在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

; ?4 b9 M: N' c7 t+ B3 m+ S
2008-05-22,20:37:43% K3 z; I/ L6 H+ D# g+ d$ } B
System Repair Engineer 2.5.16.9008 x2 p1 l* T1 j- u! T; {- `
Smallfrogs (http://www.KZTechs.com)( ^: w/ J8 _/ v* ~
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
( b, z. S/ Z- y$ Z% P
以下内容被选中：
1 S+ \' _/ ]& K& w
所有的启动项目（包括注册表、启动文件夹、服务等）
$ ~# V& A. ?1 m, b
浏览器加载项
% s( v7 U8 s# {6 P# v
正在运行的进程（包括进程模块信息）
& X! _. r! Y0 s' v& p" X
文件关联
, s0 w- v# l# Z
Winsock 提供者
, O, ^# U2 `2 F1 s6 |% D7 [
Autorun.inf! |- ^5 ]. v/ Q: |5 F6 `! J
HOSTS 文件8 W/ l Y( d O# c. r: K
进程特权扫描
5 s4 u. \0 n @8 b8 P5 q
! n0 A- ^; p( r, {+ Z
启动项目
3 x6 o3 m( ~# Z; p& _
注册表8 x2 i! Z9 E: h- p' q
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
: A% y9 X& D3 v
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]$ a0 E4 K6 j, O x- s& p* p i1 I
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
3 H$ d, T" M, {
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
8 T8 z; c6 B u. h6 K$ a. C `
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd], p n" m% E$ H3 x0 B |
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]& `8 v, n5 R+ M
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]3 s( D& G8 B n+ G) z
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
2 \6 s6 E4 q7 n
<PHIME2002A><; > [N/A] ^ h( n" f+ p/ {9 E+ Q: e
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]2 ]3 M5 X9 K) v$ X$ s6 x. |
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]" @' R4 }( T2 p2 i' j" Q5 y6 Y. P# s
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
7 x b H. M' R1 Y* V) V
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]. C$ t; S+ J. ~! j/ ?) e- _
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
1 `4 m* n4 [3 D! w: p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
+ U4 w7 y, G5 Z+ a5 c/ r
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
8 U$ B3 W; P( x6 Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]5 A* J/ B9 x- ]. d* Z2 q) d
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]3 d- I n0 q& W: j. \
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]' r2 ^7 P# g9 }* P% o* i& F
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
- r1 r7 Q4 X/ h- c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]& T+ c0 c# m& }
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
7 n* F6 p; {5 f. {3 |& }
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]) k& q/ E" a8 H- U$ v0 d, F3 T
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]' Q2 D1 ?/ O% D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}], R# q( X# h# G3 o; @$ N
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]8 @4 N4 ~$ f( k) e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
" H. T6 u4 `" q2 ~$ n& T
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] W6 o4 n& A" X- b7 ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]# B; L1 P3 m( v, D+ s
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
8 U$ s2 d7 W" K$ u) q8 H7 ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
( d; D/ k! z& t( z
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
( a7 K1 s! G7 i, V, w( |& a
==================================
9 @ C' t" T, g: \3 A/ P9 j
启动文件夹
' O' _9 F! f& v4 i5 b; V: [! l0 o4 x& s
N/A
. ]4 a. L& p* z3 o5 {8 P+ {) J
==================================$ d& n# p7 K7 X7 ?6 P! ]
服务8 K+ D- Q& F4 L0 O
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
& n/ }: u" w K- a
<C:\WINDOWS\System32\3wareSrv.exe><N/A>- R8 j5 \- V# K8 j" t' E
[Google Updater Service / gusvc][Stopped/Manual Start]2 c# m& U2 D3 x. M7 T( t0 j0 h$ l6 N
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
% [8 k- E! W- ^
[Help and Support / helpsvc][Stopped/Disabled]( ~8 m, I* j& J+ \% d
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>* D% O0 ?' M9 _7 p( N2 j0 i
[Human Interface Device Access / HidServ][Stopped/Boot Start]% f) t6 s, ~" z {/ u2 Q0 u
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>/ |( B6 Q9 u9 [0 m" z9 P
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
. O2 w) r1 X+ f3 K# h$ ]
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>9 w9 m! q. s& Q) d q9 A
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
3 [. `' s9 p0 V) k/ d
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
( I4 H) y. W# |3 _+ k7 z9 k* s: [# _
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
1 d% M: B6 Q9 y7 {! B
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
: L7 Y' n: F* i, J% N. K: x
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
; e6 H* @& H3 r k
<><N/A>
$ a9 [( \; U0 g" p; @! X
[Qvod Terminal / Qvod Terminal][Running/Auto Start]* h% V6 R! r8 W) ~6 R* _$ t2 u
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>" H0 x6 C3 m0 w& A: L
==================================
+ F. s5 I+ o& z! p
驱动程序
# n7 E2 ~6 |( ]& o# \' V, R
[22j / 22jn][Stopped/Boot Start]
: T1 R. Q7 C9 j; Q" T# [ r+ x# Y5 F
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>7 l7 K8 w5 H& n( |3 w
[360AntiArp / 360AntiArp][Running/System Start]: m, l2 f+ n' [6 G4 q8 |
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>2 c. m: y0 S4 k; g/ T$ b2 g' Q
[43ec / 43ecu][Stopped/Boot Start]0 q; A, t* |4 V& g, n! E% k
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>8 s& i+ ~# m( h7 g' D' }% Q7 v
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
7 s" I0 r3 R9 B+ O2 b/ I$ e
<system32\drivers\ac97intc.sys><Intel Corporation>2 W: s) z5 S* j/ l `1 \* a
[Promise driver accelerator / bb-run][Running/Boot Start]
. n+ I+ B- ]0 v" T) Q8 ~; b. ?
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>0 j7 k* X3 [' b* w+ D+ ~4 }. T
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
0 _3 L; q( ~( p& J9 j& C
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
3 q. @" z7 u1 D8 l3 Y2 G0 V s9 |
[KAVBase / KAVBase][Running/Auto Start]) S3 W# B) G/ Y' Q( h; Y- E" v
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
" F! b. B! }# r3 R0 w
[KAVBootC / KAVBootC][Running/Boot Start]8 J3 q1 y- f9 D- Z2 X0 J, S3 X
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
+ t0 W( r2 o7 c
[KAVSafe / KAVSafe][Running/Auto Start]
- m3 @6 A. v6 Z d2 R
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>( E; N/ l+ r, P+ C, a% M
[KNetWch / KNetWch][Running/System Start]- e( e# E9 ^7 ?4 h- u$ W/ t) f
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
& A( i% @0 B: m- B7 y! M
[KWatch3 / KWatch3][Running/Auto Start]
4 V6 f& H3 @& C; @1 K7 j! {7 \
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>* P4 c9 ^, r j& Q. Y3 p
[ntptdb / ntptdb][Stopped/Auto Start]$ @9 q& V; g& C5 }/ p/ K
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
! V% S! G; ^% _1 [# l
[nv / nv][Running/Manual Start]/ b4 ^6 ?3 Z" T5 e# ^
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>, a+ u2 _* O, A6 P5 c& E) d
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
4 [) t) d6 d4 z) Z/ _% T
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
7 x4 m' ~8 i. ?7 o- [+ A" s
[DDK PACKET Protocol / Packet][Running/Manual Start]
* Q2 D3 z* t0 b4 U+ W9 Z
<system32\DRIVERS\ProtoDrv.sys><360安全中心>! @% E& x0 `) b" ^
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
$ T f9 v G; d2 L4 z h1 V2 x
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
3 @$ x9 f3 J8 j- a* u
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]# Q; c) ]$ |; ]) s' T4 l C
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
, E* J" r) ^+ ?$ n' [% t
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start], {; s) U% N$ `. w" w+ S
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
: v4 U; n5 y/ R4 x
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]1 A5 f8 N7 U& |: B: @
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation># ]! n8 a4 a8 F0 O- M4 Q4 Z" b
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]& B1 W1 @ @; t% v& g3 f2 w6 K! z
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
6 U% t# X) A0 ]5 M; L4 o
[Secdrv / Secdrv][Stopped/Manual Start]
# d! ?1 d1 V" i d' n
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>: r# R) K: `' H
[SATALink External Device Filter / SiRemFil][Running/Boot Start]0 F5 n) q! I7 w: Y; X: h
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
3 h: D( @1 H8 a
[System Restore Filter Driver / sr][Stopped/Disabled]2 u/ S. M* a4 @0 x; M) p
<system32\DRIVERS\sr.sys><N/A>6 ?2 N6 f# G0 e( l- n
[TesSafe / TesSafe][Stopped/Manual Start]
' y# o1 y, V5 Y0 Z7 d3 V: L
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>' g% M8 w) v3 k
[System Services / unzxzsrs][Stopped/Boot Start]
2 l9 A) N3 Y' a7 v& O* E! A
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>! c) T4 R3 _; b) @- b
[ViBus / ViBus][Stopped/Boot Start]! A, {4 A8 H* h. l( t
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! A9 B/ \* f& L& A
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]; N- ?! S, B0 y- }6 X
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
: i: V# D2 U9 [, t! l
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
! J' E" ~* `* O0 z6 a; ?$ \7 P
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>/ S; O4 k# }8 }: S$ h+ Z
[ATI Extend / zhibmaso][Stopped/Boot Start]
& s8 @. e# w. s& M7 i
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
- @8 `5 {8 e! ^) R9 O( |5 n4 d
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
" b) J2 h3 |' B! H. x6 O
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>+ B( _9 R* G0 h# k7 {! k
==================================4 j; O7 l. ?7 _# z8 Y
浏览器加载项
1 ] d0 b' R z4 `
[Google Toolbar Helper]
/ p, B7 }- Y% d" p2 k1 M
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>- @3 S" N; Z- K8 b W
[Google Toolbar Notifier BHO]
& \3 Y7 E6 S% V
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>- G+ \3 g; @9 |" k! p& N
[SafeMon Class]9 c" W2 o, M! N8 \+ P# ~
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>" H! f) ~# P9 q
[kingsoft browser shield]9 ~5 x4 |! O% @6 Q, U, W( p
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>" e. T, a3 a9 @) n' p
[IEBuddyExtControl Class]5 ^) e: B$ Z9 c1 x( L* j% n7 S
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
$ w A; j t: ]2 A! H) V! ^* B
[Zcom 杂志]- q( c* M* Q! b* l! [, S+ ]
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
8 R2 T# i; o' ?0 H+ a0 d$ k
[&Google]
. a* n: m- c, M) F! w
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
P+ I8 s+ a6 q2 d$ M
[KooPlayer Control]
C4 Y0 z( D n* ~, L) u
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>" V% N* @/ x4 w j% T# G6 @' a
[Shockwave Flash Object]
7 Q0 {) h# I1 \
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
/ r& T# s" j: h3 l+ p
[KUpdateObj2 Class]& e4 u6 K% e4 h* a/ Z
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
2 k. f' b2 E6 i$ P( w+ p; Y, X5 L
[Google Script Object]- Z- s* P4 c3 o, T3 i+ T$ ]0 b
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
& }/ T4 i. T0 Y( \8 F! ?+ P
[EWA Control]
8 `3 J5 G; |+ x# n
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>3 u% a% O5 O1 n
[Windows Media Player]
8 S% o2 a1 |, k; G* N
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>. N6 H& L' _, T. l+ o" P5 P, X
[&Google]5 o0 _6 w2 z9 \7 E$ }; v" K6 h& V+ N+ R
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
2 Y V# J; u/ w; B# I% B
[HTML Document]
5 O! z3 N+ y- k( t& _
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
7 [0 W% {2 ~4 a3 C) S
[DHTML Edit Control Safe for Scripting for IE5]" o4 p8 ?% K% w: v& q/ ^; W
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
- o) T0 E r/ N+ a' z4 [
[RealPlayer RAM Download Handler]
3 V J* j v. _! A+ v3 o$ O
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>1 o: u% z( e5 ]. s+ e# a
[IEBuddyExtControl Class]8 x4 Z. e: |9 j" e
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
0 H6 [, R; A2 b
[XML Document]8 d- N/ Z6 w7 b( W3 _9 @6 d
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
7 u- p+ O, G2 Z2 f1 w
[HHCtrl Object]9 M2 }* d# m1 ]' Q) g9 L. R
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
+ s8 a/ N1 E2 Y& P# j" {) Z# G- }
[Windows Media Player]5 f% X H9 r5 p% s# ]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
7 h0 p9 k% Y: Q0 A8 Z
[Active Desktop Mover]
& k! n' Z Z3 N, x2 k
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
2 d5 f* L! k( k4 F/ E) A
[360SafeLive]3 o; F) K( Y) Z# A
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>0 Z; ]% [, R5 {4 L1 `0 R
[Microsoft Web 浏览器]5 g$ g8 @% M, p; B7 d5 E7 p
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
+ v! ?% f* A# f* C* `7 ^ a
[Browser Enhanced Objects]( S0 j- ]( S0 s& ^0 w; v% I
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
3 D1 q" h8 M: q' K- |
[Google Toolbar Helper]
# g$ q. |+ p6 F2 N+ z* V
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>) k1 g3 Z8 h. w6 _+ W8 X
[Microsoft Scriptlet Component]$ |2 V# I* a' b4 Y' }# W1 F
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
0 L% Q4 ]3 k* V0 U
[Google Toolbar Notifier BHO]
0 m3 m( y& ]) Q& a
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
; f# m A- N: i0 q& v# b7 u: G+ V9 T
[SearchAssistantOC]
9 i. F v, \( N' ]& E3 `) F
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>9 I f {/ \1 H/ z0 Y- m
[SafeMon Class]
9 P: c5 l3 v. _+ z
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
: c3 M. J5 w; r3 \) j5 D
[RDS.DataSpace]
% O T) M# Y5 X
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
, G/ G- r8 W, V2 @
[KooPlayer Control]8 q m! C) {; ~! U
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>5 H5 E' G) A; y. a7 T8 S2 `; e- h
[AUDIO__MID Moniker Class]
/ A8 w7 q" r3 Z" e% n0 {
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" b3 z6 I5 }, A2 u; h4 W" l
[AUDIO__MP3 Moniker Class]
" `) r/ ?, r5 U! }" A) E, v% W
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 B- L; p+ P* D& N9 k5 f
[AUDIO__X_MS_WMA Moniker Class]5 U! a% I2 y* |0 s1 n
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>2 [; j# n" p: c. f# l
[VIDEO__X_MS_WMV Moniker Class]
# a# F# O' {. K, S& u
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>3 H: I* H6 o) d( h, R) L
[RealPlayer G2 Control]$ ~% X$ [0 B3 o& }: u" B
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
V+ M6 o3 o7 A N: U- K
[Shockwave Flash Object]$ {. p3 E4 j8 R; X. S
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>7 L" l. d) ^0 z$ i2 s% @# R
[KUpdateObj2 Class]& ? f* e+ R& r' D- C# t2 d
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>; D n- \- f6 B" K: b3 T+ v( h- [. w1 R1 v
[kingsoft browser shield]
k8 o1 M! K6 ?2 d" e, L6 x9 Q7 b
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
, r/ Y! \1 |: X$ W6 y# h
[PasswordEditCtrl Class]
. g0 e5 ]6 F8 Y
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
0 j+ O2 H& k' t$ i" _
[QvodCtrl Class]
" i1 f" N; T+ i+ K0 h% m
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>( D. R7 I9 t) s& l5 L& w# c5 y
[&使用超级旋风下载]. K( d. }6 o k
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
9 Y _8 Q1 Q9 g, Q% J3 H! d# ^
[&使用超级旋风下载全部链接], R- x3 b( o( P; ~
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>, H/ E6 `5 l5 R% a$ i
[使用迅雷下载]$ `# A9 K& Y. l, V9 P) m+ C
<, N/A>1 @+ K; S( ^, q% a9 k, \
[使用迅雷下载全部链接]5 @; p- O/ w$ f; U6 W' K r& E
<, N/A>+ F: a* h6 V; F9 j. A7 y
[导出到 Microsoft Office Excel(&X)]& h) v/ x$ z1 ?( [% {
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
! B9 j5 }6 l. u1 {$ z4 @. C0 F, D
[添加到QQ表情]/ C- S% x( c$ E* s; P# q V
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
) U! I0 B/ ~6 N2 \
==================================
/ I+ ]9 a9 Q! \: R& l
正在运行的进程# o; u8 `9 }7 G7 L* {- A
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ l+ j5 Y# I7 S) }, _7 g, h
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 u& Z2 F2 x) V9 N5 P
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! H+ Z5 `+ ^% ]2 W+ |
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
! ?" Q1 h6 X1 f" a
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" }' [' {, ]" s) A. X
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 S8 L a$ t0 _0 o/ t
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' p1 E; D4 }: ?1 l! z
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 P0 g: S7 l5 q+ I- z
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 r d2 T% X1 Z' W( `6 U
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 P1 A, ~( u" S$ I( h. C1 q
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
{1 Q$ k' X" L" c* \; Z {
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
6 B" C, b) [" n+ _: G9 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; B" Q; |9 E% x* V- v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: y* E+ k- A; `4 Y+ A$ I
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
4 n! Y. ~% D( Z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 H6 b7 K, S( v6 ?% X/ h6 T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
& A- J r4 U5 M4 i+ o& H4 Q% y
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]( q% ^# r# O4 o9 s+ U: }5 P% F9 n
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
! s6 P2 B: @1 P# }$ s. W8 a0 C
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]. U, f, Y8 I* ]9 R; n/ ~
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
4 }& h& P" ? [( T6 m+ S4 A
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( B2 N, e2 z: X7 a* j
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]; v, |8 t% u) i2 u" x
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- r1 a1 Y4 b6 M9 [; X, s |* }7 C
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
" |# n8 z& {$ b% {# x
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
0 T0 b* c2 [& U. T
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
$ G" v. `) ^, ?7 V- |/ D3 C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 t8 ?3 ` B8 A3 a1 a$ S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 l9 S3 k- t$ D5 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]0 r5 B) Y2 j5 J8 c* G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 n1 E1 k# _# ^
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( Y. w) V& s" B% P8 X3 F' k- ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
j% V& i$ V- E* j2 q* c4 G- |+ w8 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, H8 j+ k2 U% c4 K5 ^0 U7 f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 }0 K- p/ n/ T" f+ L1 M/ Q
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]# U) k$ w5 O- T# I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]) ]9 h: B, H# @% d. u8 k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
; j: K0 Z( u& ~- @2 x" l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" J: O* K+ @. c/ Z% Y8 p5 ^
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]% I7 N9 S D$ a: v4 X# | {
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
5 l( H1 F- v- s, [8 O/ Y
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 P9 |3 V) l& _7 \/ Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' W, T/ o% ]) j
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) I+ n' G1 y1 M8 ?3 o# k! v! \
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
/ X; j, q$ }# d- u/ u; [- j) ^
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: s' D! W# v1 V! q9 t
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 z0 t2 B7 r$ T5 w8 f
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
' M) n- v8 w+ B0 C5 Y, ^" E
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]* R( z. |+ z* ]; p3 v! {
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]- g2 z: p( s J) C Z1 n* q! P& i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
" G; K3 k+ Z+ e. T8 h$ @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) t7 M: r7 r2 w: L; P# V
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
- h# P$ T: V+ B$ D: R8 J
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
1 T# D4 _9 ]4 n9 M7 q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2] A* V }) ]/ J! d+ C4 e+ z. t9 w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
: x& d5 U4 m: R, i/ @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]) v: k( l P" A2 `* B% R+ M) d2 H' z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]3 l3 ]6 `7 P: I0 H: @: ~4 p8 x2 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
/ m) |6 j3 j6 {+ ~& P
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
+ T0 l3 y$ \% I' P; S5 `
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)], c% }7 k5 L1 C4 {' N4 ^- u0 \7 p9 N
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
) A5 ?! c, c- n6 B& c( K, z
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]- A! v, m+ U4 T9 P- v- h/ j
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]8 r: j5 |3 [2 [! F+ c6 ~
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]. t, o6 b& Z/ W8 N$ y1 H. Y
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]3 S5 A5 l' @/ d8 k1 F h% N
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
- B8 g7 U' \# B9 A! [: B
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]+ |0 y; [9 Y6 b ?' [1 m
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
' G8 D9 _2 b. v" i$ l7 _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]* x2 |3 T1 B8 T, x3 j q1 b
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
2 \0 b* t/ x, Y3 P2 _, K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]4 P/ a. ^. q( W+ T" ?% X. ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]. \- J2 B c& ~# P# i( G& Z1 { A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- X6 x- J* X1 F
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]0 ~$ [' o( j+ K8 U0 F: `
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
) L( F6 Q) k {% P% _
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]7 g/ A' `; o5 r4 D, G z0 u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
* Y, {6 G; L7 f) A/ F9 T/ ]( f/ ]* k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
H& [- S4 \3 m! F4 U0 E8 g! c; \& q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 c: G! j& X1 A8 z% R0 M; n: d0 m
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]- M# v& J% |! x6 ^" j X
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
. h# y( }% c, F/ ?$ k9 {+ T% ^
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& w! L* C" \7 y. t0 h7 S3 E$ x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# g7 |$ ]- Y# z% b) I/ N) ?. K! p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
i2 A) I) _$ }: j) }9 n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( y& Q. d4 W- k0 F
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
* m: [3 K+ O+ m; D" v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
" L% ^7 d4 o9 h; S( I) W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 ^# J+ _# _/ K" O6 |5 ]1 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 o3 z6 D/ k2 G" i! \/ o$ Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 y% l7 j0 W: \0 ~* u- N2 G
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
" a; j4 u: Y) T0 ?& k
==================================. m4 g; L8 q( |- Y h: p& i5 x4 e. `
文件关联
6 j o0 S3 I/ f4 T# {# e) `
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]- j4 y- G" @. V& j
.EXE OK. ["%1" %*]& J3 l7 i( }9 Q" N1 o {- j0 X8 P% ], X
.COM OK. ["%1" %*]' ]0 n# x( w# m: u% \5 q
.PIF OK. ["%1" %*]
( @0 j v$ l3 v( O, c
.REG OK. [regedit.exe "%1"]
( p. Y: q- e) m5 i, |, ]& T- x2 Z% ^
.BAT OK. ["%1" %*]
. e- B, u; o2 g2 V9 c* k% y
.SCR OK. ["%1" /S]; | G% _$ |; }* a( L
.CHM OK. ["C:\WINDOWS\hh.exe" %1]" U2 i! X: w ~( l8 F
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]) @$ G+ `) ^) ^$ P
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- `# Q0 g! q+ x1 L* X+ D1 K1 i
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
~5 p+ ]' j6 @: s, O1 k9 m( ?" o
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]- N* F T8 q0 y9 [# K9 a) W
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
8 i. H! p8 _" G- X
.LNK OK. [{00021401-0000-0000-C000-000000000046}]8 d# h; C+ r, ?; K% A( K
==================================' a! |+ Z; M3 b5 d% m+ B3 C* N
Winsock 提供者
0 v; f1 {2 S2 \; Y
N/A" M" r- ? o1 y7 |9 o
==================================& ?6 [1 v8 S8 X; t6 f r! v$ e9 Q0 ~
Autorun.inf
; u4 r8 f9 \7 D& I) S
N/A4 t( F0 T% Y. C6 m, d
==================================
! s0 R; R7 L$ _, T/ d; I
HOSTS 文件
1 W3 J5 V/ _: p5 Q9 y4 @
N/A' c! H( _' V2 x. ?4 M
==================================3 g6 U5 J% U9 @$ d7 x$ p
进程特权扫描0 T+ c; W/ e! |" _+ s
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
: W7 [+ N; Z j, A* u: b; k
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
" U: u: k* s" n7 S% B% Z
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
2 A0 e* ?7 i3 x0 C& c( n
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]% e7 y& a) D! ^1 o, u; H% z
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE], L% l( y3 \7 h8 I! V) C+ Q" N
==================================; C" m$ p0 p- G% y' V& u1 b
API HOOK
/ ~' T. t( s7 R7 Z: v
N/A
+ o2 T6 j3 h! f2 H% H
==================================, q4 ]2 C/ e& S& C0 M
隐藏进程
& S# s X2 C& R6 b: D1 k. ~6 L
N/A+ a y, E+ @9 M& G) e$ C' a
==================================4 D! w/ N0 Z ^4 f* c) P, a0 s
+ F* C1 S# y R- ]1 ]# J

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115