! l# {$ f p/ [% \; Z" b; T* }8 x$ n
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]/ x+ q; z, ?) K
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]2 n( S$ O# p$ a
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]/ i# r/ t" e) X3 D% P7 u: s
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 a3 D6 X/ T* E+ A( ], x
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
8 p" ~/ ^" c9 b$ t4 L* N- ]: ~( C3 c$ N
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]" p$ ^& |$ g7 V9 k
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]. E7 r3 R9 N5 r$ W: O9 S
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
+ G# s2 [5 U* n7 }2 ]% m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- ^% | q* x6 O7 U0 ? D" H
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
( v" t) U2 k1 y' V) b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], D& g2 s7 R4 r) ]0 R. l1 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
+ ]& p0 A5 N3 c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] Q, m6 [( g# X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- E; H0 J. Z7 v5 d: S0 z' f
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]% C" R1 ]1 m3 [9 Y& m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- r( d1 _5 ~" I& P {- g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5], p' ` i N6 z5 B) x, `# s: V1 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: \$ Z* J, j" g4 Y# L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 W# W3 ]& J8 {$ i% n$ e% |
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]* Q& a! }' p+ g4 ?9 r6 ]5 Z
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
+ y; U5 {' r1 _+ I( o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* A% x6 t9 X$ s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 C' Z$ ?. T7 ?1 b9 j7 }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
% s: t* h3 x( i$ U# _( {: o+ q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]$ z' _: K7 N3 {: X- T9 [4 q
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]7 V6 W) V @' j& j( X9 o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. W4 ^0 W5 W; k/ l% |" Y( h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 | J, S) f, u. e& X* Z# d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' Z+ U7 D5 ^7 J& y) m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ o( D! y/ S; q" {. y! H s4 Y
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
* L( R8 p( ]( v* Q6 L
==================================
; P7 k$ b* \$ _( E( G
文件关联
9 C/ g* L" T/ T t8 }
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]& x2 d2 E4 X$ p+ e% A) |
.EXE OK. ["%1" %*]" ?. \( k7 _$ r ^0 u
.COM OK. ["%1" %*]: W* f! B% n, f& L# ~
.PIF OK. ["%1" %*]9 E. R% Z. f% T1 b" b) l
.REG OK. [regedit.exe "%1"]
3 P, B; i* y' H6 r, P
.BAT OK. ["%1" %*]& d: J ?8 |- q# `4 V5 V
.SCR OK. ["%1" /S]
4 P2 D4 \3 n9 U, Y; y$ T
.CHM OK. ["C:\WINDOWS\hh.exe" %1]1 S# _+ [% N' [& ]. K4 T6 e9 b2 a
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]/ Q! {$ N. Y5 o
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]4 O; \0 C( r! t) O
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
) ]5 j2 z5 P: l& I
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]* ?; }% r" z: w1 ?8 H6 Y2 {
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
! g* X+ \# ]; O' J5 h3 J- X
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
! S5 E U S! D; m7 `0 G; v' ^
==================================
. E$ y; f1 c5 P
Winsock 提供者
- f& X; Q, Z' X: K! f
N/A/ U3 [6 _4 J( c- Y
==================================: e* u0 n9 s2 o0 q
Autorun.inf4 @( E; ]6 G6 e3 g( P% P5 v' w$ k
N/A0 I A& B; Z( R1 \
==================================# V# i' u0 s4 y$ z R
HOSTS 文件
: n- F; v9 _. B: l! _
N/A) _0 W: p! O0 S+ X0 ?& d( e8 i+ A
==================================
5 x7 G9 J/ @6 k* u8 S; K
进程特权扫描
* m9 W* H' V: }" s3 {4 f+ Q
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
& K+ o4 A8 [+ t% q9 `
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
/ E9 F! f4 f2 N- m; }' @, ?
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
1 D/ b& O' c# ^8 w e' p
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
) b" h& m, a8 |9 t8 v( M |& \
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE], L& X: u0 U u; h
==================================1 ~5 ^+ H% ]$ T+ k3 F
API HOOK
6 @+ Y" x. Y+ j& A7 c
N/A
' P& g. s9 i+ v$ i" P' |0 f
==================================4 O5 s* D2 ^% s' b4 r
隐藏进程
3 f j3 K! Y, V4 p. E
N/A
" U" W$ p l5 |" @; N
==================================
+ R( x: O0 h% K9 g! O
2 i$ g9 k0 D' B: D

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115