在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

/ j; y' r: R3 ~$ O
2008-05-22,20:37:43( a, m" Q5 H$ a* z
System Repair Engineer 2.5.16.900
0 {7 v0 w6 U5 o: r! X' g9 @7 ?% D
Smallfrogs (http://www.KZTechs.com)
- \. |. Q- T+ X9 U
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能9 b/ ~2 g8 f0 v0 M2 p [3 D
以下内容被选中：
- ~: g3 `/ M1 P/ e- R# V& C* F
所有的启动项目（包括注册表、启动文件夹、服务等）6 C C9 w9 d$ S
浏览器加载项
/ R9 Z: G; B, p% b1 }
正在运行的进程（包括进程模块信息）
$ |8 j. w4 M2 }' h
文件关联& H+ G7 v: r$ Q4 c; f2 o: O
Winsock 提供者; H* p8 G _$ {; T* W
Autorun.inf! _7 g7 B9 ^- d- T; N3 X( i; O h
HOSTS 文件- _3 m8 W. Z+ O; @, l
进程特权扫描
, M/ C3 k; `% [) j+ c
3 }- z# I, E) S0 B+ s0 W- j* I
启动项目! x! D; p, F9 W1 z0 Q; h3 ^
注册表% W* t- P% c, D2 B% M
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
+ a3 C9 N% z% T! G
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]# h! n* d V' I( f1 ~
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]# h- R9 [, W: J( I
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]& O( \' t7 X! Z
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
( E+ Y! }# v0 U7 [- M- M+ {
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]# ]$ h3 b+ c! u# I
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
5 v7 ?, N3 R/ d! V
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
- }( b: H4 _' F1 O6 G) z5 L
<PHIME2002A><; > [N/A]
. U4 K# X# p4 F2 t& k( }
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
5 i1 J/ w) E: ^
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
5 e. q! [7 e% k# G! S' B$ k5 g% j
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]' F+ E( Y% m! K1 g
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]5 e8 I: h# ^; ]: ?4 X$ K( S. Y
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]3 ^2 S1 ~3 y0 J5 {$ L/ [
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]; v0 u/ ?( u" n4 {* `
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
- o3 V* R3 B0 G( Y4 u) T7 M! _
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
: W0 L" t+ k, O( p
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]# l( v1 F3 U G: H( w
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
/ x: u; X* m: D, k/ Z" D4 r! B
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
" q' C' J1 p8 P8 }2 X x
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]2 i( m$ X+ L' p+ l) A
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
+ I' E2 Q6 i! }; n" H6 u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
' I3 [- d5 x* w. F& e
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]; n, p3 {; ~0 R8 y2 M# A8 U- U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
8 R$ L2 O" O# y7 B* z
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]: x. ]4 q/ b1 ~) N$ r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]- ~2 m; g6 n( X) X$ p
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]3 C; _1 B% @1 L+ I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
7 u8 i! o# n" c( p+ c, e, V
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]8 C; _( k6 R% L: d1 B+ G
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
% O$ x6 }& b) U/ U, n& S0 W, A6 h2 h
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]: W1 _! w' ]2 S3 H7 j
==================================
9 [1 h4 }3 q, Z; }
启动文件夹; i- Z, C/ g) Q T. k
N/A
0 h1 i6 E- l7 j; S$ C. g' W; i
==================================
2 A' v- f! |7 I' r
服务! x3 A* n0 X; `) {# l
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
; S N* J( _+ \& H/ F2 }- f5 Q1 z2 b
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
) S+ D) s9 s; k
[Google Updater Service / gusvc][Stopped/Manual Start]; t4 t6 Y8 j2 B) P
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
0 Y" O& W6 y; H+ O8 g( M/ F
[Help and Support / helpsvc][Stopped/Disabled]# h5 [; y4 F! [/ ]. v0 `
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
* p) s9 i) f I3 g- w5 q' L! {: e
[Human Interface Device Access / HidServ][Stopped/Boot Start]
7 |. C8 N/ x1 S. ^% c; {3 K" {+ O1 S9 E
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
* r* W- k- F$ r3 N; Y
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
% n" T- ? J( `7 v; J, p: I
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>6 h! E6 x7 n* ?
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
5 F3 E7 P4 x, S/ ?* j9 h# V
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
2 `9 R& D5 d9 i9 l
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]0 j: G5 ^$ z5 b* I
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>9 b @0 h, l7 [8 {
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
& |, j: g+ o! J% \
<><N/A>& A3 a: o- }, M o% N, i
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
/ [. a1 |0 n7 c* @; s
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
. x, a$ N. Q8 ] `; ^, B- _
==================================
$ H1 x C# F- I& X* ]/ ]
驱动程序
# F# ?# D. T* E! v0 N0 ]" e
[22j / 22jn][Stopped/Boot Start]+ w! O) N# P x" M
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
4 f4 |1 h6 c1 F# x8 e7 u* J
[360AntiArp / 360AntiArp][Running/System Start]; g# _; P- [4 }1 q6 A
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>! f: Y [$ w+ v' A W
[43ec / 43ecu][Stopped/Boot Start]! F/ s# \( y+ Q- \" }7 a
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
& h: h0 e) w8 V' _/ V+ H2 {
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]$ x k) Z: ?$ j- j& Y1 d( e" `6 ?
<system32\drivers\ac97intc.sys><Intel Corporation>
; o) N' l7 `# e; h, g/ T) v
[Promise driver accelerator / bb-run][Running/Boot Start]
+ n* |5 \! x6 ~6 J9 r0 s
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>- k( r6 B" q& Y
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]+ c3 s" b4 M$ S# n9 `
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>+ n7 q# w- p) i6 x* X1 I
[KAVBase / KAVBase][Running/Auto Start]' d! b& U, F8 v2 H$ P, F. r: b
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>. }) ]; v4 F: H/ p, j/ \
[KAVBootC / KAVBootC][Running/Boot Start]# M j) F5 S! F7 u7 p: g1 h
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
+ N) t! `0 E5 e5 T. M
[KAVSafe / KAVSafe][Running/Auto Start], Q5 W9 B2 G# L6 Z' g" |
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
- ~( u# [; c! ?" K( R" e
[KNetWch / KNetWch][Running/System Start]
, R; _1 f; @6 S3 |
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
, s7 ^# q3 L1 J# D
[KWatch3 / KWatch3][Running/Auto Start]
8 w# q1 ~$ J3 S: Y5 {0 @! E
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
6 U* a3 P0 S7 e, t
[ntptdb / ntptdb][Stopped/Auto Start]( @( q4 @. g7 F* |
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
: a) o8 ~) E5 Z5 k: J9 ]" q
[nv / nv][Running/Manual Start]* G0 P f/ a) A, |# b; R
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
h& a: h0 J' F; b4 b- e, G! A
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
0 f5 ?% T4 i1 ]" Z1 X4 F# c5 k& R
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
+ w8 a, `( {/ w- U& m
[DDK PACKET Protocol / Packet][Running/Manual Start]: j: B9 E: a p H3 I/ ]
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
6 @! J5 }, W4 E7 C0 k6 M
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]7 t! L2 {. q1 Q* V5 P. F
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
. v* j0 X H' U0 b! a( U0 r, \4 ?
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]7 _+ h5 q8 N$ m
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
4 w8 a+ }* I6 u4 E
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]# M; f2 S/ m4 j, ^/ Y/ V
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
5 x/ b5 z2 E1 P3 n3 x
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] w- n3 k# h) q$ K5 F8 c
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
) l; J; F% h7 W1 e' V5 \5 p
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
( u2 E+ Z- ^+ x+ b7 b* k
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
9 o4 ^0 V y" T4 B
[Secdrv / Secdrv][Stopped/Manual Start]' x( _; l3 y( m. V2 H
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>5 g% H/ a% h" Q( a: x
[SATALink External Device Filter / SiRemFil][Running/Boot Start] `9 w8 J0 F& O
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
; T! I$ b! h% s3 j. I; h5 S
[System Restore Filter Driver / sr][Stopped/Disabled]. t7 D1 b1 t# ?
<system32\DRIVERS\sr.sys><N/A>
4 u7 ~$ t# [% j/ A0 g& y7 L& p
[TesSafe / TesSafe][Stopped/Manual Start]
! H0 P! T- C; t8 Q( \ z
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT># n7 h* U& X3 j+ m0 p1 V
[System Services / unzxzsrs][Stopped/Boot Start]
! j5 L) Y4 O: y7 [" e
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
2 l2 H* h7 N. ]! U; ^2 Y3 C
[ViBus / ViBus][Stopped/Boot Start]0 C% H1 c) A; M. D5 T
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>$ j" V+ t" o1 n( W, U
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]1 }7 k0 R" Q6 ~% R" z
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
* J1 K2 w8 Z2 Z. V/ X1 J
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]( D. `$ w Y* [0 t3 m1 _6 V
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>4 m8 g6 E* \* O+ {1 }) U
[ATI Extend / zhibmaso][Stopped/Boot Start]4 q, O @& [# I* F9 o
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
7 @) ]$ |1 P4 Z" b$ V
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]" M2 S% T+ y" O# _( q- u
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
3 [" n% C. j* F, ~3 M7 I, k/ r
==================================
~" A; `8 e' I* b/ z
浏览器加载项
1 G; }2 b+ c9 o3 y3 Y
[Google Toolbar Helper]" ?& P7 m2 [7 z; W0 z) T6 D
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>1 z* D; W% u; R
[Google Toolbar Notifier BHO]
- R& L" b0 X+ K: @6 j- Y
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
" K: }: I7 y& B
[SafeMon Class]
3 F- a7 E. A" G$ g" S- y! S
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>+ v- K- k- ~/ v: ]5 c3 }. T* \+ {
[kingsoft browser shield]; p/ y" y8 [$ L# b, u& r
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>! z9 h: J- L# \. L) R9 g8 {% o
[IEBuddyExtControl Class]3 Q4 r2 C2 m2 T1 C7 ?) i% G4 _. G
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
3 {; g/ Q: U" D
[Zcom 杂志]
5 l$ c+ ^: ~6 `8 m( F
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>, P# z8 W/ V3 c' _
[&Google]
+ Q3 \4 N8 m; [& i8 P2 ^
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
( y9 F1 _$ d8 K5 x* U: W$ g+ E
[KooPlayer Control]
1 ~% S$ p( C* P5 @' z2 g
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
+ d3 X! x" c/ R0 {, a
[Shockwave Flash Object]
( m, S. _( b; x0 O4 l* T w
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>0 c' R& i2 H- B% h0 U# C
[KUpdateObj2 Class]2 n3 ?" N: n, j
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>& O2 `4 @$ f B# A
[Google Script Object]$ F$ }7 U1 d0 P+ a2 x/ b
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
% \6 {3 a. J9 w! h
[EWA Control]
6 e& i+ g9 P' N- _: E( {+ K; a
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>+ ?' T$ J; ]( k ?# L3 g
[Windows Media Player]
8 C" S8 J3 M1 x: L: [5 A8 T
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>5 L2 E3 N. o4 L- S% M
[&Google]5 |- ]: W! T" @' [. Q# } H4 c* |
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ V* G: g& t Q* ?/ t) z
[HTML Document]
6 O! @" l& l' v4 [9 w* N
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>4 y! d! Z% N3 i8 `# i; [1 x5 i
[DHTML Edit Control Safe for Scripting for IE5]2 l" }% Y8 L* S( t( H7 N8 _6 {
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>8 h% Q4 t+ s" V
[RealPlayer RAM Download Handler]' c9 K- A1 w" [( [
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>) F6 x& Y* t# |
[IEBuddyExtControl Class]+ S, h2 t; t+ m! b @
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
2 Z) h7 H: s4 p/ z
[XML Document]
. r, N+ J0 a: |2 O2 y
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>4 s+ } w8 v2 m( O1 H% j' ^* r
[HHCtrl Object]
; ^, j, c: ^% b5 L9 ~) Z, n
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
5 }- G/ e r0 L/ Z
[Windows Media Player]
/ `! j" X- t( o7 B" n4 L
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 c* |/ {+ j: ~) u$ v2 m6 d
[Active Desktop Mover]
% a( _# a- P6 n& y
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>( R9 y k2 W" d4 _0 V' Y; \
[360SafeLive]$ e2 V( ~6 w' a' k
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
- R7 p1 Q) \+ b2 v9 X
[Microsoft Web 浏览器]
& I' Y) H# `- Y# t) E' o; g! A
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>- K: E! ]: e' V! b, J
[Browser Enhanced Objects]! @4 P" @$ N1 q( L: S6 D) M. J
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
4 l3 m5 u" k) `1 s: b7 t3 u
[Google Toolbar Helper]
' `# i8 J4 y. d0 x
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
# T0 c; v. G# V; @/ l
[Microsoft Scriptlet Component]# g3 h/ F& x ^6 a8 x9 Y' T) p
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>2 j- I+ h, u9 E' Q4 `# D
[Google Toolbar Notifier BHO]$ C4 s" I3 `( ^9 Y1 X+ o% H
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
( J/ ~# ]2 A2 @* i! |
[SearchAssistantOC]
% O- G( h/ }& d5 ` O
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> i5 ]$ a3 u5 s- C
[SafeMon Class]
. F' R& C" U" z/ g
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>0 }" X1 d5 p& O# w u) b, F) }
[RDS.DataSpace]
2 Q) e Y: P& g# k7 ^
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>4 d9 K/ H- S f9 [
[KooPlayer Control]- r! M1 s2 h2 Y+ C! ?7 |
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
6 `+ u( Z; U. |0 C# S( i! e) {
[AUDIO__MID Moniker Class]+ b: K+ z' o) f% h% d# U! h
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>$ a3 r# R* d; l; d: j+ D5 R
[AUDIO__MP3 Moniker Class]: k+ o' ]# @# h% e" d* F
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>9 b9 w6 m- L+ L9 \9 [4 x8 H1 }
[AUDIO__X_MS_WMA Moniker Class]7 H6 s6 F& `8 A
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>& E" h) p. Q- s3 I& s. T
[VIDEO__X_MS_WMV Moniker Class]
- X9 G5 H8 `4 V4 n
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; c- @8 Q; e5 }% f( ?9 h
[RealPlayer G2 Control]
* M3 V& x7 d8 J( Y
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
/ U" x0 S- }& r* |2 h
[Shockwave Flash Object]% V' B& u2 h, l! C5 C* ~3 j
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.> C: f: I5 ~/ w; o- ?3 o
[KUpdateObj2 Class]9 ]( [/ t+ {4 Y) v! Z5 [1 k
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
% @0 L. C( l& I' L
[kingsoft browser shield]
$ S& e( z+ Q3 q: K
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
& R' D. T, f; J- |( c- e" l
[PasswordEditCtrl Class]/ q' R! a- I( @ r
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>9 }- B, n; ^% X( S4 v& P0 v0 n
[QvodCtrl Class]
^& x7 ^, T& d k5 p
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
1 s& G1 x% d) K5 S) z0 |, A# k: V
[&使用超级旋风下载]
4 I6 y. ?) ]: {
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
2 H+ o6 F$ E5 w5 X3 F, s6 h. L B
[&使用超级旋风下载全部链接]+ C: `/ H$ F! s5 x& n) |3 v
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
! ~" I* K. e1 }3 T) }& v& t
[使用迅雷下载]
6 ^3 w1 K) Q5 R
<, N/A>
! n) c- D$ u1 m0 F* f2 K
[使用迅雷下载全部链接]
- O6 J6 L4 N7 E% U. X$ x5 e& m
<, N/A>- W) G5 _9 X! H0 j t# h3 C# H* K2 I
[导出到 Microsoft Office Excel(&X)]+ O9 @2 p0 j o( \! f
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>& S1 g: a; b9 O( ?- m
[添加到QQ表情]: ~0 n6 O) ^ b' I- ^
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
0 `9 A. y( P5 T" y5 B8 F! @
==================================
: X" j5 w5 d3 J: K( B
正在运行的进程
5 l3 ~' J1 X: u, L: e ]3 G
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* T+ m! M% Z: k" K( J3 Y
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) [7 t9 i. ` g& n9 s6 V, d
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* c, m3 Y4 Q+ G r% M' e! G
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
6 c$ \# f K0 I0 V% o
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) O" ]. ~1 x2 R& C" j( t$ V
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% M0 ~+ S* P5 X4 x) I0 d
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( g- `' Q. x( W& }
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 w* }* M% \4 S7 |. W+ P( v! ~0 k
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] M9 n+ n/ I, `- j' H6 J
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 p* K' \1 W( Y
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 j9 } e: T1 Z8 _8 ^
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]( ]# ]6 p, H# \/ q3 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& n9 I! b |# U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; s8 Z4 ^- D, h! `! ]0 a& Y+ e
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] r- _- s9 c, Y# I
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 O5 Y) J' [# g* y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]. q2 `0 p. P- v" P; V0 i
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
% E& O# D, U/ C. C* y: V" C& V0 Z5 p
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]. W/ y/ Q. T+ `8 D+ @
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
7 R+ K3 ^- E4 T; f9 V& a* p0 V
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
& h6 v2 k( {2 z/ J7 c! v: S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
% _( x8 q9 } @3 C
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
/ l5 {# Y |* v% C) Q2 a
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]1 \1 R$ [ X- W5 E( f
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2], g2 D: u: `' s" g% C- e) E q: I
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
! x5 M# e( N: O7 [
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]) P0 v6 P2 Z2 t; a
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 d$ S% ~* y% |: a& K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 C1 G& N& d- m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], p6 ` C1 l/ n, t, r
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: W: w( k2 s0 S8 V
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 H$ n+ h! w+ Z4 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
D" y5 a3 ]* _9 v! D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
+ A M4 k+ w& [1 J! E" l/ S
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& A4 e+ s' e6 s* g& W2 I4 L3 `
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
" P7 R8 K) ~8 e5 W3 F
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]' L0 w ?" N$ n6 `! ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 X4 _0 W8 _! M9 Z3 j. G9 N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( A% }+ l- K. o- N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
1 E8 }& E* Z8 K: g0 J
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]( W6 b9 W( |: t* s* s# s- R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], B1 f e& o+ ~' h5 N; B) L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 S" u/ t/ ^5 {; ?$ S/ u( G
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ Q0 p; l% Z4 p& X7 H: T" E1 w
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
) u; u R5 {% [/ ]6 ~8 \. q; p
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; h. D8 [: a+ g
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! L" j5 T) U' o& s: M% n* {, n$ { L
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
5 ]% b6 n/ y/ j* ?$ o0 P
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]$ D3 ]7 p6 }( V. d: [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& }3 ~, L$ [$ J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# o) B0 `$ b5 E/ |) z% p0 r/ g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( g5 R1 W q9 \- A( k
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]# s* N1 E: z1 K8 E2 i5 `
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
2 ]5 M4 Z( T7 @# y, [# G1 U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
2 L( z0 k( Y4 q+ n% u+ d ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
( i; f0 q8 H% y, G! z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]# ?: a1 B( o) i8 B, l W6 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]: ~- h& L6 `/ Y; s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
0 P* w5 R% O4 S# A+ g, a6 [; k% e
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]; u6 u5 R' D) @9 N
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]$ A( D4 u5 \. ]5 m# A; t/ D
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 j3 `; I* G4 t: i
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
4 F- m0 n& }' O- x
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]" @( R6 d% u4 _1 C, U7 l
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]9 [$ D) V9 z# U9 s. R2 x1 l6 @. _# X
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
2 X! }6 \+ N8 C7 x* c; Z; B
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]9 t9 K6 ^1 A. Z
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]$ U4 V* p* f, Z2 W5 {: C
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]" \) P) f ^6 s: H U. x' {* |
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]2 B' z9 E2 y$ P0 q( o
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
' r7 n: u+ I F7 J- X
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] v9 x# P: N/ v( P2 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& t) o1 s4 r H' g! l" o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& u1 g0 u0 o0 y8 f; `
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ b! A$ K( |3 j( J
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]$ \7 V8 ^# {% W" e4 S7 G2 C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* n% p* J* d" j. D* J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" z, {! U& h* P* ~# O1 u% ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( H: p( y4 k7 \( r- q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]0 _7 ?4 y( h# L8 S) b
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
6 s0 p3 Z$ t) z' L H
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
$ |' o6 u) V; {8 O. |* N9 V @
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" G4 m! n' `' N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 `8 o2 X2 Q/ C" t5 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]. R# R1 n0 \; P* h
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]5 Q: T0 ^: |9 ]; q) b4 O, g. {6 f- p
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]$ w9 o& ]; y! Z3 i( _9 s9 e
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 Q9 [$ ]7 F/ E9 Y+ Q0 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]7 @3 q: d, N& T, @( A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 m! y" t. r3 m& K3 e
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ M( {' u* z0 Z
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
6 b/ X. l$ E/ e
==================================
0 ]% l& |4 V0 p- B3 S
文件关联
( z5 Q X$ R+ Q6 `% b0 ]" ]
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
1 i+ w1 Z' `: |' C2 d# q
.EXE OK. ["%1" %*]3 c" a8 V0 n* [$ u* Y
.COM OK. ["%1" %*]7 \' }. x& ~ t$ c6 {9 e5 R4 z6 S
.PIF OK. ["%1" %*]
2 H6 H% z0 j/ z
.REG OK. [regedit.exe "%1"]0 o) a( U& w! C: V1 t
.BAT OK. ["%1" %*]
* U& t0 w6 _8 {' T5 a0 x& c
.SCR OK. ["%1" /S], U& }4 d0 y' v" Q+ I
.CHM OK. ["C:\WINDOWS\hh.exe" %1]! J7 @3 X1 A4 N1 x
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]: D4 k2 e, e! o) P/ T6 p
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
! @1 V5 R" u; j# _ }& C- p0 R+ m
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]* ^6 w T0 o( j
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]& T. y6 g' y8 u4 d" s& m
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]* X& ?2 N& ^2 p% g0 o
.LNK OK. [{00021401-0000-0000-C000-000000000046}]0 a; H+ r+ a# r) g
==================================
( N7 c( ^& R6 h1 ~+ r) |* O; Q4 h+ U) L
Winsock 提供者
9 r: C: v* H* j. v* }& u$ J
N/A: D5 P4 K3 m. a8 g/ ?2 h; g
==================================
& G+ A; m# g; q- _# ?* B( R
Autorun.inf
* q8 I2 J" F8 x7 J, Z9 [
N/A* |0 K9 [- t" I; T2 _: M- s4 ^
==================================, X% m1 K+ }* |1 R( q
HOSTS 文件( s2 w* \. e6 \; h
N/A
0 }6 B, v9 c$ J, ^# d y
==================================
! z8 }) Y' K) y8 S, p, b$ i2 u! D
进程特权扫描# k# q4 @+ g ]% H8 U
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]& j3 A# b' `+ }
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]# d1 q$ _# O- a% y8 Q
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]% E( C5 W; d1 A2 ]; c& \+ e: L
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE] ?) p- P7 \" P' |* k0 u) _
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
8 o' m* ^( C& @
==================================- K3 W9 v" ]" P& h( ` G5 t
API HOOK3 z3 Q2 s3 H! _& h Z
N/A
9 ]- ?* \) m( Q& [+ l
==================================1 F5 c. M" t. S6 Q9 k2 Y0 Z
隐藏进程! U D: l. [4 W9 O7 j
N/A3 k) a- G+ h0 b$ Q
==================================8 G& ?. O) H- t; _5 K0 z' `3 n
6 ~0 ~ _) |( l3 x% d& K: C) K

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115