在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

+ }- r6 |8 c0 c. g5 s" t3 _, e: U
2008-05-22,20:37:43( }$ x) Q: r' Q) X1 o+ ~2 a
System Repair Engineer 2.5.16.900
- i7 y8 @/ z3 L8 _
Smallfrogs (http://www.KZTechs.com)
. i7 k; x; Y) c7 f4 G* u8 Z
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能2 L- V2 o6 p+ m B5 y% N
以下内容被选中：
2 |7 E/ z1 D* | I, F) P
所有的启动项目（包括注册表、启动文件夹、服务等）3 O& y' Y$ M; [2 }. o. D
浏览器加载项. w- M, k6 u9 b2 D$ j2 x9 D" [
正在运行的进程（包括进程模块信息）
. ~, }7 i0 G" G$ n' ^2 G _& g
文件关联 h4 g7 _9 A2 i) G# w4 B5 v
Winsock 提供者1 c. f6 P* ?% Q/ T* n( f
Autorun.inf, i: L. s8 |, E; Y+ n
HOSTS 文件
0 r* C( X0 a$ F% x2 D
进程特权扫描7 r9 o$ t* j8 j: u: r( L
0 h) V( Y' Z$ R' g7 ^( o) T* r
启动项目
1 p0 B0 q+ t z' Y
注册表! B# O" K; _5 E0 U
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
' p# Y" j) n" \$ W% U0 e
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]( W2 F! g7 y: l. U' ?6 \ l7 _) y
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& S4 j2 {6 ^1 \& C$ ^
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]. z6 @7 A; `$ J9 ?+ V
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
$ q! i5 T, f4 h, {
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
1 W* H4 r# R/ t# @/ R
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]) Q2 p' S( p- d7 S3 S
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]7 Y1 t; n; G: R3 d. O
<PHIME2002A><; > [N/A]7 K$ h( s7 C! b8 e2 a5 l' J
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
7 u j& C& G1 s$ a; o p( h" p8 Q
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]" |) L# D' w0 T h4 ?
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] l+ Y4 A- w& c4 D% F+ ?' k
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]- C# J" J1 n! D# D* N
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
8 M7 a. Q2 P1 G- }1 B' Z, G
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]9 e7 @. i1 o' n
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]3 Q! {0 Q, l* n1 U+ ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]* m6 t9 G, i" M/ c
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]6 y: ~3 `6 ^' c+ H* i- W$ J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
4 j8 r0 }" B7 }6 ^
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
/ n2 _- b, V" s% r+ B- C$ g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]; T, z' N7 K9 L8 Q8 r
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
0 `; j$ U8 v" ?* _# V1 B4 |; L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]( U8 r/ a1 V& F/ M
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
: z$ O/ V5 }$ ^6 S) L& e
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
. c& Q% T+ F0 i% |' Z4 d
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
' @. ^" I# i2 x. I3 ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
' @2 D; P% K U5 l# |9 t# C4 N
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]7 F0 H& d; A! J$ r0 P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
. `( s( \) z0 ?, g% _
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
% V5 U3 ]0 K& u J! u: V
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] J, O7 r. g- r6 }2 U9 k9 [
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]2 F4 C- D: u8 I4 i
==================================4 [, L5 k$ U' X* {: b
启动文件夹
# e; w( x. _; q5 Z# j c
N/A1 H! f! j9 j4 u9 A( e" v
==================================
4 I1 T, r9 ~# Y4 \. e" f
服务$ e& L0 R5 b4 `4 ~- d F4 Y
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]$ Y; r: P, ^$ y
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
# q, E$ P( j6 h; K& k, d
[Google Updater Service / gusvc][Stopped/Manual Start]) F6 O5 e( A- v; W( m, W f A
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>7 F/ Y, d; p" ]2 ]( Y% c6 `7 P5 G
[Help and Support / helpsvc][Stopped/Disabled]
/ C- Y6 I0 J' A* E
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>+ j. s3 [) G7 t
[Human Interface Device Access / HidServ][Stopped/Boot Start]
# s6 R, v" R$ B! P9 N# X
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>8 S/ W8 g, ~9 c7 }( @
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
1 a! ~$ I' J! b
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
6 ^8 _+ ]" ?8 w! h& X. J# x
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] I5 k) ~8 J7 l8 F0 ^. e0 O' r
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
* \, p* @$ d5 Z3 N0 P
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
# o+ p$ C/ v7 H) _; v1 q* }
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>5 o+ }! B* m. h" q/ u3 B* E* c
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]$ L# J9 n& k! F4 T
<><N/A>
6 I0 W4 w8 y! [# h) u/ h( m
[Qvod Terminal / Qvod Terminal][Running/Auto Start]2 k. z" G. w, h8 T
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>0 y9 @8 x5 r2 t8 p( [
==================================- \4 i/ U6 d. C7 Y1 h4 f8 c3 o
驱动程序
, x( A2 H$ g; }' ~& i
[22j / 22jn][Stopped/Boot Start]& O3 t1 _! g2 z# \0 @
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>; E" Z! G8 \: D. V0 b0 X- @3 s
[360AntiArp / 360AntiArp][Running/System Start]
4 y: L% Y" S% i' p) M5 {4 [6 Q
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>2 c/ k b- V6 D" {+ ?
[43ec / 43ecu][Stopped/Boot Start]% m, O E( Q+ t Y( ?9 W6 f
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
9 |" ?, t9 F V: g& t" k; L8 D
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
$ a. }9 @. v1 t# ~9 Q# C
<system32\drivers\ac97intc.sys><Intel Corporation>, v$ F- P' m M1 \" {8 Z" y
[Promise driver accelerator / bb-run][Running/Boot Start]
8 @" b" x# `8 N: w
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>4 ]& z* J$ M: j1 h, ` q6 B/ N
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]6 k' F$ J+ }* b( I }7 C# B: w$ `0 u
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>+ K1 `( {7 O$ K% G# g$ N# L1 g% t0 V
[KAVBase / KAVBase][Running/Auto Start]
& \) ]4 O& l8 ~) }& _/ Q* V
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
" U% t2 R6 k/ v. t
[KAVBootC / KAVBootC][Running/Boot Start]
- b2 p8 |6 N; b0 q3 z
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>/ m+ l1 n6 K- a8 K" c- ]
[KAVSafe / KAVSafe][Running/Auto Start]: Z& u; }# X( ^+ P: [) w* \
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
4 k3 ]4 T. _6 l0 C: Q
[KNetWch / KNetWch][Running/System Start]
6 ^' F3 S5 o$ e( t
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>1 y, k) e1 r; N2 c6 V
[KWatch3 / KWatch3][Running/Auto Start]& u# Q# }+ Q! V" u& g% r5 A" K
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>3 Y3 S6 ~# K' d' J! V7 w& x
[ntptdb / ntptdb][Stopped/Auto Start]5 @7 g" k- m. H7 M; E
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
* W3 i, b( B9 K2 O
[nv / nv][Running/Manual Start]
. P3 {8 `. O1 a" h6 X
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>& j! z$ v. _% t6 C0 U9 B w- z
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
/ Q8 N8 z7 c; P% F5 W& v" Q! G' m5 |
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>( c, E# j& l) Q4 w
[DDK PACKET Protocol / Packet][Running/Manual Start]" }( {) J% D6 S q" _
<system32\DRIVERS\ProtoDrv.sys><360安全中心>0 P' B3 v0 m' d2 M* D. e3 E
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]% W0 a& `0 w# K) X' i, {" W7 @+ |3 ]
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>1 g# @. K% {0 x5 J% h6 t/ E% i
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]1 i: t" {0 z0 b0 y6 e' g$ X
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
, q% t4 v8 y8 \% }
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start] U' g1 Z& g \2 y& w
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>- p6 z0 }! `; y* y5 `/ ]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]( C! F# U4 p8 x7 e! a
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>0 V: Z, n6 K! o8 c" t
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]" J" {! C9 Z2 r" n/ c
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>& J2 @- V" ^3 N5 B( f
[Secdrv / Secdrv][Stopped/Manual Start]
# ?) [1 z8 J1 c% ~0 X) A
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>& F7 A/ x& V; Z- [' B
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
/ w, N- b3 T* b* `
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
0 {9 E: w) ^7 O$ @8 q; {2 j
[System Restore Filter Driver / sr][Stopped/Disabled]9 `- p, n6 d4 N7 U/ b
<system32\DRIVERS\sr.sys><N/A>
' `; f" o" t5 X
[TesSafe / TesSafe][Stopped/Manual Start]
8 s% y! }; c( r4 Q
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
3 J9 y7 q _# v5 \2 M
[System Services / unzxzsrs][Stopped/Boot Start], u R- n7 V- V* S0 b, ?6 @ m
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>5 C3 q- y2 J6 _7 s( s; r3 C; q: Y7 }
[ViBus / ViBus][Stopped/Boot Start]
( W5 i" s8 G( R8 D
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>6 M6 \1 x ~1 d" T! j
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
7 D0 O1 D! G$ A! u! R3 W& W
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
2 t4 {) W2 i1 p3 o: Y" @. y
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]- P8 h3 f% |% O) l: e o- k8 M
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
Y( P# Y5 [6 R+ j( a
[ATI Extend / zhibmaso][Stopped/Boot Start]
& |) Y e! v! N& X$ Z
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A># e" ? P0 m% z+ X0 A! {
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
n: @5 G! n5 C6 I1 y, s
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>/ _9 i8 M3 n' I& z$ X" M, B
==================================3 W4 q( j6 J4 e+ c; m
浏览器加载项. r; X8 O- n4 y. P3 q* x
[Google Toolbar Helper]% D o1 o0 t4 s* W9 o
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 j3 p! l' f2 f2 A( M
[Google Toolbar Notifier BHO]
9 m, x) }4 X: l8 q& L. W5 A' M
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
# g' N0 U, |: D- J2 X$ f& Y
[SafeMon Class]
; m* Z4 H# a, i! Y, N: I' S
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
/ u; s( v, ]" A+ x
[kingsoft browser shield]* a8 H; u, D) r* I% M/ }8 w: g7 \: R
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
! e: A* P# f* T' X8 y
[IEBuddyExtControl Class]
) Y5 ^3 t$ m( B% ?9 k: Y
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
[Zcom 杂志]
; h9 _5 t% j* ?# F/ D
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>; H, G3 Q" l* {2 o% X6 x
[&Google]8 U- v# S- @& c
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
0 {, A5 F3 C' _0 M4 I" Y
[KooPlayer Control]
5 N; o1 D9 o. t6 H
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
, b* J% N/ G6 N$ m- S9 T0 i' q" [
[Shockwave Flash Object]
% d! R# c) l1 y5 C0 g: G
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>( g, h7 w& t! C7 H+ `! c+ i. b) \
[KUpdateObj2 Class]
: L/ ~& H5 j! ]2 O
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
4 B+ g* z2 q7 p$ p6 W5 Z
[Google Script Object]
0 K% l' E9 [1 @6 O9 W+ k4 f/ Q/ K
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.># I+ J9 z9 ~, g$ s P& s4 T
[EWA Control]! T: |$ T8 t, x5 h
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
( U8 \" ?; i8 }9 o' G
[Windows Media Player]8 S: G: M/ K1 a! M. s+ b
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
+ a7 _; y! b0 t: P
[&Google]6 a4 i7 m$ L& w. ]$ x1 @5 r% ~
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
7 F7 {' [4 Z L3 _7 I2 g
[HTML Document]
$ \+ r, Y. l1 q5 D; F
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
- x0 p F# o! n* \' z: D% R8 g
[DHTML Edit Control Safe for Scripting for IE5]) f3 q, b: u* ^ o: W! y' l1 p) H
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
) y' r/ O; T# k1 g3 W4 H: O' U, n3 \
[RealPlayer RAM Download Handler]4 G0 }, `5 n4 Z; ]# M/ f( I
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>. l# N: f+ b( C: S7 W1 m* j8 I
[IEBuddyExtControl Class]
9 S+ W U5 g- W5 ^
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>) y b* j9 R: A% K9 {
[XML Document]; c8 N! e# d. ~% ?
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> @$ B [' J y% h- T
[HHCtrl Object]
V, O/ t7 E8 H
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
9 Q9 w" h7 I, B) U. _% d5 B
[Windows Media Player]
& B9 U1 R V4 U6 ^
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>- v1 H$ S& \4 F, I7 [* Z
[Active Desktop Mover]$ @ ?+ C/ l" J; j+ }6 [
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
4 ?' C8 ~7 a2 `
[360SafeLive]6 X+ i7 \5 X X! _2 t1 n: P
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
( _5 j' m; k+ d, Q$ g2 f+ W* |$ y
[Microsoft Web 浏览器]
5 f: _9 x$ e1 C
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
* t( r& b1 I- e( }
[Browser Enhanced Objects]& D$ q# u! N% C A
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
% S/ b9 e& Y; f' E9 l2 y
[Google Toolbar Helper]
j+ t7 Z# E: H$ N
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>) v8 p: b; @" T6 F
[Microsoft Scriptlet Component]; L# J9 ]1 w( Y+ _! c. k- E
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>" m* I2 `" I" h* I7 w
[Google Toolbar Notifier BHO]5 Q) X' ?7 p& ], p) d5 d
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
' M1 r0 ?% N8 G
[SearchAssistantOC]
* q/ F, [7 _$ a% x; Q H
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>6 @) I$ _) @* y2 w4 c+ g
[SafeMon Class]
9 K5 F' k7 o# ?6 Z5 E6 | {
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
; S. e+ u0 Z; t0 R) P1 A
[RDS.DataSpace]
7 U$ ~! i! H6 L! Q' X. K5 y
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>1 g, z9 y3 W. B
[KooPlayer Control]- s/ f* ?0 g; {! r# F
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
; C/ d4 ]/ K/ d" l: p
[AUDIO__MID Moniker Class]
$ m5 O* N3 q0 i1 A+ a( I
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; M9 u' Q g ?
[AUDIO__MP3 Moniker Class]2 s1 b8 O/ s0 z$ I8 D+ b8 q
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! p) E% U; R7 K5 z2 s" X: p' ~
[AUDIO__X_MS_WMA Moniker Class]5 ]9 F1 z9 y% x
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>+ p4 U+ J7 h2 i! O! ^, V
[VIDEO__X_MS_WMV Moniker Class]$ }7 e0 v; s; ~- x, B7 J
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; J1 @) d. z9 ]; ~3 I0 ]
[RealPlayer G2 Control]
_7 B0 _+ ~6 U2 \7 p5 t0 d9 P
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
2 ?/ O1 g( {: I* y' D
[Shockwave Flash Object]. ?( F+ J8 t2 |0 Y" S% n/ i6 k+ s
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>. C5 e9 H( B( g% y" m
[KUpdateObj2 Class]
0 {, i; v5 `0 M n) [' G
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
/ w H* O+ h7 ?. J5 E3 Y r
[kingsoft browser shield]
1 a4 R; [4 E& K3 v1 p
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 k1 G! z' n9 h3 `+ n& T
[PasswordEditCtrl Class]. n! {+ h) p+ P4 {! w$ b
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
% h5 m% ~7 R3 Z" g6 T t
[QvodCtrl Class]
9 J- @! [: D6 S( b6 `9 ]$ n& S) |/ q
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
7 z C7 l7 S; r( s4 |
[&使用超级旋风下载]
" B6 O, p( @% Z9 o. x
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
4 G( z! i& j5 S/ Z5 L! F
[&使用超级旋风下载全部链接]; H0 S/ p! s/ l7 h0 o7 @" r
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
& w0 A# a5 l5 B/ b, U0 p5 U4 W
[使用迅雷下载]
/ @8 ~" u% }) q9 E) l1 P; L
<, N/A>
6 h, A# r, O5 Y0 K9 \9 o
[使用迅雷下载全部链接]
! C* G& ?4 C- F4 ?3 _# ?
<, N/A>1 s& P( V' B+ C# Q" b
[导出到 Microsoft Office Excel(&X)]
7 L' m# x6 W( E# B' k, _$ S) K( ?9 l
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
4 A' |1 e4 V2 v7 ?% D8 z
[添加到QQ表情]
2 d" n5 m1 ?0 e$ O$ Q( _* U
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>. d4 y+ T& M, `, O7 _$ ^6 \
==================================" @1 }( c" X* @: p
正在运行的进程9 _, m. ~1 u' H. Y% j
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% A/ X/ N+ n2 n( Q- K4 ^8 ]' p
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
~0 Z4 e) A" X, }0 N4 |4 T
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& m$ I' U) \( {: j; a
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]; y: e2 q1 ?2 z! y: v
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' O& ?3 z! G8 [- y' P
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& a* f: ~. A$ {; A' U/ ]$ Q/ F
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 ~& B- J; K& `9 L( `
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 X+ X% ~* M/ @# Z
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; h+ q2 N* `' `& J1 p5 O/ f
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" M& \1 O; ?* H- @2 v7 |
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' Y! f3 {( p: C" X8 A4 B
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]3 }/ G- E8 [. B; }$ m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
+ v& n# {( e+ G( X. P3 `; e4 K0 r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]9 G7 C6 H- _5 Q s
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
# ~9 T" v* ^( n! Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& t) M4 J) E+ X, d! V1 }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]* s w8 u/ q. p3 `% L
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
2 x" w% ]' g J0 F2 C* r
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]: @* z) |* @7 A
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
; o9 l7 N1 X, k4 _; C1 _
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
* r n% J% r5 J$ Q7 o5 H0 {4 p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 N: r _; c3 ?$ V. D6 B
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- l, W, c" h" L! L
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]' W% S9 Y, g+ r/ n6 I
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
( |4 N3 r5 I, _( n
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]5 l: ]) T' z" O0 {. K2 x
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]) Q% N7 K/ I) O- [) i0 z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. ^2 }4 l& r k7 d( c j1 d* d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
! K2 E% @! b8 r. s$ x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( F( j L% X' q6 B% N! a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: u0 s! E; P1 D
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 L- L7 u( Q% e. ?0 R8 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ o1 a, l* x. M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 h+ k0 M; W- J* f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 B- O/ `5 l$ S. g( D3 X3 B J
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]/ G+ i1 i0 D0 ^6 Z
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
9 B: N5 i+ p# V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 |& h8 `$ o. W; D3 d& X2 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 S; z9 @2 k+ _2 q4 @$ c; S: \
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]% y# L: c/ q& H' m6 h8 Z
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
' r; e! m( y/ U9 {6 d, c
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 j) c' \% `( C
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 I' ?2 |' _. S( {
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, S8 @% m! ]6 m" @$ D' S% q0 o
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]2 J9 i$ g2 D: j+ h- T8 E2 j
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] t, d. N+ b+ P( e) Y
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] Y3 l6 d3 g$ h: ^5 S" T
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
2 q4 f, X- @3 W) U
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]* | K2 L! n7 D% J/ \
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# E6 j; N2 O6 F, B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 O4 w: Z4 h. X% d7 \% S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ M: X+ m6 b, D4 F$ B
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
" j5 Y! c9 ?$ v! u
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]! V/ b0 `( D+ J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]1 {/ R2 w3 y e _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
1 J9 e6 E @6 W! k! z9 k, Z3 f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
1 ^* T6 \. B7 f( h& T7 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
1 ]) o1 {: r+ M( P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
' J' j3 M% K5 n
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]) m$ ~$ y% s/ E: k4 e
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]$ a. {6 u. T, o
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]6 T f7 u+ N q1 @0 l
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] A- {4 f$ v; i- ?
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
8 j) r1 g" I* ?
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
& \! _/ H: M: m* H0 Z
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]( X, g$ Y S& @1 h8 @3 q: W6 ?
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]3 M% j" ? A7 R) i3 M
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
; I1 |8 X& Y) P9 N8 w, a! B
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]- Q2 K3 l( g+ F0 v& ^) z4 ?
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: E; S& I! ^+ ^) a" G1 c2 c
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]' C& L4 x# I. O: J D" q9 D/ h% H
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* D% D9 w" t3 f! f) I* d& z+ O+ R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: W% I2 Y5 T9 u$ y/ H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. V3 ?/ F/ D; n- A9 S% h2 `7 N' L, O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 n6 e" Q" C2 R" H# w- w
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
. [+ k) P9 Y: _ ^+ ^0 v# |4 q1 i9 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 M& E+ h$ b1 W9 j% Y0 a3 @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 X/ p8 b: t( s+ V9 W: T6 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
& Z6 g: \# k q9 ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( s8 `7 r& y/ l. w6 Z
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]2 l1 f& g8 @; ]3 u5 W' E
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]% P' X2 I6 w0 S# U2 J
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. }( D7 D& S. e+ e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) X# V+ I U ~2 W8 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 g2 V7 g% `4 l$ I6 S9 b6 J/ s% K; b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- a# J) t7 o/ H8 B
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]/ ~1 I# R5 h2 w/ e" R- R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" Y9 s7 S, Q0 N6 C8 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 f+ ]: j- t; B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 o3 e4 Y& a& ?% s: W" q& ]3 s* Z. Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 Z# W) y$ n4 @/ {- x+ E( k
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
3 e) @0 f0 B# V9 F0 t
==================================3 E/ n7 K3 s- e+ F" ]* i
文件关联
* j, h m! f/ G& }$ c
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]. ^$ D, e! Z3 O# z. g
.EXE OK. ["%1" %*]( V$ ?2 g5 g8 J2 a
.COM OK. ["%1" %*]- ?! I* Z: n6 o) \- R B9 @* ]' N
.PIF OK. ["%1" %*]8 b4 e" @' Q9 Z3 g' b4 r+ N
.REG OK. [regedit.exe "%1"]4 a" l& y w4 g7 i, p
.BAT OK. ["%1" %*]4 a. q& o( z+ f- L) y. ?( A6 z
.SCR OK. ["%1" /S]
6 E" `& q3 a- k* J& \# `
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
" w6 f- ~9 g- _1 n# _& a9 H
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]& S* i1 [$ U* C- y
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
( Q: ?2 |% j% F T
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]$ T$ X. D2 b& G6 G' _* C
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]0 s1 D0 u/ k2 A7 O! n$ M
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]* ~, @* W, Q- [8 a" D$ }# S
.LNK OK. [{00021401-0000-0000-C000-000000000046}]- ?- p% @2 l3 s6 p& Z# h( e( A
==================================0 u1 H$ q0 l* p
Winsock 提供者5 {# `/ X2 n. F! U0 j' q
N/A+ q# C `& F; ]% M M: J
==================================
1 ?4 \( |' Z% v6 O* H0 O
Autorun.inf+ R: ?4 {, l0 @6 t: |9 T {
N/A
% d' r2 ~; I$ u, I( {3 J3 ~
==================================
" w/ Q# `7 A! s' `
HOSTS 文件! o% z5 X6 F/ A( C- Q9 n+ i. b
N/A
2 W. H+ t! m: B7 i- {
==================================
% p0 ?- k& W4 z A4 _
进程特权扫描
. n5 D6 p2 H+ g- ]/ u2 S$ C
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]: r% j$ [: V( f1 E
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]9 L4 S9 Z9 }; F( E
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]: x6 C3 p ]: W, O* `1 O A
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
6 o1 R5 r, U j T' z
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]/ i2 V6 K C1 ^2 u
==================================" e P8 B# q+ s3 W; |
API HOOK
- L. `5 H7 q2 X
N/A# Z0 C Y( O4 u# @# g
==================================
, Y& U* f$ c2 h3 m h
隐藏进程
0 k/ t; |: O t+ m
N/A
6 I9 _5 C) w+ X; E; n4 h
==================================4 D' G4 N; x$ V
- H B H( g" j3 I" J' B9 G

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115