在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

6 W+ {6 o8 Q0 P0 [1 S {6 `6 O
2008-05-22,20:37:439 n; A" ~, s/ A8 {$ y" T
System Repair Engineer 2.5.16.9003 \2 ^) i* x5 f; J1 O7 \- E: U
Smallfrogs (http://www.KZTechs.com)0 N7 i; R' s# F6 a9 s
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
" \" ] r* K' w8 \
以下内容被选中：" X9 E, n/ S) Y0 w
所有的启动项目（包括注册表、启动文件夹、服务等）
! r8 f! p3 @ G
浏览器加载项: ^2 a( }- T1 s; I
正在运行的进程（包括进程模块信息）3 S# U* C8 i' v. Q
文件关联
$ n2 [- C& ?1 T, T
Winsock 提供者
) }0 t- N0 R8 B" E
Autorun.inf
" R5 P$ A0 B; e2 [& b
HOSTS 文件% Z4 V# Y* O' z/ L6 g
进程特权扫描) l/ f0 |) y; C
$ u: V2 g/ E" _9 \; T
启动项目' f) `& Q1 b1 R9 u; F5 Q
注册表9 S& N. B/ Y+ d$ d
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]* }. q0 d+ r' w: k3 E0 J2 v
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
. H9 [2 k) R& @# J4 m- y ]: @4 M
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
. N% g( E; V a: `$ A
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]& u2 d, U" r. p0 `( s* A* G" e1 u! `$ X
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]6 X- L& D" W1 Q) b) B |
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]3 g/ h2 A6 U' e6 K# O" h; Q- k8 Y
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]$ _" ^+ s, I5 x* F5 f8 _! O: O3 I
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]6 Y) |+ O7 S% ?1 @2 J
<PHIME2002A><; > [N/A]" M% R8 D2 W& M, s3 k& V1 t: @
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]: P: w8 _, f \. ? x) O
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
+ q: \" Y* `7 s
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
0 n. z, T1 K* |8 F n, F5 F# g, Z
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]; @$ S0 ~5 A* R Q: l
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
( i. D+ b5 V9 H* Q' ~; J: _+ ], H
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
+ }# O g1 C: I# T& E4 Z: ]! z
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
6 |) B2 j/ S# B0 x1 L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]/ x, r" n- S7 S! t, g6 H% t
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]" y+ w! T& W( F% O* |. u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]; Q& W4 P" k" h) f' `5 N& O& U4 s$ ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]& A3 f" a/ {7 S2 j: p! r: R
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
) O3 M1 Y! @6 e) d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]+ y2 B3 i) z5 l
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]) C7 U7 N$ C( J1 U# g! ~( F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]: U- ]$ c7 D, V9 W3 F& R% T1 j7 z
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
( O# \3 u; T. ?( F, i& o/ B
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
) ]. d2 |0 Y6 ~# p, `3 |# [
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]& A- q3 M2 ~5 @, k
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
+ t5 a5 i0 T* b) L: B) }# K
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher], K+ J2 U" F: H
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]5 O/ _2 C( F( e- V
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]; J, H; c, `) K
==================================, N6 C/ X$ J' O* Q
启动文件夹
& M% b; _' @2 S N8 i4 k
N/A! t/ x- w; |: o5 p/ q
==================================
; D" D7 O% L% n' z8 p
服务6 a: i h! Y! t" k' R
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
& }+ ?! O `; n! Y s* @6 y% X
<C:\WINDOWS\System32\3wareSrv.exe><N/A>7 v1 D0 G- c5 A4 x5 z" u
[Google Updater Service / gusvc][Stopped/Manual Start]. r* b' A3 T) B7 ^2 V
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
. A$ n* i, E* B$ j9 s3 x$ K
[Help and Support / helpsvc][Stopped/Disabled]
8 X4 |0 O; ?5 V' x9 e$ O/ i6 ?
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
- v* T4 \6 N1 {: h: L- f1 X
[Human Interface Device Access / HidServ][Stopped/Boot Start]
% _# J% c6 g2 k9 U; c$ J, b) g
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>3 Z$ i7 t* Z* L# a8 X& N
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
* q( Q1 p( U. H$ x" ^4 M
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
: k' }! o7 ~1 o/ V. t% s% Y$ d6 V# j
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]; j, V0 M9 x" W. @0 @8 u
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>1 O+ ]& {4 S' K
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
+ `; ?' L/ Y* Z8 I. H' \/ a
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>% d" J0 Y( D7 f& E0 P; K5 N' s) h
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]% y2 i1 ?0 V" O$ Y* F
<><N/A>
, V4 z+ }' b- T' e j
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
# H$ k6 [2 n, j; ~0 x7 n5 i5 ^
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>% f2 `& n% Y/ ?
==================================
- I8 X& K6 U+ |( D% P- K4 \6 m
驱动程序
5 N2 ?' [/ u, R, F8 V, v
[22j / 22jn][Stopped/Boot Start]
% v+ ?- s. e$ G D6 H* v. F
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>* h8 T5 d3 y" J. [- Y
[360AntiArp / 360AntiArp][Running/System Start]) u; L: w' V; [/ \. y n A
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
+ g8 p& E* X6 r- e& s
[43ec / 43ecu][Stopped/Boot Start]7 m- z" c/ Q; N1 {+ \
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
/ C; V+ h2 y Q. O5 }8 Y
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]: s! P5 x4 S5 F2 s+ ]1 F
<system32\drivers\ac97intc.sys><Intel Corporation>0 U( D8 E9 P7 z
[Promise driver accelerator / bb-run][Running/Boot Start]
8 _7 r+ F! u+ ~# F" m) E
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>" E( D( `( _; I. v [
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start], T& O: B& c( Z' J2 b$ {0 b; J, t
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
$ j# c4 s% g3 \. O# G' N u
[KAVBase / KAVBase][Running/Auto Start]
- Q0 h7 K* e: _& Y! `
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>+ ^2 F5 T) O. | x4 p
[KAVBootC / KAVBootC][Running/Boot Start]8 k: ~7 C8 s( J* Y3 J
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>' ?4 L2 s: y- b4 s
[KAVSafe / KAVSafe][Running/Auto Start]
4 v+ T* \- M! Q, m; x& e
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>8 u6 F% d9 L% }2 E5 T9 P
[KNetWch / KNetWch][Running/System Start]
' \- ]# G+ z' V( K C# l( K
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>' |" _# p1 ]( T, K1 d+ q" T( D
[KWatch3 / KWatch3][Running/Auto Start]
) \ s3 _. ]6 d! c* I4 |' r
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation># `, p6 p+ c3 v) w9 d$ {
[ntptdb / ntptdb][Stopped/Auto Start]4 u- _" s2 N: W6 z3 y# j
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>& C9 O/ I' J/ U; T6 `3 }
[nv / nv][Running/Manual Start]
/ j+ @. o5 N! A) L
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>+ ]; J! t5 X6 h9 ~' J- A# J
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]7 f4 z, T* Z- S: a4 u/ [6 }1 g
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
+ f0 P$ ~# e$ B8 ^7 {
[DDK PACKET Protocol / Packet][Running/Manual Start]
9 n s0 B C! A1 k( E- `5 E
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
- ?. {6 f; m- h1 i9 I
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]5 @, L/ s* `- O% R
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A># v! }4 _( r8 d) E
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
% E0 j0 s3 n' T" g
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
5 B9 Z5 [4 J. N+ p4 O% `# o8 k
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
- x# X1 m) B+ x5 l
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
+ R7 |3 V6 j3 J) N% m7 r
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]' ^0 \$ l6 I% U4 O1 w3 E+ g2 u
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
0 n( r6 ^% P% ]& _; |
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
1 D% p3 h! \6 V, h
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>7 O# T0 s8 N( r9 Z( b
[Secdrv / Secdrv][Stopped/Manual Start]
4 Z6 Z1 c* Y6 T7 x8 H C
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>( _! \( x# r) C9 f4 ^' j0 R
[SATALink External Device Filter / SiRemFil][Running/Boot Start] \; |+ U% F+ M' j9 q4 d( W. X2 n
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>6 Q) g, E' A+ s
[System Restore Filter Driver / sr][Stopped/Disabled]1 l7 `- y q% O/ t Z
<system32\DRIVERS\sr.sys><N/A>
7 ~) c2 ?3 N% A5 g' Y9 D& ?/ z
[TesSafe / TesSafe][Stopped/Manual Start]
. _( K6 o2 _# C3 D
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>5 U5 x: C: t3 m I2 Z
[System Services / unzxzsrs][Stopped/Boot Start]+ {1 P' v' B* q
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>9 }5 }% \1 X# D) B
[ViBus / ViBus][Stopped/Boot Start], z2 ]$ j- D9 ~, y0 V! e
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
- @- v& ?- X8 n' y$ O3 M1 d; d
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
2 w4 A: t& ?( _9 y. y" h8 r0 g
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>! m. i: }1 w2 o& F* I0 e1 J$ x
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
7 t/ T* ]) C) X
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
3 u: x' d8 I/ N2 l o
[ATI Extend / zhibmaso][Stopped/Boot Start]
5 S- M2 F, k& W8 A9 }! a; Q2 E
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
% v! k7 j5 i! i7 G3 t# M( u9 }) R* I
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]3 ?* Y, n2 ? {. K& j# j
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
. r& z2 t2 S/ Z' N6 ~' r
==================================# F4 U/ N0 H5 I3 f) E+ ]
浏览器加载项7 _8 v& [* F$ X; T* B o6 O8 b6 A
[Google Toolbar Helper]& V; ]4 a6 t/ e. Q) z. ^( o
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>1 J7 ~" W( w% U( t4 m
[Google Toolbar Notifier BHO]
7 x2 k- }5 S8 B) b# K7 V
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
, `6 E. k& Y* Z! E. q1 {1 X
[SafeMon Class]
4 u: _" R1 S; A8 [- v
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>- S* i4 r7 | K. H
[kingsoft browser shield]
' \& B3 w! O! u& S
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
( J7 z+ J, N6 ~* T5 F8 X3 G* S& M$ ]
[IEBuddyExtControl Class]
# _! ^* N( A8 n W1 ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>) [5 H; i! t7 p4 G1 v( [4 {4 c
[Zcom 杂志]
4 m! S: \; v) w) b( q4 C& l
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>3 V' q& J9 C. H! S$ S5 i9 b
[&Google]6 R$ A! [! ?2 |/ ~. K; ~
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>3 M2 x$ J8 Z' Y6 ]) x& h9 z& K+ s; s
[KooPlayer Control]
* f+ w; x' \+ B" n9 F
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>2 E% R$ [$ ^3 }6 D2 [3 T1 Q
[Shockwave Flash Object]
9 h- G" x ]/ ?9 s% Z
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
5 I2 @! G7 K! |7 d
[KUpdateObj2 Class]+ d: Q c. g) ~
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
1 J) X; y+ H3 e3 \
[Google Script Object]
( p# Q9 G: f9 D y/ h6 X! ^3 y* z, o
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>+ Y1 G; I/ P& v) X1 P, s4 f
[EWA Control]
1 G- T, F7 f- u4 c: }, N! R; x/ m! v
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast> C+ T3 G. P* a
[Windows Media Player]
, m) j: R X8 b. m
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>- {$ z: i) j; E4 |" R
[&Google]
6 {6 q" X; @6 N) [& V; a3 V' Q4 f
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
5 I. o4 u1 q, C4 q% T8 [
[HTML Document]
: c" ^$ n) |( l0 d1 H, O/ i
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>$ j- X: ~/ \# J4 Z3 ]- R
[DHTML Edit Control Safe for Scripting for IE5]
$ P/ q0 a8 Y, A0 i/ l
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
6 ]8 Y7 g' J0 r5 t: N5 B
[RealPlayer RAM Download Handler]
$ W6 n/ p+ c- I
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>7 `1 j( M0 x2 V e, L& H! R
[IEBuddyExtControl Class]
1 r/ Z1 h8 }; T( I! e& Y
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
$ R! B0 U# }) `3 e- u: m
[XML Document]) q7 A8 U. Z" y; |. Y: E* X
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>* h' S: `+ O l1 C9 |+ n3 _. M6 G
[HHCtrl Object]" D1 ]* H% N. Q1 x( b- ?
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
3 A: I$ D; f: l: l3 u; B. ]
[Windows Media Player]. U$ k0 f1 e1 ~% L6 ]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
; X; I: ^* Q ~4 e8 a; C
[Active Desktop Mover]
2 C" `# l) V: C- f9 T5 \
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
2 r3 V4 U% ?1 `- L& g/ ]
[360SafeLive]7 Y7 n" U% Y2 V, f
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>% O ]+ T5 y- z4 f: H+ ^
[Microsoft Web 浏览器]& C$ l/ G+ x) l8 d" X K: I! |" g
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
& I3 r9 ^/ |2 R
[Browser Enhanced Objects]% `- L2 @& n" W( k. w5 O! F
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>+ K- A* c; b) j3 [' p& g
[Google Toolbar Helper]1 n$ x3 n; k/ S) r" _6 _7 R* {4 _2 v' S
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 Y1 E7 E* E/ p' z
[Microsoft Scriptlet Component]5 H% t- _; o" ~7 q
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
6 p8 O5 Y: q# ?4 X, I# w
[Google Toolbar Notifier BHO]
$ x8 |9 y7 \% M6 g" S
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>* L! a: y( C0 F* n
[SearchAssistantOC]" }2 i% H. z0 A1 m" }+ P t* E' z
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
: r* v) H6 x& i! F% O
[SafeMon Class]
+ f" @/ B, A% k$ |. I @0 ^
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
1 H4 T$ x: ~1 M1 \
[RDS.DataSpace]
2 J2 f r" D" V0 b
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>, Y7 }0 |" j' A% g) Y. X% K
[KooPlayer Control]% E8 y) N/ q8 [" X5 H, n: P9 X
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
7 ^. G/ b- ?& d. y* V
[AUDIO__MID Moniker Class]
! W `, [7 B7 X
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>4 {, B& I. r. F* V. M2 O- e# ~
[AUDIO__MP3 Moniker Class]
& n0 C% D( b* G8 p* b3 `
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
# H8 e3 N" |3 S9 U5 o: ] J% ~
[AUDIO__X_MS_WMA Moniker Class]2 n j( f$ B& H* J
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
: v; [% t# O( q& l) j5 E) r
[VIDEO__X_MS_WMV Moniker Class]# F- y; o' p% L5 S @) D2 j/ P
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
0 Q, q B5 y1 P" \5 R) d
[RealPlayer G2 Control]
, a( K! w' f, h! O7 P. C1 H+ k+ X
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>' [" J! j8 Q4 }3 k$ b# A; f; C
[Shockwave Flash Object]
; K4 U* P P; @; Y1 w
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>2 R6 F% l* j! Q7 T& E6 L* S
[KUpdateObj2 Class]* t o% ?/ @1 W
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>/ B u$ J# e9 a7 K( Y" u
[kingsoft browser shield]
7 D- G; L, C7 [7 l
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>8 X! t- G( M( s! Z- R d
[PasswordEditCtrl Class]
. Y# m% [" Q9 t. F+ m: z, N
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>3 g, a; C/ Z& C3 a
[QvodCtrl Class]
! B" b, {; B0 E9 \2 s& l) r. T
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>) v `$ R1 U8 W* ~6 h/ e0 [4 T
[&使用超级旋风下载]+ \3 p+ X g% d8 k2 f
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>+ u6 x9 m) t9 }4 p. e
[&使用超级旋风下载全部链接]
5 b K% `- A2 ?7 p2 l- t
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>5 J6 ^8 `- W; `! `5 G6 L
[使用迅雷下载]
. @2 I6 r- |! t) L$ |0 s9 a. J; q& R
<, N/A> b3 u* Q9 N* t6 g1 R, p' H: E; T
[使用迅雷下载全部链接]; W) r [ j- x+ v* z3 H$ g
<, N/A>
& G' t! Q' j- s% ]
[导出到 Microsoft Office Excel(&X)]
2 e' _- _# T2 w0 y5 {6 d
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>0 i! c4 c# r& ]! U
[添加到QQ表情]. w$ @' v3 B: N% a+ R
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
+ J$ e/ L, a0 D
==================================3 q: |; r5 i' W) ]1 D- X
正在运行的进程* E" X. }4 i4 ]8 H n
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 p3 {% s% m: v) B0 G# E6 r
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: k1 o: l& w7 P2 F
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 r. ^& }& _3 E9 C9 t1 N, o+ x
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)], k1 t/ H' F9 N& h( U
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 s3 `3 w; W. g n5 h% ^9 t
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" C, W+ q3 J) v$ k; L
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 D+ E' Z7 }! g8 S; v4 f! x! M
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
, ~6 i4 |. O, \- N% Q3 O
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 Y) u2 ~6 O V: X: e
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 W* C2 M6 @3 U2 b S
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 l4 |; T+ o6 t3 L% w, y
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
2 q2 T) G0 @- C9 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
! G, h, J3 G! C. b5 }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 X+ ^( b1 P; A% u
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]2 ?5 n' L, ?* h l9 Z5 D
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
, \7 D& ?# Q) r0 J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]2 Q% ~6 L6 I9 ?. Y. p
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
: ^- `2 Y6 s T+ u. K# q$ V
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]( v$ k* V# ?# n2 n( E
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
6 ]( P5 M! Y3 {0 M3 a; S
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]3 F1 E; ?+ ?( w( N
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 R* N' R" W1 ~ C- h
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
# ?- R& F/ Q6 t1 s, c
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
: N7 O% Y9 b' v' E0 T$ J! G' q
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]' @& U- X% @/ J. J# u
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
- g! |, X! J- ^8 y, E6 [
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008], N, V$ \/ y1 G. q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 Z3 n% f: v- \9 L. f+ d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) f8 W3 j7 c: Y, k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]% D# Y- |! `% ~' @
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 E4 O, d( j3 f) p: T
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 ~% _+ N" t+ r; T( F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
; {# h+ p% Y; E+ @: N* X" [2 a0 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
! l+ ^7 T; s7 h5 @' }2 V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]4 L- n6 K9 W8 c
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
/ Z- |4 n% L2 F" w; `& S/ g
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]9 ^! [7 c. Y5 s w7 X, e; z, H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) \7 D- |) W- a% g% F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 a" x5 g3 [. o2 R/ T8 m" v! z# [0 A
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
* i% f2 `; P/ [0 X$ x
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
1 l6 f$ G8 n8 |- L5 q: }
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
) f" i' [: E9 c+ X/ O# Q5 w. a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- v0 k2 N1 d8 p
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 r$ d7 H2 R, K( r* \ v& d
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
, d4 j/ R9 B0 W, y
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) M. M% E- _2 l. S; C
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' X6 l2 d9 ]) ~: C9 f
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
8 z- i# n, J5 e4 M
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
7 ^+ f! ~8 f" p. n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]. s% z6 g( j, Z2 g( W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]& i7 A6 ~# W- a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]2 U/ f' T; E$ F# Y# f( j' W
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
; L: a5 a% N' N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
0 E0 P4 e5 D9 j9 o3 q( u" O8 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
( F9 i/ T, q- Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
" s/ {3 f6 A: [* l& K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
2 y9 N0 B$ F) J) h8 H6 H4 }! p/ ^: V6 z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
5 u* r2 @+ e. s( X6 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
: M3 F" y1 x% y6 l
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]9 ?2 g, O, G1 U# `- K
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]: S9 z0 Q2 W! i! w( ^5 T
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
/ H, q; c1 Q4 ]5 D7 r, l
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 d% U2 `+ o6 z5 P
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
7 o y" A2 b/ i+ N8 ^' n
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( i( p( I- f# Z; Y; s
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]! l& ^* d' g/ G- ]
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]4 A% q/ g( }3 ?4 ?$ g- E
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
/ }. s( \, G& i M/ K
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]' n) h- [( U3 x n$ q! H
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ h9 V5 c. N7 c, j: \& M
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]# _9 ]% K2 |* R' r+ w: b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 ]# n/ H# |) L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' F! d7 G. R0 P2 w) P0 A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
$ ~& ^4 R% n, Q# @" R4 o W% J
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% q1 ?! s) ^: T0 e! N* _
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
: c- s% t. C: B2 V
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* H9 P i& u: U" ?* M' R' D% I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( }2 n& R# I+ P$ n; o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, T- I5 {3 L5 `: @; s& _ M6 e: o. Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]$ ^1 ]* V5 l+ t" V) s
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]% l) G, a7 O+ d" I; A
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
6 ~0 o$ L. Z) E+ T. M/ `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 R( C. C* Q( Q+ G+ W% d" ^6 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# k! M, ~4 d& Q n) f+ ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, W6 h$ U7 n0 H9 }/ y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]0 ^* f2 s( S) w, q2 ]' P
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
% J& S% _. U- t) U3 ~
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& f- ]2 ~9 O; T# ]$ o, o" N& ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 a4 T( ^) Z5 o6 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
- x7 H0 a; K9 a6 ?+ E
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 A/ C7 v* i: z( M% B& e; z ^
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
: U% p( e9 D' \/ q# M( m& ~* e% l
==================================
7 K) C( y2 u0 R, ^- Q
文件关联* l1 P5 l2 H+ r$ s! A: u$ g
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
% ~0 d6 a: x( z# f$ K
.EXE OK. ["%1" %*]
# T: _9 ~/ n6 ~
.COM OK. ["%1" %*]2 {2 B, G0 _( Z' w0 o& D, q* T5 s
.PIF OK. ["%1" %*]
0 t) G+ ^) [+ L4 m3 G
.REG OK. [regedit.exe "%1"]% n' y+ x4 f! f5 @1 T* Z S! q
.BAT OK. ["%1" %*]
' Y& S ?4 Q( h. u9 D
.SCR OK. ["%1" /S]
$ a5 ]3 b* K n; R6 ~
.CHM OK. ["C:\WINDOWS\hh.exe" %1]1 \3 F5 J& P& I f1 D( x; H
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- g/ p; ]0 ^" ?4 K: V& {
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]$ P2 l! z, u# Y. H" l
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]1 s. V- J# O2 e& D) q
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*], s5 b1 f& g5 P+ p" v
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
7 U& T% D$ w( [$ c, j% q0 s
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
* o: L5 Y9 l( t1 @; ]% K
==================================
9 v9 o0 g: R% l5 |3 I# ^' c
Winsock 提供者
: _/ p# U" e3 t* K0 b& V
N/A7 v. g6 }+ \& \+ Z) H2 _$ B) r h
==================================
9 j2 Q# W0 |# J' a
Autorun.inf
" Q. _4 X/ e# @) Y
N/A0 N" A! f4 Q6 W2 h" c7 u, ^; q
==================================
$ j+ k' p* K" Q; c3 ]! i' ?
HOSTS 文件' M5 Z2 C, \0 o8 ^- S3 j
N/A, c/ S# e) z2 M0 v/ Y! k5 H
==================================9 W- I4 @0 N0 k$ i6 _' w
进程特权扫描
) h2 | Y7 J- r# N6 s2 O N
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
6 f& T+ e k5 \, l
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
% U" e- Y/ [" n/ _4 h, Q+ p
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]3 x( V) F1 J2 j3 u
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
& j! i$ H6 L- w7 [" u
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]3 ]" N4 s7 A9 [# l2 s/ }
==================================" D# f+ A* _- D; d2 k- [+ `5 Z! g) I
API HOOK# m7 N4 S: i0 w1 c$ Y
N/A6 i- {1 h, P* E. c: r# b
==================================& I. Y7 }' J! I
隐藏进程
) \" z9 u) {8 M1 q6 c; a( L& q% W
N/A8 `2 k% X) A1 b: ?! j! [0 R& a2 E* s
==================================
3 s: G" t* _5 ]5 }. x
; h5 E! b X- v5 E9 d

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115