|
|
* |' `: b% q5 Y# V" y! _( V7 O- 2008-05-22,20:37:43
8 ]& {1 ]) d4 I - System Repair Engineer 2.5.16.900& v# J. C2 m; S! H
- Smallfrogs (http://www.KZTechs.com)7 y7 ?1 b* m5 C
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
! f, a* p. Q( J0 F) A* a - 以下内容被选中:
6 ?. U* z8 x: X: E1 h5 o+ ^8 {/ i - 所有的启动项目(包括注册表、启动文件夹、服务等)
e" Y1 S2 X4 r. S/ W$ N. B/ W - 浏览器加载项
5 p8 j3 B" t3 F( w - 正在运行的进程(包括进程模块信息)
! G# ^0 `4 `7 ]5 t9 P2 m - 文件关联
3 e; q* X, z( E% }- d - Winsock 提供者
# @$ F' ~/ Z3 c/ d+ E - Autorun.inf
$ B! N7 L( K) \, B, X: W& g - HOSTS 文件2 f, X$ n! p( S, A4 I
- 进程特权扫描
& x. Z3 |6 Y& z% B3 g8 \: h - , Q2 x |- N2 I) D8 B
- 启动项目
8 {; v3 y1 c7 S8 b& Y: j% q - 注册表
: G B2 q; W2 C6 m1 Y$ Q& h5 o - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
: J9 _; A! r' m% a - <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
5 |4 ~# A! |1 F' L# l - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
" ?$ u" T$ z1 q% @ - <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]0 s- a( \0 o4 w, v' N
- <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
% f/ _2 H# J& Y$ P8 ]! S& _/ Y- u - <360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]; B' w6 t3 V- R M# p5 G
- <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
9 Z% z; l8 [2 Z- N( T - <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
4 J& L. ~4 d( y7 _0 o) c5 Z - <PHIME2002A><; > [N/A]
8 D" m3 J6 ^& B- [1 } - <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]" K* U$ V; p2 s+ c$ v/ y
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
1 d6 q2 N2 n2 g- e% r$ G0 d$ D - <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
8 B& n% Y* s, P+ C! ` - <Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]+ j& {" `$ j# ^$ }" \. P
- <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
) Y' {: x t4 @0 c - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
% U# y7 C. g7 c - <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
( ^. p# c+ D; Q% X7 g% U - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
9 P% i& k S1 d, J. y ?0 F, L - <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]. r7 l: z+ G2 W! W: {+ D5 \; _! B* r
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
! z- t! p; h( K - <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
* ]/ c7 R, F( I% Y9 ` - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
/ [, M9 L8 r+ q: j | - <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]+ z+ S* F" R$ V6 A7 X
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]8 y1 H: H0 g- T6 G; |
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
: y6 b5 _4 L- I5 z4 b8 @; t - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]3 g; x" r+ X( E+ x- Y% {
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]- _' j+ K* G' |/ @1 d4 E
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]( E$ ?' l, ]+ r I" s: r Q
- <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]! e+ R2 l" l/ \* {6 a
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
7 K/ a2 T8 n2 T ^0 K6 [ - <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
/ t6 @5 Y2 w _ - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]3 K U; x1 r4 H
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]3 F+ z& l1 R- s6 B
- ==================================
0 L$ V! J5 z) D - 启动文件夹
+ H* z- g$ M, d - N/A$ G- C" [! ]3 p
- ==================================3 l1 T: }5 c; r1 p! A' G5 G8 J
- 服务
) C: w8 Q1 e6 X' Y - [3ware Controller Service / 3wareSrv][Stopped/Auto Start]
1 c) E. m* p# h$ h1 g - <C:\WINDOWS\System32\3wareSrv.exe><N/A>
% \. y% m. [4 U8 x; S6 r - [Google Updater Service / gusvc][Stopped/Manual Start]
5 }% e8 _" r- E( u I, D5 T# V% Z0 K - <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>$ y& A m! B) k/ Q5 F
- [Help and Support / helpsvc][Stopped/Disabled]
: Z8 c I( E' [- p; G1 ^. y - <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>. o4 A2 ?& Y2 k
- [Human Interface Device Access / HidServ][Stopped/Boot Start]
; c" N" J$ w: r( Y# W- ]8 X - <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
& Q2 _4 _- I' n% X6 b8 O' _+ U - [Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
% s4 L- M. x5 Z4 y: f8 G - <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
5 Y) ] ]6 ^! Z. L4 ]' C - [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]: \3 l# d8 w: _, y- C* }
- <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>/ [- c- j! ~4 j1 @+ A
- [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
) I( i3 l0 L6 r6 H- {, U - <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>3 }7 c9 ~0 j, t" D5 ]
- [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
9 d% \7 w, B) @0 Y0 C+ A; n8 _ - <><N/A>
1 Y" [# Z D: h ^# x - [Qvod Terminal / Qvod Terminal][Running/Auto Start]
. a* Y& ~9 P( T - <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>% k8 J1 v- p, U' x& a
- ==================================! F$ N4 g" {: F6 [$ x- p
- 驱动程序- d, k: r5 M/ K- R( a; [
- [22j / 22jn][Stopped/Boot Start]: ]- Y d! K' }" ?8 @0 N$ b* l$ F4 G
- <\SystemRoot\System32\DRIVERS\22jn.sys><N/A>' R# B6 Z" b+ I) R% O1 z: ^
- [360AntiArp / 360AntiArp][Running/System Start]" E5 ~- M; |# I6 K6 Q6 h
- <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
, J9 a6 E! Q& C0 N - [43ec / 43ecu][Stopped/Boot Start]; d1 W- K0 P5 f! ` H+ D' e$ y
- <\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>$ i; s* [! A4 O' G8 @7 u) S1 l
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]- A' x# {" _5 Y+ z" u* E3 `
- <system32\drivers\ac97intc.sys><Intel Corporation>1 J: P/ C" a( K* r1 N& @" r
- [Promise driver accelerator / bb-run][Running/Boot Start]
1 B& Y' N0 d$ h. A - <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
8 f4 O( e/ {. K5 A - [Promise Removable Disk Control Driver / dontgo][Running/Boot Start]; F4 x5 w- ]6 C& P" g) c
- <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
3 ]$ M1 I' L/ R+ g0 ] - [KAVBase / KAVBase][Running/Auto Start]" O' }" _0 m7 O% f* E
- <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>$ [$ H3 b6 G$ i3 C
- [KAVBootC / KAVBootC][Running/Boot Start]
. ~1 x6 J% M ^ - <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
& L. c$ L# v2 P& m4 n; Z - [KAVSafe / KAVSafe][Running/Auto Start]! A3 l! S7 V- Q( k' G) ^) O
- <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation># @' }4 [6 b$ @
- [KNetWch / KNetWch][Running/System Start]( o& M6 |! K, p
- <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>7 R" d1 o( |* g: j; ^7 x
- [KWatch3 / KWatch3][Running/Auto Start]
% k* g2 U5 y3 e* {9 b - <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
. v+ A1 {( h8 n) p! E - [ntptdb / ntptdb][Stopped/Auto Start]. L; t& y/ D% W( s6 Q$ A
- <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>, k: M6 v# t7 i1 A U! O
- [nv / nv][Running/Manual Start]
8 X7 b. G9 D5 _* y2 k) _9 p - <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
' D) o7 J6 g9 u: ~ - [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]6 B: R6 L* d; J$ d. N$ C% H
- <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
$ c+ X7 F( I; E1 H$ h5 \" r8 k - [DDK PACKET Protocol / Packet][Running/Manual Start]& s l7 I- i5 T; Y/ S+ `+ U* p: x
- <system32\DRIVERS\ProtoDrv.sys><360安全中心>
( u) F% K6 E; X1 m2 H! @2 K - [pnduojtwbt / pnduojtwbt][Stopped/Boot Start]9 c9 Y x: }9 M+ V6 f! Q. m
- <\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>. H; b) r2 ? k0 v* s
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]6 N4 t& ?. ]5 X2 t! |# u
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
/ h) ^# i5 P) M9 ]# z3 } - [RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]$ U' K O2 d0 w) c. H* }, R4 A- o
- <\SystemRoot\system32\drivers\RsBoot.sys><N/A>6 L6 P9 x% G' H: G' t4 ?
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]. u# M3 \+ f8 R* Z
- <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>. J8 K+ M6 @6 l" p; }7 m! z# n. x
- [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]5 F6 E9 i* u) d+ H H; x
- <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
; Z1 b, |7 o9 o2 }* S x+ n! ? - [Secdrv / Secdrv][Stopped/Manual Start]0 m. f% ~7 x6 z
- <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>0 g+ l3 ]6 _4 G' u
- [SATALink External Device Filter / SiRemFil][Running/Boot Start]' V5 k3 b% r3 }8 }. B% B" J4 ~! X
- <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
3 S# w, d. k9 J1 a3 | - [System Restore Filter Driver / sr][Stopped/Disabled]
E+ j. E- l' y1 Z5 D2 P/ Y+ d - <system32\DRIVERS\sr.sys><N/A>
& T; ]* D! A6 p - [TesSafe / TesSafe][Stopped/Manual Start]
$ i; L: @/ V8 L8 e M& U% G" M1 X - <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
% R: W; D1 @9 J8 J( X! s" T - [System Services / unzxzsrs][Stopped/Boot Start]! C- c/ X5 j5 P5 s8 M0 [( J4 p s1 u G/ c
- <\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>7 _5 X# Y1 n! R8 f5 \' |
- [ViBus / ViBus][Stopped/Boot Start]
' q6 C. s; ?: _ - <\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
6 T! i1 N5 H/ }" e! P! [ - [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
2 y, d- ~' _% M, k - <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
. n, r# X% _. M1 T' S - [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]( q0 ?8 `& P& d9 x6 U6 e4 j ~
- <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>1 k: @8 H C8 u2 f
- [ATI Extend / zhibmaso][Stopped/Boot Start]6 }7 B" C. G! O2 L3 `$ F1 X
- <\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
# L* F [" u2 Y# j# r$ z9 q. ^ - [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
" q% ^- f$ y$ R% V) e - <System32\Drivers\usbVM31b.sys><Vimicro Corporation>
/ |" W9 r& [/ T9 ~- U& f& X3 C - ==================================& z [: j$ f* G2 y9 n
- 浏览器加载项" T3 w4 k/ P2 B( Y7 K# o# U: G
- [Google Toolbar Helper]
3 i+ f, f7 F a1 P& q* F - {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
) g7 @/ ~: t0 i# j" t! R6 a - [Google Toolbar Notifier BHO]
+ W* m2 M6 c9 R' j - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>, w f" K( y6 |* V! o' ?! Q4 f
- [SafeMon Class]
: } T9 H7 n1 j. N `9 T - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN># v' h8 r% C8 h. v' s
- [kingsoft browser shield]5 a- A4 t: p) T" b5 e% o+ m
- {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 p6 Q4 W' Y" y* r$ f6 V: j+ ?( F - [IEBuddyExtControl Class]+ r1 \+ C, s- L$ Y
- {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>, ~; c5 r% R$ X2 l0 ~: @: ?; s
- [Zcom 杂志]8 b: f* x: x$ u0 x
- {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>$ K- H; ~* k2 L) {( O- v, _' K
- [&Google]# P2 O' S8 `% M# g/ a: L
- {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
# t% R$ s% [. ~% m7 X% L, Y3 k - [KooPlayer Control]. U" Z$ ~# D' \) n
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>1 j) g% |1 n$ W
- [Shockwave Flash Object]$ d( O7 V& o9 _# X9 a5 T
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
9 o( |: H K6 D0 T+ Z - [KUpdateObj2 Class]4 Q2 k, `! k, K3 J V K! [
- {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
1 i+ N5 b' }& N& P! l- S# E- T - [Google Script Object]; f) Z5 x$ @, N' S' w1 F# `
- {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 _8 ]( d9 r! B/ l! L% _
- [EWA Control]
0 P4 Q5 g3 `1 J7 f, H3 D - {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
& {! u2 h' r' E% P( s) | - [Windows Media Player]
& s5 R9 ~/ t! e* H% v - {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
d* H) Z- G& h; m$ o - [&Google]
8 H9 ~, j8 E! ~" a% @7 G - {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>! ?% k. q) x, [$ @* H
- [HTML Document]7 F& Y: t/ ?& Q. z: j! h9 O
- {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
$ j6 n( s$ V! Z# e/ S - [DHTML Edit Control Safe for Scripting for IE5]* {# [/ o$ D9 j* I5 {
- {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
1 H; [0 I4 m; k" a' p; ?* ^- c - [RealPlayer RAM Download Handler]
7 J6 r% j- F% y/ _# |. U) a' F - {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>; H. z% m5 g( Z2 L+ Y, J2 E% N
- [IEBuddyExtControl Class]
; n9 O2 W6 I; q7 h! ?$ ~ - {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation> H/ K9 m" M* c1 _
- [XML Document]: Z( P4 Q) U- t7 h3 o
- {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
. t% V6 i$ g' U3 q - [HHCtrl Object]
6 \& M! f2 H2 x5 ^9 x - {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
' B3 ~4 c0 y1 f$ k* ?1 M4 u, I1 X - [Windows Media Player]1 u ^ f% V+ p7 n3 Y) b
- {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
3 O9 B9 o& Q8 X; c7 V6 H8 P, L - [Active Desktop Mover]
: f9 I7 t% ~' w# N# j, n - {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>$ ~" K- c0 T/ M% s0 ^7 q
- [360SafeLive]
' O+ H+ f# b w9 v. V F& w9 t - {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
' ^% V4 A/ }0 P& o1 V9 A$ z - [Microsoft Web 浏览器]; P4 U X+ ]3 U P% \
- {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>' F; g c( X, q! ^+ R+ C2 j
- [Browser Enhanced Objects]5 A2 \8 w- r7 C! j+ U$ a
- {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>) z) h2 d9 Q. S1 _) m
- [Google Toolbar Helper]
& g4 c8 v* q0 c0 x: {8 f( H6 w - {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
: f7 {% n" D% S) S; R2 X6 j - [Microsoft Scriptlet Component]% x: b7 d- A+ f& ~
- {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
% ]6 Y* L T$ Q" _0 S) b: { - [Google Toolbar Notifier BHO]- @; e1 E2 x- D2 M% k: g6 |
- {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>- C7 T3 J- k% C. V* u# m# {
- [SearchAssistantOC]! x2 d5 s' T: D2 g, f5 U
- {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>/ ?. f8 j9 V5 h7 P3 g2 o# H; d, d
- [SafeMon Class]/ b s" @" o; U. T- v' \9 r+ h
- {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
+ y2 k6 g2 _5 a/ Y - [RDS.DataSpace]/ \8 F6 a h1 j# T; y
- {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation># c/ f- v2 ]9 [" @/ C8 Z* r( X0 ?
- [KooPlayer Control]' X7 T" x* E5 b6 e4 I5 I" I# H$ ]
- {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
U% y* G/ F1 E) ` - [AUDIO__MID Moniker Class]# j3 i& M! f. l: D+ b! j4 V
- {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
3 ]( j" C- K8 I' @- P - [AUDIO__MP3 Moniker Class], x0 n: ~7 c0 @6 m$ @
- {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' h9 s) r0 `4 D) L( N( z - [AUDIO__X_MS_WMA Moniker Class]
0 O7 Z# e" m1 `( s9 S- I. { - {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
( z" D4 _# `1 c0 F/ N0 L+ F. E - [VIDEO__X_MS_WMV Moniker Class]# w. V+ [9 Y7 h9 P6 B1 e6 S6 [) C4 r
- {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 n9 O# M6 S8 }3 C$ ]
- [RealPlayer G2 Control]
& G3 G) _) C D+ _4 o - {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>0 R% j7 m) h: o7 A, K
- [Shockwave Flash Object] V4 M. r2 q% a
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>1 r' ?! i# T8 a' K- N! [+ R
- [KUpdateObj2 Class]
" a0 R/ D' M, k, r% n9 n4 ~6 N0 P - {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
& R0 M9 r4 R4 m7 }7 Y - [kingsoft browser shield]/ T+ u, H( ?" e; u
- {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>1 x V1 S8 G2 q- A# o, o
- [PasswordEditCtrl Class]% ?6 t+ J5 ^4 K) h' N% M' b( ?
- {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
. ?. ?9 w/ w7 ~+ T; Q1 D - [QvodCtrl Class], t0 e& h0 Q4 G, Q5 G0 Y
- {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd> _2 ?6 e a- o7 P
- [&使用超级旋风下载]
$ s8 f6 s, J; B2 D: @ - <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
9 t0 [2 G/ f) A6 I$ Q, p& n - [&使用超级旋风下载全部链接]6 \% H( c- j/ T! }
- <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>% ` L+ c; a1 R0 ?6 \
- [使用迅雷下载]
2 }% S9 n) @6 T5 O, {' L - <, N/A>$ b, ?2 p# R8 q
- [使用迅雷下载全部链接]) f8 _& O0 O! ]2 Z- N
- <, N/A>
: @. A6 z0 [" f* {) ] - [导出到 Microsoft Office Excel(&X)]
1 T* o( ]$ ~( m, ]$ ]' c/ r" j - <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>' t6 m( b O" b4 u/ u* P7 d: q
- [添加到QQ表情]4 i/ c' G( K& P W. d
- <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>/ U' ~5 ^) I9 r* x! m3 ]
- ==================================' s$ S, G6 [; a$ L9 L
- 正在运行的进程% }- v* `9 m" a1 j0 s, U
- [PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( A, R! e) J! E2 S; x1 J - [PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% N- z& R+ I$ ?% H
- [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 D$ Y0 q: D5 T
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]! c+ ]" T5 j7 N9 G/ `: k
- [PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 d( L0 G. B& b# b8 C - [PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 F* [( X! k+ `1 ~" t - [PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 ]. z+ }! N1 a5 n% m6 e$ @/ ~7 d - [PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 u+ d n1 p% C( G: B) P9 X1 u5 R - [PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)], U, B: R0 R v$ N G
- [PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ A1 }- R" j( W' k9 ?2 Q
- [PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" X' a, L, W( W. t( h7 E/ p - [PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
9 A$ f6 @9 t W, U8 X3 n - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
# _0 r# u) z% c4 r& n - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] C0 K4 y5 Q/ u8 [6 r1 k# [7 z' L
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]) \8 ?; r0 S4 y' d* W+ E1 Q/ ?
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
) {& v6 j. A6 G7 [) Q9 t8 V3 D - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]5 s# N9 \4 x: f; _" @
- [C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]1 _: R4 {* o9 n: K4 ?
- [C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]0 Q/ e) @' A5 a$ [. D6 n; ~, u
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ], D: p& ^& \9 u* \/ U
- [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]2 M8 R! k: \- A& y6 M3 |3 R
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. ]4 X+ Y" I1 T; q9 E - [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
/ Y8 i) { `2 w( }; Q; G, m - [PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]' U; Q5 x. j4 D' y6 D j& [3 B% f
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
0 X8 w/ w% N4 D$ [+ w# o - [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]2 |' U$ t6 _* q/ W
- [PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
. p/ ~5 f8 X3 E - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
- H0 T8 u# l4 L - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]- B( ^" d. a) Z+ y# [, P3 r
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, U) g5 _. p d - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 i9 r6 T b0 _" I `3 C - [PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- C& G! s- }8 o* \$ m8 U; I; k" A1 U
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] G7 k7 F% b% U8 u
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& r X) x% _ b
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- P: r1 g; u3 k. S K0 u7 Z, T
- [PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
* g) F/ s$ y2 ]6 g3 T - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
! |! R' ~0 h# w$ I5 m; ~ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; l# G; A( A0 s0 p0 i9 y7 P' O
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]# ~( t% r' U# e" s# v
- [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
& M4 }% X9 z& q9 W - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]6 V5 h8 a* l8 N; D# `. O) A* C
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]7 [8 T0 F. c% }9 o9 E
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
% _0 g* X" i6 X6 y2 K- W* @ - [PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 s+ H" F2 O; F9 p9 W
- [PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]5 r! P* E2 I( t9 [/ l! @
- [PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) n1 r7 y: L; v/ t1 R' Q
- [PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: ~5 U" [) u: f' W; `; P+ v
- [PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
* @5 b& L* m+ U: Z6 n - [PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]# N% e3 D# A( [( ^( \. ~
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& H% _% @, T8 h" s1 Z
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' L3 \! c* d8 x$ B- e U - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]3 S Y, J' y) k9 }' Y
- [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
4 ?: p$ V' }& [2 s5 h - [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
& _9 H$ l% K. D& W - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
5 F* v* @) Q* v6 c6 n, _ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]3 a) O/ z- F; J3 B
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]0 c2 @. q) D% `* E' a; r
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
- ]) W; `- Q& n) J1 h( @ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]& I+ i; I: S; K; F3 u6 r
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]5 a8 _9 l+ j0 m1 s( x: g: a3 J% x
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
. R/ l9 I5 x b" _; T6 _/ `* }5 z - [C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]# Z3 @7 n% b3 a' L1 @" \
- [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
/ r" [9 Z5 G& w/ t# u( R. m8 t - [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
- o# a) v& q3 p& ^& [) \- A- j* O - [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]1 ` S" y+ ]; n' [& i- V; H# {
- [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
" u5 \/ k8 T( {: a- d2 V) m - [C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]' y4 G6 l8 `/ Z: r9 W
- [C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]3 X9 ^; k( d$ d/ @5 K# C: j
- [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
( _9 q: j- I* w: q5 L7 S - [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& D6 ^% A* }5 x* S7 H) S( ?9 c8 p- ` - [PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
4 B d5 ^5 u' q' ]" ~ - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]/ y: m6 L) N" l) g# b& ^1 G
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 b* d. {0 a2 x ` - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ b3 n/ K+ ?% s# C1 K; s
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& I; Q$ l' K1 d8 j( u7 `8 @ - [PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]3 k9 _. y- a( j, t& |: B
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
( C+ S# u" H0 q" I - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) h# {" i f4 A+ x8 v - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" V# h9 u, `* D: H5 Z2 [
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
! \% v; Y) o, h& _& m b: b: I! e4 `% G - [F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
* G) z8 A2 ?' |( r, C - [PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]1 [5 J" I, m1 {. L$ N- r
- [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 M7 O# ^, N9 X( e
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 f( Y) k) B: \, V: l6 k
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]; N7 P! ~* }+ H* V9 E# V
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 K8 @, y0 V8 M8 o
- [PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
0 S0 H Y- p& Y6 Z - [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& ?5 T4 o7 D! M! Y
- [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
( N: w; n: z$ R/ Q% [ - [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ c E; A( q8 a6 E7 x- @
- [C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 E' ?" G; m6 U
- [d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
5 _ D/ c3 h$ K0 S$ i# ~ - ==================================
* w, c+ O4 i' _5 \1 v, ~ - 文件关联
H0 o9 Q" L5 ^& g" D- ` - .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
% ]- z9 l/ H( B" z - .EXE OK. ["%1" %*]% \7 z1 c0 `3 k9 x
- .COM OK. ["%1" %*]5 x# W% s: b8 I1 V3 _' G5 P. r. l
- .PIF OK. ["%1" %*]6 Y# _( i4 h0 \, W, U( y, I
- .REG OK. [regedit.exe "%1"]
' |$ ~' U/ ^6 A( k% V/ Y1 t - .BAT OK. ["%1" %*]
% C" H8 w) V- J: x - .SCR OK. ["%1" /S]2 |- B0 d$ b, j" l
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]5 g3 Y3 L' i7 j$ i
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]4 @9 z: N+ g, i* a$ K) C
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]7 Y2 J5 }( n0 w
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
# y2 O: o) D- h8 q - .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
& _+ s& r) x; F5 k: P( ` - .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]" J3 u( ^! |. J/ B6 n e4 x
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
! t6 }* V/ b9 Z& N: } - ==================================) K" E7 D4 k. C8 f2 t' L
- Winsock 提供者! u9 G# d: u5 c3 x0 h1 O4 G4 S5 W" m
- N/A; q' m" X* U1 d, J! F
- ==================================% d9 S# V T, w3 g, t
- Autorun.inf
' w1 c! D/ ^' S# ` - N/A$ n. s* `9 n1 U
- ==================================
. T( K s. W* \* ` - HOSTS 文件
! s; G- I6 t+ j/ p* U$ ]- k - N/A0 N1 J: Q i) t3 p! [& L9 l
- ==================================8 _& Q6 V$ r2 _7 l' |0 g& Z1 b
- 进程特权扫描
: h; f6 h2 E2 M1 `& @+ t2 Y8 ?7 \9 ]6 ]8 v - 特殊特权被允许: SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE], K, d+ r+ {. }& M
- 特殊特权被允许: SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
' x' |1 ] ^" ]9 [% ]7 w - 特殊特权被允许: SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]' F2 R: @5 }) J! B5 E, |
- 特殊特权被允许: SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
( T) @ w3 `2 r - 特殊特权被允许: SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]) e% c8 Y) B9 h A
- ==================================
+ ` \3 ~& i2 f5 P0 W7 I. z4 h - API HOOK/ v$ z2 C6 P3 b+ k- h
- N/A, D2 E- [3 m2 ]& D
- ==================================3 r6 K1 Y, Q7 A9 w" Y/ f/ K- Z6 ]
- 隐藏进程
_ y$ N+ y1 U* P+ P9 L - N/A
1 y) ~( `% I: S* u) _+ o- A# Y8 O - ==================================
& u. @* x9 u3 r# N+ A - - \4 j% x- p$ s# ]7 U$ g
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
