|
|
& k& t4 I$ F6 @: }9 f( G% c- J- 2008-05-22,20:37:43* t. X" Y& ?) T: { D3 w' j6 Z! Q$ h% L/ Q
- System Repair Engineer 2.5.16.900' X& r2 d8 l; s8 B: V
- Smallfrogs (http://www.KZTechs.com) \! e- J8 V" g# H3 C
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能, m* z, Z5 q V+ S/ A, k
- 以下内容被选中:. ?# ?1 f/ L7 k" W. i/ w: p: g
- 所有的启动项目(包括注册表、启动文件夹、服务等): t, S1 a% q5 e
- 浏览器加载项
0 U- x7 ^$ F1 ~ - 正在运行的进程(包括进程模块信息)
9 G/ j. j" w% f8 d - 文件关联! L" F$ E' ~( b- g
- Winsock 提供者
$ i/ d# b) i/ S5 q) n; } - Autorun.inf
2 O, c' T5 i. W+ u - HOSTS 文件
1 Q( B! O7 o) o. U - 进程特权扫描
( O" p) [2 \; \6 O9 F - 8 v* M1 \, P) z/ k$ U5 q
- 启动项目
5 t# D& A' S1 j D% C+ ]) N - 注册表5 ~ @8 }( x+ K
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
, J4 o6 M. i3 G1 P$ i1 S' Z - <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]/ j; m1 t: g3 K& C! ^0 z/ P0 \- L
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
7 k; Y4 _+ _/ K t. N3 X6 g Y - <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
z) d |9 ~( C9 K$ B9 v8 f - <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]$ _- Q3 m% K: T# J# P
- <360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
; @. F% \! S( x9 W6 I - <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]; G4 b8 B+ _( }! Y' V# ]" j. {$ u
- <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
/ v0 Y4 I, T4 ~2 c' @* @) J6 H, e. } - <PHIME2002A><; > [N/A]
# q# C$ W( f9 N* |$ U+ o - <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
J1 d9 ?7 {' O+ s0 k. F( m# m1 f - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]! b: h' W# Z$ z8 g7 G
- <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
: g6 S" H. h3 q+ e1 f. U, e - <Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
5 L9 q+ m7 G$ P3 F8 M0 p+ y9 r - <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
' V" |& `& u6 G' Q+ `: u) h9 {( ` - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]4 F2 B$ I5 ]1 Z) g$ s" u
- <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]7 l+ c" d- w0 M8 @: k
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]$ A! }, {' k" o% T0 B' v$ q5 I
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]( Q% W `0 W: f/ l- d
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]; Y* G& _# T9 O& S& @
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]4 V/ G; x$ y/ b" e
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
. B7 C( W( u7 D8 u1 X" ` - <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
& z8 V5 k- o d c( K/ l0 R5 h+ s - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
1 Y* E9 G, j9 v, p - <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
" `: Q5 N4 U6 O - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]( k/ h9 d# j& ?5 `" U
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]7 P1 f, b7 T9 w
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
6 m( H9 T& D7 i, z8 z$ _: A - <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
0 M; I: I! @/ o# O0 }1 T0 S, _( Q - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]% @0 c' ~0 G- G5 y# _. L3 q* M
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]( k; r4 g& h, d4 N- T5 y
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
& ]4 P1 g6 U0 H5 V* ? - <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
; R2 A! |$ X4 T! i: y { - ==================================
# w6 b |/ b- a: S- P2 n - 启动文件夹
3 Y6 i9 q7 L. C% n0 \ - N/A( i8 ~7 I) \$ H+ I
- ==================================4 U9 ]# C# _# x, Q/ T
- 服务
- H( L) A: W3 q9 w6 F: N f - [3ware Controller Service / 3wareSrv][Stopped/Auto Start]
: }; s. l' f9 ?) j9 Z. i8 j1 @ - <C:\WINDOWS\System32\3wareSrv.exe><N/A>
/ F/ @6 x" X7 ~$ w - [Google Updater Service / gusvc][Stopped/Manual Start]% X& Z% L( M0 J& o
- <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>" Z) l A% h6 _
- [Help and Support / helpsvc][Stopped/Disabled]6 {, H5 T, c6 I4 S
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
. {5 _, U. I# [$ b) F/ i - [Human Interface Device Access / HidServ][Stopped/Boot Start]
3 l; x# s2 m p# \8 p0 C; f$ k3 ~ - <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>- N, F% O0 P( h
- [Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]/ ?" g' |5 q! X1 U- S4 u
- <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>9 y3 }, I& m: B0 f+ n3 U8 j
- [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
|# s/ ^ D4 [ - <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>8 {8 j) d7 C3 E* h0 `2 q2 ^2 ~& D+ ^) |
- [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
. C/ x4 ?# O% } - <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>5 D o9 X1 E2 d
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
6 L: L: L5 S8 `) l' { - <><N/A>
+ w. ^6 d7 U' ^% M& N. T. z6 X - [Qvod Terminal / Qvod Terminal][Running/Auto Start]
+ S/ E G ~; I - <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
6 c, l% Q* @# \1 J - ==================================. y/ ?* N! _" S8 @& h: U
- 驱动程序" T3 Y9 a+ ^& \* l# g# | E
- [22j / 22jn][Stopped/Boot Start]" g4 D0 |! W9 H2 N: i& i V% o" Z! Z
- <\SystemRoot\System32\DRIVERS\22jn.sys><N/A>, S3 v- o6 S9 C4 w! G9 m' f
- [360AntiArp / 360AntiArp][Running/System Start]
: w2 i+ r: N2 W - <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
3 d; k, @' Y% U' ~9 W - [43ec / 43ecu][Stopped/Boot Start]+ i( h5 }5 Q. |1 _, j
- <\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
* k4 V% ?9 w0 B% B+ b8 B/ i0 ~ - [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]; ^) P% G" c. G6 t
- <system32\drivers\ac97intc.sys><Intel Corporation>- E/ a; [# }9 O
- [Promise driver accelerator / bb-run][Running/Boot Start]+ D% \* J$ W, W" @8 f* i+ u
- <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>( T; O+ B$ |! f
- [Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
# }- A( _) b; J$ i- i' Z - <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>: i5 y3 q# J- [% t
- [KAVBase / KAVBase][Running/Auto Start]; i/ N% n8 {# G! e$ {9 f- G
- <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
; Z9 H1 U" I v9 D" K - [KAVBootC / KAVBootC][Running/Boot Start]
1 e. d( U5 [" _2 Z1 g# Q' ~ - <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
8 V) ]% e$ u% Y6 B# u& U - [KAVSafe / KAVSafe][Running/Auto Start]- |* U4 Z2 m0 v
- <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
+ d: s o+ I+ D e - [KNetWch / KNetWch][Running/System Start]
+ b, ]; R2 [1 l, _) ~ - <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
+ V7 R1 O i z6 V5 D - [KWatch3 / KWatch3][Running/Auto Start]: E3 C3 B, `6 S$ ^
- <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>! a+ A& B+ t* f. m# w
- [ntptdb / ntptdb][Stopped/Auto Start]9 e3 |- o. j7 t8 @ C; H
- <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>2 q# k3 S1 `- |# g1 L
- [nv / nv][Running/Manual Start]0 }6 U' x2 } X, W [
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>4 j; q! @& U5 i+ N n/ N- T; \% b
- [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
' H$ U( M9 P/ f$ p5 r, t' D, N4 u - <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>' S5 w" Z. g4 h4 H' s1 a: [
- [DDK PACKET Protocol / Packet][Running/Manual Start]
/ L) n0 q$ c4 t6 X# W" J4 W& z5 {, m - <system32\DRIVERS\ProtoDrv.sys><360安全中心># j# g9 i3 @' N% w! a$ v" ]# F
- [pnduojtwbt / pnduojtwbt][Stopped/Boot Start]$ C# k& Q5 T( \* P0 b7 Z
- <\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
" `1 g3 A# `) C3 ?+ g3 T) u - [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
, k' k& z* B, x0 ?" R - <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>7 f2 u9 y6 e, i* }, R
- [RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]! u* s2 c% k; x M/ a
- <\SystemRoot\system32\drivers\RsBoot.sys><N/A>: V8 d. P& t( i7 K
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]. j u5 K" a' Q2 E4 {/ r7 w
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>! p* u, u* c( z. Z
- [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]! [6 E3 j4 w! D( W# k
- <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
$ r9 u/ Z% v9 s9 v5 Y: x9 s d' m - [Secdrv / Secdrv][Stopped/Manual Start]
* a: {7 X" z2 O g6 M: P9 m2 W - <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>2 h/ D- t0 e- V# F& x
- [SATALink External Device Filter / SiRemFil][Running/Boot Start]
' X; Y5 ]0 }8 D$ K4 k - <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>$ m0 p/ z6 z8 p6 f! ?6 b" T0 e
- [System Restore Filter Driver / sr][Stopped/Disabled]- T4 C& i5 k1 V! K f2 T
- <system32\DRIVERS\sr.sys><N/A>4 R) I. i. |# ]& K4 _$ f. K$ o7 }
- [TesSafe / TesSafe][Stopped/Manual Start]% y7 D) l, i" t+ M/ R& |) Q
- <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>6 f3 x6 S$ x/ c$ _' m6 O: z
- [System Services / unzxzsrs][Stopped/Boot Start]* }$ l1 Z4 b4 y8 ~, K
- <\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
; E- c, C) q i8 r- ^( C - [ViBus / ViBus][Stopped/Boot Start]6 N9 v( M* }6 n" P6 w* ^2 R6 x
- <\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
; _" ]7 e- d" h% S% R - [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]3 U0 [1 d+ ?& y$ T6 Q
- <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
' g7 e* b+ r* E/ m* ^ - [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
7 u/ R, ?% G" X! ?1 U2 z9 @ - <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>& F2 l: z) t$ n( e, U8 D
- [ATI Extend / zhibmaso][Stopped/Boot Start]7 i$ T2 l- C( x1 K" q7 m! r; O
- <\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
7 V, L8 F8 ~* E. [8 `- A% Y; Q - [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]4 H2 F! ^2 q' s0 x- T8 U
- <System32\Drivers\usbVM31b.sys><Vimicro Corporation>
# w3 U }2 P) O8 o$ s - ==================================. y4 j. E8 h1 S: I' r* X
- 浏览器加载项 R% o- ~, Y: p1 r; @- W/ e
- [Google Toolbar Helper]
- P f9 T6 ?: e+ \( ~; _ - {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ ~( Y" G- |2 {& G% _" { - [Google Toolbar Notifier BHO]
$ S6 M6 v( C, a+ O - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
& x* Y3 f) ]: |2 n& e - [SafeMon Class]
: J9 m/ W+ g! I/ T - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>/ J* C6 g2 M8 x1 L
- [kingsoft browser shield]+ s k/ {) M% p' R% Y$ H
- {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>/ C3 r* O& g! b' s3 k
- [IEBuddyExtControl Class]/ ^* d8 l- `( }5 E$ k
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>: C2 L/ M ]4 v6 k1 r
- [Zcom 杂志]
" l, {0 S; |6 P0 B" {$ f- r4 M7 V1 ?5 N - {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>& U- n6 N* p; B. i' K4 t
- [&Google]" P! q8 t" ?( M* W: H1 O
- {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>) v! I3 H/ O8 |: J) Q
- [KooPlayer Control]
- `# P9 B" j6 ~6 x7 v- q - {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>$ d2 r# W4 t: J$ d$ K# C6 E
- [Shockwave Flash Object]6 i* u4 s' L8 l* ^
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
' P9 l9 |+ T0 `# z, X6 M - [KUpdateObj2 Class]2 A, p* [: |% C& U3 O
- {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
7 F" g. z' r5 }/ R - [Google Script Object]
+ l% q1 y' C" }4 J6 l - {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
6 }3 k1 j7 Q( z6 B2 d( K2 g' e9 \ - [EWA Control]
' X2 \0 q$ o6 _5 j6 D! {8 X - {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
5 a$ @) T7 c# Z& V/ F; R - [Windows Media Player]# J0 {4 Z; E# P
- {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
$ G9 W2 ], ^, ]: i5 A. G. k7 [: S - [&Google]
; h$ P, Z7 ^3 D: M8 K( y' {! u6 O; u2 M - {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>" G" J) f! H/ {: `2 C- w" B9 [* q
- [HTML Document]# Z7 [* a: |3 @' H: M2 O! l1 s
- {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>. A8 ]0 h+ @) \8 C
- [DHTML Edit Control Safe for Scripting for IE5]
, O% {( P; u0 d" V1 o6 F - {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>1 s# t- p) E- l4 C
- [RealPlayer RAM Download Handler]
3 E+ V G# `$ c4 H0 W8 C9 M0 H - {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
. Y3 T3 r, s( Z! ]! W' B% f - [IEBuddyExtControl Class]6 p% z3 v$ {! l8 ~
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
5 p7 o9 x# @. R - [XML Document]3 T3 u$ ?! P3 U' w
- {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
) b5 |! z/ b7 l0 ^9 h- @# [" O - [HHCtrl Object]
. u' G% B9 C7 ~+ F* ?0 V0 M - {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>; w; R! X6 J# H. Y" V2 `
- [Windows Media Player]
# W% P- [4 w- ^! b& ~ - {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" R) Y% V9 d- R# l
- [Active Desktop Mover]
" |* t8 S( Z4 N2 A - {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>% q% p' r' j2 W( _( K# a
- [360SafeLive]
: d. U: K2 ?2 M4 j: y9 L I& P4 ]; _ - {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>: j# |. {8 A5 `: {
- [Microsoft Web 浏览器]
+ P( Y2 b& Y8 v R - {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>; C1 `' U' p9 o7 K" P+ E/ Y
- [Browser Enhanced Objects]8 ]/ f3 x, N2 P; F
- {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
6 _0 g: h9 E: j* { - [Google Toolbar Helper]: y: } v& d, ^4 y% k$ X
- {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
: s- W. ~- Y0 F# @ - [Microsoft Scriptlet Component]$ O4 T6 E0 y7 U$ s- {8 x# t
- {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>" i* o9 l; t: f" r3 Z0 @2 Q; A" \
- [Google Toolbar Notifier BHO]
; v {3 Z! i# U5 C2 P - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
5 W1 k: f& K; }2 D - [SearchAssistantOC]
1 R9 |% G! O3 ?+ t3 i. p- {& Y/ M5 t - {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
4 H Z& N3 ~: h3 R - [SafeMon Class]0 o F1 e9 G: ^# f& w- G+ `
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
1 Z. C9 Y |' ~4 I: T @ - [RDS.DataSpace]
/ x O9 s3 S! D. R - {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
% o- a! e* m( y& E5 B- P - [KooPlayer Control]
4 c$ V" l; Q& f* k0 t1 B - {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>; f) f( w' Y5 A5 Y( _% u1 P
- [AUDIO__MID Moniker Class]3 r# t2 l& K, C
- {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
$ f; ?6 C9 T5 C0 V) Q+ _' [ - [AUDIO__MP3 Moniker Class]+ `; U) p+ M' y1 U2 s
- {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 f4 q* C( h( @* k# U% V
- [AUDIO__X_MS_WMA Moniker Class]7 @$ {; n) [0 ^! ^, G6 r
- {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
$ v4 K1 \' ?2 e3 N2 X6 u - [VIDEO__X_MS_WMV Moniker Class], f! t. A: p* [/ Z
- {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
$ U0 K$ N. D4 d [1 F+ A - [RealPlayer G2 Control]
/ N7 a' K' X5 z) P" J) q8 t - {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
" u1 d2 c. M2 p - [Shockwave Flash Object]
) p0 S/ [ `5 d- |3 P0 e8 T) y - {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
4 c% t* y* n5 U$ E. x. R' O( x - [KUpdateObj2 Class]
5 X1 X) M+ |8 n0 L- u" U - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
/ i3 O- L/ i4 B. d - [kingsoft browser shield]
4 s* M9 Y7 e: I* z - {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>; V4 m! R, C8 ]4 \
- [PasswordEditCtrl Class]
3 r- q( T' T9 X. t - {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
$ @$ Y& l2 g# a1 Y5 I - [QvodCtrl Class]+ y/ ?" b5 h/ p& ^( T l$ u- Y) f
- {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
; d- y5 \' \* H$ P, E/ P' l/ o - [&使用超级旋风下载]
* H( ~$ c e, v( r" H - <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
. B) V! h: ]6 |& j) \4 ]8 I - [&使用超级旋风下载全部链接]3 F, u. `! s% E4 `; d8 d
- <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
8 M3 t' `9 E0 E# C8 ^+ `) b" b - [使用迅雷下载]; |# O$ H! B2 s+ K& ]1 F
- <, N/A>
0 h8 L9 s( V- N - [使用迅雷下载全部链接]
1 G [7 ^- V5 I$ [$ L' q& \ - <, N/A>
$ B' p5 \ q2 u% P& u - [导出到 Microsoft Office Excel(&X)], P* Q$ o* E, m+ B
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>7 v$ @1 I* _* Z) s% G1 T& w& P( C
- [添加到QQ表情]2 _' ^' @1 d7 Q# x) d3 m/ E
- <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
0 s7 ^" d8 P5 W2 Z7 Q# P9 n - ==================================! @! R; q S9 v2 K q; H
- 正在运行的进程3 A( i d, K- m! X5 G& H D
- [PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# ]# ]# {' L4 x: g. L - [PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# P i! J% h* e- f3 F; m - [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" M3 ^3 d L9 I* c% k7 W7 }" m' L M
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]" H7 |/ ?1 t# F
- [PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' Q1 Z% R" f5 X) @1 W" }2 Y
- [PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" b3 f" S7 e. _1 w+ n - [PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 V. O7 r9 t; t! h; [ - [PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 p F4 F5 E: r/ P - [PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 [/ V( v+ c h7 T; z1 m - [PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- C$ p5 L7 z7 a9 y
- [PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 y1 P5 X$ e n- N# G" z A! e
- [PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
. J4 X3 p1 m, Q$ ^ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 |4 ~# X: a5 E
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; O* \% F8 P% q, E - [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
( |& v, ^# |) \; m3 Z$ K" T. [ - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] |4 v9 k a1 \6 h6 W \# @2 {
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
: f$ K7 r+ q4 x3 [& p - [C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
* U3 z5 H" g/ y% {7 f3 D( S - [C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
0 }8 L5 E+ ]0 g9 X - [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
) s/ [, |# R% ]1 [& J+ u" K/ l1 p+ p - [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]% g2 T$ E- g2 C1 ~, e$ g
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]4 x+ |" s4 l2 e& X$ Y3 h1 k
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]" ]2 r" a( k" {: `( \/ @
- [PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)], L; A# G" l/ s7 n
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
8 y6 ?! R5 i: W3 b: L4 A5 `" p - [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
) Y |( P( B" Q - [PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]7 g- S# B# @. U% }! ?
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 j3 F) ~+ ^* q7 N0 e0 i+ D9 B7 j$ T* ` - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, w3 r2 F2 Z* t- A7 e - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) Q* s, r+ e: k8 p: L0 E* F8 P - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]: ^& H- {! L3 R/ {2 Z- ~* w
- [PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 L- Y+ d+ c: l, B! s$ e+ F - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]- x) E% M/ d( { F& t: e
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 t# C2 _. P" @( L4 D7 j - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
7 P+ a8 x- G% ~0 J0 ~3 k2 E - [PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
) |8 d2 c& K$ N0 D" f6 v2 M - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
/ I6 d9 W1 Z- H9 s/ y! t+ W; K - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 v5 n- X( X4 {
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 j7 }( M+ I6 X1 Z0 G# F
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]; o' U; V1 h4 ~+ ?4 H
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]$ E5 O4 }- v0 F2 ?/ h
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
$ h$ F# ^9 _0 K& m - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; f1 l" j, s( @& o5 P; Z& h
- [PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 A( J' Z6 ^2 \8 B. }$ o0 q) m/ R - [PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
! m+ ^7 K1 t0 m - [PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 V+ o4 B3 ], Y; u# A% Z6 Y/ f3 h! Y - [PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. H0 `; y' j5 ^, Q1 |. N+ E
- [PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
% o; `& F- [: m7 S1 ?1 A - [PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]2 p* A* W8 R% k- h! ?
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* i) V! @, f/ a: I# v - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]7 ~8 Z% X: v$ M5 V. ^5 P2 U& s6 D
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: d; c/ e& p/ E* P5 b+ O3 C
- [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]' \- X+ m) h4 h2 R& h3 k
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
5 E2 m D& w% N7 X) E* Z% @ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]! h" ~6 i8 a( {
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]3 Q% g8 R' ^, ]1 ?; [% A
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
& _) @) r& T6 X0 P - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
2 _0 X5 Y* H* r7 W - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
0 h. L7 O F! Y# K( R& x2 n. i - [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
3 S' k% E! A+ p# b: y! f - [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
' {! T% T/ ?% B - [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]$ U/ C( S3 p: W: b
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 x9 Z/ }- V0 f) C; h0 x
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]5 v2 [/ s1 d3 H+ q
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
7 D4 }" T ?1 }4 X T6 l - [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]+ H# Z* A% Z Z+ x' k
- [C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
' i u4 M" H3 Y8 X - [C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]0 M4 v5 j6 l" ?: Z! [
- [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950] d8 l4 g; O9 l7 k' q
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. t7 r7 Q- ]4 K) ]* A- n2 i g
- [PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]5 N# X: V* P7 _7 A/ }
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 q$ o7 U6 j0 I - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 M2 w" U' ?7 d5 h# b) l - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 q0 ?* r; Q/ C& l+ W
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 E1 C- |; ^' w: v - [PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]# w4 x, W0 @& d, @
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 a; b: U/ X* g G6 y7 x
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) |* }. h* O6 |! J* q - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
* X0 O' ~6 B& t1 g6 ?# Q- Y8 p - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 X+ D4 z5 G' Q) Q3 i( D, k: |/ ?; ? Y - [F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]8 Z: A9 }! ^; i* f" _; K* P6 W
- [PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
" i- L6 C0 ?* t( Z# @7 y - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]- C4 V# P/ f( L, `" C/ z# g& C
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' `) v+ _) @" a# ]4 B' a; N w - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 a1 N: r3 Y8 W% \9 \
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]4 @) {& I: d1 u2 N5 `
- [PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
$ E: _. g7 y9 O | - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] \1 \" M3 R* ~4 G
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
3 c2 R0 @. j- L, [& } - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 i; g7 z! P$ j" q - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 O4 \; T9 r( O7 ]: W
- [d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
7 R& @- y/ M, t' e5 K7 Q) q/ f9 S - ==================================0 ^' p4 m5 `+ x( S3 A% Z
- 文件关联5 W# c$ q% L9 J( d4 e
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
0 ^# w ^, t* ~; ~* C - .EXE OK. ["%1" %*]
8 {6 G. X7 i, e2 G) C" d# j - .COM OK. ["%1" %*]7 W% q8 w0 k) G0 o
- .PIF OK. ["%1" %*]
* E0 |' J5 [) {7 h5 p - .REG OK. [regedit.exe "%1"]
+ L. h7 x$ Y- _5 g; w - .BAT OK. ["%1" %*]5 U$ q |/ O: j
- .SCR OK. ["%1" /S]3 o& u+ U* W& t
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
( R4 L& \' i0 W3 X2 f+ v! C* l' [ - .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]6 m+ m" K# K# e$ L' J* A
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]2 ?2 v* k6 [! F' N5 f# C2 b
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
: }% B: p2 f3 O3 Z3 L) z - .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
/ Z! s! b2 T4 Y; O7 j+ G# I% \ - .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
, u, r |2 P- d& J9 [ - .LNK OK. [{00021401-0000-0000-C000-000000000046}]: Q% ~; D1 I3 h5 h
- ==================================
2 N9 _" V- P; F. M, V* h - Winsock 提供者0 o" B9 s2 w7 O6 Q0 y
- N/A
! ]( S" a. ?1 K3 U _; s9 t - ==================================7 |$ d. a0 @" W C# R$ a
- Autorun.inf; r% d* G& s- K% Z& [7 m* D
- N/A
( c6 x0 s& G# r+ O" F9 s - ==================================. ?. R p2 Y* @; _3 K
- HOSTS 文件% H3 J9 N/ }7 ?
- N/A( s4 `3 T+ W4 J6 B* z: \ _* d
- ==================================( R0 u# l. Y; x" t n
- 进程特权扫描
9 j4 \" ~2 a# Q8 t' d - 特殊特权被允许: SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
, M, k; ~* N( P# X( j - 特殊特权被允许: SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]" Z) c0 ] A& }
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
- z6 s# k& A4 Y; G - 特殊特权被允许: SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
; ~1 \8 p: n. s! x2 N$ z9 P& x - 特殊特权被允许: SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
5 E' @4 q; z% a! g$ k: k" x - ==================================
4 m) Q5 J/ F: W+ t. S/ d - API HOOK
- k( i1 {9 \4 J' t - N/A
! F+ `9 Q" R; ^5 B6 Z - ==================================, Q3 r' k" A" V3 v0 K
- 隐藏进程
5 _9 r, P+ o; E# J/ j$ @ - N/A
8 ]0 I3 A3 k \1 h - ==================================
" T1 M4 l8 A1 ^4 @) _
6 ~7 D& g: [* m" d- @+ e
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
