在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

# C& L& p% c) [; `$ \# K8 K/ `0 w
2008-05-22,20:37:43
: d U" _( ?9 C0 w& F: C ~0 V
System Repair Engineer 2.5.16.900
" k* e6 N- V5 G! N5 v! h7 C1 e
Smallfrogs (http://www.KZTechs.com)
+ V/ C# s6 ^) s) U- n ~
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
! g2 U+ L8 m; J% a8 }7 o" z8 _
以下内容被选中：
/ \1 z9 ?/ N: P: N* e! ?/ s
所有的启动项目（包括注册表、启动文件夹、服务等）# d4 f3 K. m; [5 _, H
浏览器加载项4 i/ M% X, T4 t; W5 h' p1 C
正在运行的进程（包括进程模块信息）9 D/ ?, {) _; S' t
文件关联1 j( T! l& t7 _# k
Winsock 提供者
0 A0 z! Z3 l$ S; G" W0 t
Autorun.inf
* r) k+ ~+ ], R# ~* L+ ]' v1 {- @
HOSTS 文件
8 G$ m$ j3 f% r1 b7 b
进程特权扫描
& u# T" \3 C% s B
/ D+ I! V# g% L8 g$ `
启动项目
) w* L' I8 ^8 u; W4 a
注册表
* k8 F" n5 k0 q! z# ^) Q
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]9 [ t/ V/ I; u) }5 q' t
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
6 V# M1 P2 _5 s5 J
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
6 w9 T, Y0 _0 z- z3 I1 n6 N' |
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]0 A3 }3 v' z3 X7 F2 {( z+ A
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]% @& m, e! m, B$ k, [! q8 t! j
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]) c8 z" x, M% ?$ E% A5 V- O2 ^: @
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
, U! H( p+ S0 K- e
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
o$ B. @# `0 a- W
<PHIME2002A><; > [N/A]- x; S A9 x4 r- h. \ A, C+ A" L; B
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
+ x9 |* n& w6 Q7 A( V. Q5 c9 y
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
; E) P' o9 F2 j" C7 h
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
& v' x H: @# i9 C; i5 U6 |* B
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
' c- Z m. m/ z. r4 e) j$ O4 C5 U) x
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]! y! S* z2 P1 C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]& e' \$ ^* r1 Y* L% T2 J0 n: v
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
( u; i3 u' K% w, o
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
; N' l4 r5 ] z/ ^
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]! S4 h1 g4 v$ n4 a3 I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]2 D; Q3 k5 ]* W: J! X- G
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]6 W9 a8 x E% o4 _- x
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
" K4 p8 Z/ j3 D; b8 u
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]( h' s' k0 J; f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]% T4 F2 W0 @) c) X9 E. M9 Y
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]: i0 L9 [4 q1 D- s7 v8 ^# q# G) [( r" Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]2 m& D/ f% n9 L8 U
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]- Z6 N& ~2 B) E# x. I0 B
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]1 Q% A6 g3 f9 c- T$ v3 o- `
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
& q+ O; s* Y4 G ?& r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]/ D9 @% [3 U( h l' u) I. C6 p
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
" d9 P d& r& K& j5 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
+ V Z5 Q. Q r! T$ t. Z8 R
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
0 X& B0 ]& l/ x4 K/ K2 T8 B; F
==================================
% P4 P, D2 K8 ~" `. l8 U) B
启动文件夹5 a5 X( H, ]* R0 W" [3 v7 y1 p
N/A+ J# z: \3 r0 G: U9 j
==================================, k/ \) L9 c9 R
服务
4 \- k5 V, \" n9 \' m/ u! I
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
2 T6 M) r6 ?8 g! u( p
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
' ^/ N5 f2 K5 E/ i9 G+ r" h# K
[Google Updater Service / gusvc][Stopped/Manual Start]3 m0 v* J% o$ j8 o" \+ B$ y
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
1 Y0 {$ V- u I7 m+ }+ v5 Y, _
[Help and Support / helpsvc][Stopped/Disabled]
' j: K; R/ r8 e0 Q' t
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>) q$ ?8 S D) f0 u4 }& K y
[Human Interface Device Access / HidServ][Stopped/Boot Start]: m; N. \; a8 w2 F; T
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>: G' O. R! ~- N! _! h$ u7 ?6 u
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]( m2 c- R) U1 b* b
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>) v+ k1 C# Q7 z
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
7 M3 {) j M' b6 T% K% Z
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>8 y; G/ C2 {( Y6 u# @) u; c
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
3 j0 ^6 u7 Y0 C! d+ n# S0 I
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
( ?( {6 z1 y: T- l
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
- D0 q" g3 o# y+ ]
<><N/A>$ M Z# M3 E4 J
[Qvod Terminal / Qvod Terminal][Running/Auto Start]$ T/ h6 v1 v- [. y4 B" R
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>$ f$ V) R' N+ c) f! {6 V
==================================
0 Y2 x0 [" k! f ], U
驱动程序
& M/ T$ E }: a7 J& L2 i$ t
[22j / 22jn][Stopped/Boot Start]7 z; v9 g! ~1 F
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
! \$ |8 _/ C% B' ]
[360AntiArp / 360AntiArp][Running/System Start]
1 e6 H/ W3 D: Q% ^- _
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>5 ^8 [) A/ w1 }) g0 A
[43ec / 43ecu][Stopped/Boot Start]2 A0 L: f4 Q9 P) Q
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>3 Y, C u6 R0 P# \% k' i
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
; c+ K- v. M& M
<system32\drivers\ac97intc.sys><Intel Corporation>3 g2 s/ m, x! Q, | T: C h
[Promise driver accelerator / bb-run][Running/Boot Start]
* M& N) f }0 q# X
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
2 d, Z4 D* B4 v( \) ~7 B
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]* f2 g. I. X* I* U; n w
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
* ?5 i3 y$ Z4 r! n
[KAVBase / KAVBase][Running/Auto Start]
! Z; p- V Y; Y: A( a0 h% X
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
) u: A( N( f& w+ t( v( {3 o$ X
[KAVBootC / KAVBootC][Running/Boot Start]
8 X9 |$ m( j, r. L& U* S& R. q: E
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
# _) L) d& m% ]( Z. E' B
[KAVSafe / KAVSafe][Running/Auto Start]1 h& _+ W2 K$ A# V( F: t
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
8 }8 T$ q7 R5 ?5 f4 f7 E! a
[KNetWch / KNetWch][Running/System Start]
. j0 E! O' A8 C4 j9 ^8 n0 q7 Y0 S
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>6 m r% C M) a# o0 j8 z
[KWatch3 / KWatch3][Running/Auto Start]
; [+ z. m6 v9 i7 @( @' |& U
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
- O+ K" s6 s6 n0 S
[ntptdb / ntptdb][Stopped/Auto Start]! v$ z' f v: D2 Z- M/ a% g) y
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>/ x" h' Y+ h& `, b* `( Z! R
[nv / nv][Running/Manual Start]& ^( t0 B- T/ i
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
9 T4 Z* ]4 b: ^. v
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
2 e+ y2 w8 D" H1 y# q2 p
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
6 Z! n. k' C1 b3 G5 r) X
[DDK PACKET Protocol / Packet][Running/Manual Start]
H1 G, T1 R# N
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
* K. u3 Y' ]" _: k6 k' w
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
' s: I p- Q+ j0 a
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>' A# a, a: L0 U: \( T
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
" ?2 S) T- k% P- l ]- K9 z
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>3 u% _+ [8 v9 C1 M; R; x8 E# I; ^9 l
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
& w0 n: C1 [7 a2 y: _% ~5 C
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>, W; x% e. }! H! ]' H9 r9 G
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]( h8 J# @: |4 c! y
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>/ D4 Y# J8 ^" J1 E3 p/ e
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
; W* n5 {. G8 {7 A7 A9 U* w3 O
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>/ T+ ^$ C: X+ u- ^. Q3 @$ _! D
[Secdrv / Secdrv][Stopped/Manual Start]
. X- D0 @ i1 X! N% J2 D# @
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>- I& j' \( c9 q' S' j; l( [
[SATALink External Device Filter / SiRemFil][Running/Boot Start]- _- x {' n; f Y4 b N: t
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
1 P' z0 i' z* J& Q/ R+ v
[System Restore Filter Driver / sr][Stopped/Disabled]
' F, W5 A/ h7 `5 i0 [
<system32\DRIVERS\sr.sys><N/A>
& Z* l" m, v' E- p9 R
[TesSafe / TesSafe][Stopped/Manual Start]9 Y# M0 W/ n0 [
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
+ u! B, M" o9 j+ { s
[System Services / unzxzsrs][Stopped/Boot Start]
. W- P3 i- `% j$ l! O2 E& q% ]
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
- t W& w3 Z Z `, `9 `/ t
[ViBus / ViBus][Stopped/Boot Start]' P- d& t" y" r
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>" t" s4 g6 A& p# m( J: Z- Y3 F
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]: G0 M7 W3 c3 b' f
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>( v5 H5 g# G' h) Z0 b* e8 c
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]/ l4 f- @+ l! B9 s! M
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc> K" R# K- j& Z3 }+ W$ K
[ATI Extend / zhibmaso][Stopped/Boot Start]0 c7 u' h) j7 h1 H- Y7 B
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
! w- B' m8 h7 w* W5 ^
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
4 j: F0 d. {* n8 q2 K8 c0 [ V
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
& l H1 s! O# Z B$ ~
==================================/ C- ^% v/ b- I' k5 D
浏览器加载项; d. R2 y' t0 p# h% [
[Google Toolbar Helper]6 S! l& \' d) M. r) Z' |) o
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>& L0 A ~& ?3 F8 T9 B
[Google Toolbar Notifier BHO]3 }% j0 Q2 l# \; y; ~( r, R
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.># A! @! M$ E; W- ^0 R& Y
[SafeMon Class]* O6 r% s( g% |* b$ H1 z
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
* j2 T* X/ w4 ?/ I9 @0 j0 y
[kingsoft browser shield]
4 o& J8 h% j4 Q: Y8 W6 ^3 [
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
2 {, g4 A' K/ J0 |
[IEBuddyExtControl Class]- @; Z2 ?: h+ E# _& M! X. \7 a
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
( ~; H# ]& P2 U% N( i
[Zcom 杂志]) c- }0 p9 J, c0 u
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A> k3 L" q: f- @0 z8 |) T, i
[&Google]# g3 ?6 L' u5 t/ J
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
8 S: q& @, }( [' W& v
[KooPlayer Control]
7 ?! w, Y! T) S
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
4 S# p/ w& N7 f
[Shockwave Flash Object]
* y3 R* |2 C( e# d- S
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>5 Q( b( Y/ K6 B; t" H
[KUpdateObj2 Class]
$ L. U/ p: ]6 t$ n. C
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation> Q% x+ P) d3 p* F3 ^" R
[Google Script Object]# |7 J/ l8 I ]% v
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
3 s. b, g% i5 x6 [8 q
[EWA Control]
6 o: }( u0 T- [* G1 @
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>. I0 q/ I& s; e2 z% o" L% ?
[Windows Media Player]
2 R# h8 y" j( F" m
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
( l- @, _1 E- l6 o
[&Google]
T% u7 L6 b" k `
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 |' \# @! k4 }" W' I. o
[HTML Document]/ P: f+ S' }* W. M; }* M
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
% y. B! K, e! M& L N7 U
[DHTML Edit Control Safe for Scripting for IE5]" @0 k) B- o/ K& {- ]- o) X/ i9 n
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>( Z! Z" o% b' W. t
[RealPlayer RAM Download Handler]
* }3 t$ \% ]! @8 o1 j9 V
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
* N, u3 B2 \' ` L
[IEBuddyExtControl Class]
6 w- q/ G/ P& f9 G
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
2 S% ^$ }. v5 q/ D- m% ~5 y2 P
[XML Document]
/ a% F6 s7 A" H) \2 }
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
, a5 t, s. S, h( Z- ^) G
[HHCtrl Object]
5 h! C! j( N0 k+ \( [
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
& h1 r5 f+ r6 }% A' g V5 J6 u4 d
[Windows Media Player]1 j! `- N4 n$ V+ v
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 s9 y/ K7 e) K0 N8 a/ e
[Active Desktop Mover]
) d0 M; r, a, g- g: Y7 ?
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
2 d$ v: @+ g0 r7 ~6 l6 f$ [$ ]
[360SafeLive]
$ `3 j3 A. [$ o+ _+ Z6 q' D
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>! K7 F" U9 o' `5 l
[Microsoft Web 浏览器]
8 t8 K: `) J! I" V5 x: i2 Q* S
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
( A- m% Z2 j4 w
[Browser Enhanced Objects]
0 Z1 O- N! _! j" [- N5 g
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
$ A; a- \: C; h
[Google Toolbar Helper]% w w8 V" A' i/ _3 D4 s) x
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>/ \5 R( n: F. X @# W0 w
[Microsoft Scriptlet Component]
- L( a! ]- z* w$ A+ H
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>9 l/ k+ y: b; Z4 s0 K' _
[Google Toolbar Notifier BHO]
* D2 |: e: ?* l Y! j
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
8 q; r5 f. m6 o6 u
[SearchAssistantOC]! y# v$ R: ]" k4 a9 f* w
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
! N9 ?2 L- c5 B8 j
[SafeMon Class]3 S; j5 K& ]2 _/ w9 c3 T! r* s+ k
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>( {: E4 @5 A0 m" a) T1 z- r
[RDS.DataSpace]
2 V; ?3 C2 b0 N2 u% f
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
: O" f/ g; T. [, k! v" l' K
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>. e. D; R+ X# J$ k9 i6 Y0 K1 v
[AUDIO__MID Moniker Class]6 }2 e: D* F$ g
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
+ O% P1 I9 B2 E; o; k/ ~& W
[AUDIO__MP3 Moniker Class]( [ l9 l$ g( q5 ~ r
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
! i% ]& s( O" m0 r
[AUDIO__X_MS_WMA Moniker Class]
* x H8 B% X6 U4 g: W9 `
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. J4 G6 R/ H3 h
[VIDEO__X_MS_WMV Moniker Class]; P0 L% m1 a# ~( S* I0 j
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>+ h3 a0 O! h- E! i, Z
[RealPlayer G2 Control]; J. @' B% r- R& i n& }
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
6 ]3 {+ m- P" U) b% V0 y% j
[Shockwave Flash Object]8 h" A' _+ x# Q* A
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>( g" L* |/ C) Q1 r
[KUpdateObj2 Class]
; s; p: v8 e! u7 r7 ~& k
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>% i9 J8 I" S0 |& o
[kingsoft browser shield]
; V/ k2 g, A! R. e! Q$ B
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
3 \) L( N4 B: e. @
[PasswordEditCtrl Class]4 M- u1 ]9 s: L! o
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
) i/ x9 n+ a( S% Y2 y2 a$ ^
[QvodCtrl Class]
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>9 h8 g) E2 ~3 A* N/ I% J# Y
[&使用超级旋风下载]. Q1 H) }: G8 P9 p! n2 V+ U: T
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>! j6 k' R. y' ^ f* A1 ^8 G
[&使用超级旋风下载全部链接]# h+ T2 C* ?, e& @- r; n6 A
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
5 K' k8 B7 ]6 r, V( ~
[使用迅雷下载]
' I# O! E5 B) \5 Z, a. D% J5 f4 M
<, N/A>
- i2 M" `9 L: V5 @( r9 T! Y
[使用迅雷下载全部链接]
! ^- @. x% g3 r0 [8 C7 Z: `! j
<, N/A>
: b3 a) ]; w) N( f" K
[导出到 Microsoft Office Excel(&X)]+ B- u9 e9 ~8 m$ V
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
6 |4 E, K' X" K) Z1 o9 A8 X/ a" r
[添加到QQ表情]
" \! Q; Y5 t( t+ f" e
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A># ]. P1 x2 i2 _+ E) D! L$ Q
==================================. ~& c. X E5 P
正在运行的进程; i3 O3 t8 N" i: X0 q
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
z% I6 Y3 r+ b' T3 W$ a( w
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 a o7 e6 [: h+ j$ _/ d: s8 O
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 E3 d" d. \$ U7 u6 v7 h
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]- k( E2 o( h w `
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 }7 I$ X: ~- s* x
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( a1 h/ X) s4 e; V: e: v& j o
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 w5 p( \, H4 a/ q; ^& |( [
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 K8 Z# Z0 j, q3 B" Q6 l* z
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 V6 d& Y o' P* U, n
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 C# f1 x. R$ ]( ` C9 L
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 ~5 T" { v% ?( v! F
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]+ a- x6 {. m* ?9 x/ C- W( A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% F- \) A; ]7 \5 y# ~( j% N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# ?' f# D1 a# k* V+ {0 e
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 ?2 m \3 D6 L% @! W7 P
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 U+ Q3 X" B* G1 I; ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]) ]3 w9 A- m6 ~" j
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]* Q5 }9 k, T) I J+ L
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]% x I/ I4 [) L/ \ `3 _ N& l
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
# o. R" I" i/ X. |
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]0 [) A0 z! A. R( I8 ]& V! k( F
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]# r# o! s. h. I C+ d0 S
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
$ i4 |% A% E% Z& P f: e
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]4 n* }6 [5 Y! N+ Y
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
# r9 r8 ]1 ^8 B3 Y4 K7 F: x2 ^4 n. F0 x
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
8 Z, H# D+ S& y8 e
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]8 |$ M6 f+ G) l; _* _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
) Y6 ?* `6 a2 S# _( U: N/ I" `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) }. [, [2 S ?# y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( O& O% ~/ z l
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
! F$ a! n7 c" Q! \6 |+ N0 u
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 p B# ]$ J! e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
- _0 v; U) ~1 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 ^% w l) }; M+ I& g
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]) f8 a" z( j: Q7 z7 K
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]+ y, P1 a% M! p$ \+ v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
0 @1 I R! [$ |4 M1 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! r( E: ^' f$ S: |* u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
& b1 z! e5 ^" I, x
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
- s( t! m& |( n1 `5 c4 c; q* u: z* ~
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
- M5 N& b c+ u6 w( _$ G0 o) j% I
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% _8 ^2 l3 }1 m* y# _/ m+ t
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( n% C2 i" j$ L9 C. y- X
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ e' F5 u2 a. O8 [* D: W( l
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]* `6 }: M6 t( p8 i7 Y- i; H
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 o3 M- ~" u3 C. P
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 U6 C8 J& J% ~( N6 k% C; T" M
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]" E% G) Y3 O* w) S
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
0 g0 i& X$ d+ \" k% l- T; v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 K8 R% A% c( j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ ^4 x( E( d; f7 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# V9 X2 H+ A. f
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
* I) ^( N' }7 H, P& J% \4 P2 |
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
. E* n) H: \2 y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
) T- k8 ]% b: }7 d# E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
9 d/ C2 I0 b# w* U0 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
9 O3 J5 ~4 n% ~& ^; @6 |& J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]: T" ? z$ O! z6 Y: L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
$ ?1 @% t( W% {9 t, `
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]4 H/ }- O7 ]1 \( B
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
! g3 R% w8 `/ D. g& X& q9 h5 ~2 t
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
u1 K! }, u# M4 V- v1 T) Z* d2 |1 ]
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]0 m5 }. \1 Q6 C9 I7 _+ v
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]+ r, p1 p* R4 C& l( j' K! B2 l
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]6 m7 }0 a; n" @9 t. S# O, G `
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]; D! u ^. y! |1 ^6 Z$ T7 ~
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
* |8 c U" x% n" r; V5 f
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
- i* v u* u& g8 G5 j
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]/ p4 X0 n' z" g, A) ?8 c' N' x
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 y& }. a9 R# F" L8 }
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]! `$ p+ R( L6 e M# i
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* V1 t1 u% n. M- |$ O" P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 i$ A! B* H% b- v2 R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 R1 N) O: Z8 x+ N/ f( J2 X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 r9 C! A2 ]9 `
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]8 K; z8 z8 h3 ^5 d2 O# a4 `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 z( G3 F* _2 d7 S% L/ E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 H+ I* j& r& s. O; k: @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, @, x' w0 d4 v: X$ b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- V9 V3 G# N, J0 H0 a1 v
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
( {4 i0 n, s+ C8 M
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]- O5 D% y' I0 M
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 d) {- F& z8 u/ @3 l! s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 s3 }/ n6 D7 j* ^% W$ a2 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 \; e* v" F4 K1 q# r
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. X+ v: n- I" P5 ?( x+ {
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
% n7 [5 F' O5 t$ K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. y, X) V6 {3 N! a) p6 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! m' U: a; g/ b$ O( D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]9 ?0 R# S' ~" C5 k3 C5 `0 H6 _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], Q) _1 x* v, b, _
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]9 Y9 N2 m) O9 N: E
==================================7 m& T, d# A0 Q( k" L$ M
文件关联
3 @7 t( o2 y' O$ u" d! O
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
6 ?, M6 \4 N8 B$ f! W* X
.EXE OK. ["%1" %*]) | f3 U( x* X7 t$ |
.COM OK. ["%1" %*]3 D- m; ~9 ]9 V+ E. O
.PIF OK. ["%1" %*]
( Y" S# @8 P5 E" z$ G( Y# q9 \5 H
.REG OK. [regedit.exe "%1"]6 [7 U5 g, D9 s! E- |( j
.BAT OK. ["%1" %*]- W2 p9 ^( |# d+ k5 n9 c
.SCR OK. ["%1" /S]6 x; `: j0 c/ Q$ k% O
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
5 ?4 ?) c6 S- B8 N0 ^
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]: P% g+ f0 J }+ y9 L: d! K) f% Z
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
6 I' n$ {9 o' V# s p! s$ G0 a
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]& l8 _8 I1 h( P3 D, ]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
, b4 F% x( q- R) w" H/ _
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
/ T; D2 B6 E9 ]9 X9 }6 X; p
.LNK OK. [{00021401-0000-0000-C000-000000000046}]7 _2 O" ~2 E! g: }5 V; d
==================================
" h! l8 l- v6 ?3 d( q
Winsock 提供者' s7 F: ^: s9 P8 M
N/A
- J1 }8 S7 Y7 l5 I! f
==================================
, G+ i2 F, L% u! f1 C+ p
Autorun.inf0 L. f& y* Z; A( z# P) o/ t
N/A
+ G0 j$ c9 A6 o( \: W9 {0 s
==================================' X7 q, o, z3 N4 r. t5 r
HOSTS 文件
9 B/ `: V3 y" f
N/A) a3 p( {$ q" D, [' }; d3 b) V
==================================$ ?6 u- s& z j8 b3 f
进程特权扫描
( Q; c6 ?0 `4 t. z
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE], {: x/ z# R% W4 H
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]) I* \! b! z7 V" h
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]; e3 h- B6 k6 ~2 V9 @" Z( C# P
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
, x R5 [9 |( E8 a4 }; @
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
2 d: G% X U# D4 l
==================================; k$ V5 ^8 L# F# ^
API HOOK+ I5 K+ h9 r6 _. x/ V4 N
N/A
+ p! ~9 ?- O: g0 U1 W& @
==================================
1 f" {, i. G# B4 u1 R
隐藏进程7 E# s$ p: h- {& ?: t- T
N/A+ Y; \1 V; B$ \% G) g/ H
==================================( a% {6 \! B, x, a* {8 c7 ~
/ W% `8 L! F+ a0 K! m2 m

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115