在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

& B, V% P0 {3 ^1 H F
2008-05-22,20:37:43
3 j% }- `/ ? Y, \' {5 A
System Repair Engineer 2.5.16.900
8 R( n% v! d8 o2 |+ ]* V
Smallfrogs (http://www.KZTechs.com)
' ~2 e Y- ?5 y" d& b3 h+ p
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能$ \2 j# @5 a# U
以下内容被选中：2 i, @; P+ H% [) [0 G/ Q6 M9 q
所有的启动项目（包括注册表、启动文件夹、服务等）
2 h3 L( R6 e+ r8 \$ m. R! {& i& l- L
浏览器加载项
9 i, }: N' X: d- c
正在运行的进程（包括进程模块信息）
1 C0 I5 k1 `7 ^! E! M: H: d+ L/ q
文件关联. f% f4 g# v; ]0 W; }; Y& {4 p& z' ]
Winsock 提供者
+ ~) l0 X3 K7 x, V5 T$ e5 i
Autorun.inf3 l0 U y$ V6 m# ]. v) ^
HOSTS 文件
3 T$ P2 F1 D# w7 K. z
进程特权扫描. l: Y3 B# A, O8 e
: G0 k" K9 Y* A/ i
启动项目
+ v' F, n7 p8 d; s# m: F3 M1 n7 m/ @
注册表
- L) A' H1 S) j; k& |8 k. o1 t, m
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
" r" l3 U8 _- k3 g' l3 r, w% O
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]5 T1 S/ E) U% g$ C% U
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
" p8 p) L7 |- ]) L
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]2 V$ h8 v$ V3 y- V* F
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
r% w; s s# w; I
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
+ ~6 @7 X0 j7 e5 L$ { F n
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
- s; x& d& u# q/ a
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
$ u' O6 t, B# e, H7 C; Y8 L# P: {
<PHIME2002A><; > [N/A]" T8 _, |0 R0 Y$ e4 J# p
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]6 s8 f9 g1 C' x: E
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
6 b0 x a( ~ l4 a+ [ N }
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]: K% C+ Z+ S: Y/ N" \: ]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]; n6 X5 Z; r3 e: g
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- P4 z7 ^& K/ S3 P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]8 Z" _7 _' M2 ~# f
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
0 q/ ^/ Y0 y( Y3 |1 ?# k9 A9 l
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
9 Y9 O9 b" x% A( G! G: d0 g
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]" C0 }1 ]! J4 }6 M' F) `
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
$ M: x6 y3 P& k$ y7 V' R
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]- R5 ^8 m8 H/ q5 W) R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]! `" l# o6 }, @; I$ @. M Z6 B
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
9 c0 x, V, y; L ?
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]5 p1 z! C4 G# ~* R! d
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A], r+ `' E' Y; l3 I: S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
$ J. S1 \9 y# F' R- q
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
4 m6 @1 M g( X4 F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]' f. M4 @6 {3 m4 d/ `
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
+ h; y" j$ K6 U2 t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]. W: i0 \' z, x2 N! b; g
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]5 x; j9 Y" @: U
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
( \ y( S7 H1 m; E! l/ d3 u
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
8 ` N* F4 D' h6 L! ~
==================================
8 f$ t9 y+ N Q( e/ K+ a _
启动文件夹: R2 s" q& V1 ?. o
N/A1 R$ O# W W& \* e1 I
==================================1 W; v9 @* N' z: c; ?2 C
服务
) B1 p1 @, ^7 n9 @% R* }* o, V
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]" r; g) F& U9 `8 E
<C:\WINDOWS\System32\3wareSrv.exe><N/A>& J r7 t2 A9 v; q1 c
[Google Updater Service / gusvc][Stopped/Manual Start]
/ ^+ _5 ~4 G# S" G
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
! W/ R4 O5 k4 i: F* L5 ?
[Help and Support / helpsvc][Stopped/Disabled]$ I2 W& `% A- d1 B
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
1 W' R9 A$ v- Y F' n3 x
[Human Interface Device Access / HidServ][Stopped/Boot Start]
/ {4 A" c |7 h! S4 ^) P' o
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
$ u$ Z2 Z; ~) w$ o& o! q# ?3 x5 Q# M
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
( ^* S" R9 U1 L, @6 ]# X* N
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>& t( b: d. r8 h$ d7 ^' a, y
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
) |% d- V: z8 u. r9 L
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
o& X3 `* Z: l
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
' d* V' `$ H+ S7 C; B5 P% E
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>& v5 p3 Z- Y3 t3 y6 r$ R% U
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
" b0 z6 X# B# E4 c6 r+ Q P
<><N/A>
8 y4 v$ q, O! z: q
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
6 \8 ]9 R# Z1 ~# A% ^' t
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd> ?* J1 e9 M9 W' n
==================================( ^" {) V' |5 i( G5 m0 {, h* F; p
驱动程序
8 v! W& Q. R! G# D
[22j / 22jn][Stopped/Boot Start]' l& ~. A3 ^ I4 C- u9 T: G
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
. Z% x' U2 X+ Q [# k
[360AntiArp / 360AntiArp][Running/System Start]
- J" e8 N( B( w4 N+ M0 T3 Y7 m. l. M
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>3 [- Y9 _7 T5 o+ \6 g9 t. X
[43ec / 43ecu][Stopped/Boot Start]1 u0 y. X* v4 ~6 |
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
2 ?4 N: \. E, F) G/ o
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
* U) X' s6 B+ M0 I, H% |" U1 G9 z
<system32\drivers\ac97intc.sys><Intel Corporation>$ P1 N" l( }0 |' l3 E
[Promise driver accelerator / bb-run][Running/Boot Start]/ G6 ?+ V6 M( ?" X0 X" m
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>/ g2 a6 Z2 d9 q- f: Z# ]
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]" @, U+ ^( p( Q4 t& J
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>% k* q6 u, W' S5 |- M4 X4 j
[KAVBase / KAVBase][Running/Auto Start]( v" Y1 W) l* d0 e$ Z: p
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>* E T, |, n) Q6 g8 N
[KAVBootC / KAVBootC][Running/Boot Start], I( u9 p( p) I$ a
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>: ?" [4 d. e0 o s+ W4 b% A
[KAVSafe / KAVSafe][Running/Auto Start]0 N* u& T' C' l& p! C( i/ K
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>6 a: w; _, m' ]" z7 i/ r
[KNetWch / KNetWch][Running/System Start]# s) x9 R/ x1 ]' L
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
" J5 F% @* j( ]' b! D1 E6 I* d
[KWatch3 / KWatch3][Running/Auto Start] g# S' o! Z0 u# u
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& L1 @$ x( z, a: w- b
[ntptdb / ntptdb][Stopped/Auto Start]
" M2 D0 C4 G3 |& I+ u
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
7 m, ?* ~; L) f6 i9 G
[nv / nv][Running/Manual Start]
7 T0 a8 l$ s+ l7 b
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
6 |. W( P3 l) l0 `5 R$ I0 Y; d
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]7 I: f; u$ t& R. ]7 w
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>8 _; V4 _4 b Q/ ]; U. T; N+ k- l
[DDK PACKET Protocol / Packet][Running/Manual Start]
, x# [2 W+ b6 Q2 o. I' p. c. \
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
. z2 c: {/ M/ k- s0 a- o
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]# I0 S: f$ c1 ^4 y0 @1 r
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>0 I$ \2 H6 a4 K1 X8 Z" w8 p
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]1 T0 T& N- y$ o5 t+ N$ r8 e
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
8 s. ?# V9 X. |3 U7 _
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]- g: N7 O% F( y, e7 L, l$ n/ [
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>0 v" m. a- E; h* h
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
/ O4 E E0 D( i
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
5 Y2 P3 k$ [, B! Q& {* W/ L0 X
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
# c/ e: }" f3 s s, T) S+ w
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>5 v% L6 f1 U7 F" ~) G: r
[Secdrv / Secdrv][Stopped/Manual Start]
% k9 e. Y% o3 ?1 x0 H% d# [) S
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>5 X4 n6 i9 p: t" c1 ^2 o1 |
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
; G* w( ~# \$ n
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
) t: f$ o; a( x [% \' W
[System Restore Filter Driver / sr][Stopped/Disabled]( t+ }& G, ?* i2 n6 n& Q: |
<system32\DRIVERS\sr.sys><N/A>; C( [# R u$ e# a) j
[TesSafe / TesSafe][Stopped/Manual Start]
7 x3 V% A. C9 w; B* x% U
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
5 M# p, O6 e8 w* C- ?
[System Services / unzxzsrs][Stopped/Boot Start]
) \ k) q# ^/ Z! o: O& M
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
& g- ?& b) b' [0 d2 ~
[ViBus / ViBus][Stopped/Boot Start]* F4 s7 ^9 I4 M1 [* ]* f6 B! t9 P# G
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
# m& G! _! X. u6 d2 S! Z6 m1 V
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]6 T. x3 I: W8 H
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
. K0 J( ~! t7 ]$ Q" Y. S1 f y) t
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]/ D! o# o7 O: [+ a9 y) d
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>( Z2 _, E% y+ d
[ATI Extend / zhibmaso][Stopped/Boot Start]
T6 Z9 W8 q( G( E5 P- H$ |/ w* _( R
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
/ l/ R' R9 a- I/ p
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]2 y+ M0 J4 R7 I& T$ m
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>( @, I# S' i# R0 n
==================================* k* O0 T/ a# l, D0 |) F
浏览器加载项
7 e9 L" s& d0 l( e: z
[Google Toolbar Helper]
; g, z, {( N! f0 ~) Q8 C
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
# e' Y- Z, `9 U7 \$ h8 U
[Google Toolbar Notifier BHO]
/ s, f! R! S5 ^
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
9 F3 W W8 l3 i) L W0 |9 h4 w
[SafeMon Class]
* A1 v8 _: w; @( y
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
! B9 j2 f3 }4 d
[kingsoft browser shield]5 q4 z- Z' z5 f. a7 B* X2 b
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>9 C! Y% k' d; @: T0 X1 A. D2 h
[IEBuddyExtControl Class]
6 E6 Y- O" _3 v8 ?' e
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>& w+ e4 a2 j6 {: }; ]& @
[Zcom 杂志]" p ]& C6 y p, _3 ~7 C
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>2 h& i0 {! T* u& W3 C2 M$ i' {0 ]
[&Google]
/ A9 ]$ m5 E4 p1 Q0 r7 _/ f8 Z
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[7 V9 x1 K- u3 ]) R8 I
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
7 O/ S" R( ?( d: z0 M
[Shockwave Flash Object]
+ k9 R7 G2 H3 [. W1 J+ |7 P6 `; }
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>0 E1 x5 Q" j+ B6 l
[KUpdateObj2 Class]- G! U8 B5 f: d4 D
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
+ s, A& J2 F' |
[Google Script Object]
. M9 N" D* {! X5 E# b
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
, a! |! D) T# V8 f5 \. J
[EWA Control]& G4 t3 l2 F2 ?$ ~7 h6 n7 |
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
; u' Q9 S; E$ _: Q1 ]
[Windows Media Player]6 _! G: @: q1 T( c! A" @
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
8 w8 ]9 | n; D
[&Google]: z1 p& S" f: }; L0 R( l5 _
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>% k& K0 _/ r; k' n: G+ n7 ? M
[HTML Document]
; D+ j" s6 S; a7 N. T5 N
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>! [9 `7 A1 h2 @( U& |
[DHTML Edit Control Safe for Scripting for IE5]
) \ c' ]! _- j$ C8 e% o
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
6 O8 d; _! {- C. F
[RealPlayer RAM Download Handler]: ~: e ]% [) u C/ e
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>/ c( \( d( U5 Y/ ]
[IEBuddyExtControl Class]
& i9 E7 m+ d- T/ z! a
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>3 V2 R( o' d7 _; r, W, O
[XML Document]
% d! c3 i4 k: Z: r4 j
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
# M/ w/ u9 z6 K. W
[HHCtrl Object]
( R' h8 ?& X" G6 P4 w
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
( S- p- I1 N1 m
[Windows Media Player]
9 i9 A1 w: ^6 W/ u- ^+ e* v6 ]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 b4 G; V8 R5 I0 M
[Active Desktop Mover]+ b: Z3 v0 d. H" w, \# f
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>* s! Q0 U X- O
[360SafeLive]4 E5 V, T9 }6 h
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>8 _4 q I+ s" v M: t1 C2 v( A
[Microsoft Web 浏览器]
3 @2 g: e- I! C; J* W8 K: c6 v
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
8 P6 W% d! `8 N# E4 |- \0 h
[Browser Enhanced Objects]: u, Y T! N# m* q' g/ R
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
: V. V( R% m) v3 _! \4 G3 m
[Google Toolbar Helper]
) z/ b2 ?: }8 n, n* Y* H# Y& j8 {
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>3 o7 x+ d0 X2 D+ `( Z* I' j
[Microsoft Scriptlet Component]
; m) z. X9 q: T7 c. y( Z4 {
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
; Y# C9 A+ T1 q& y( L
[Google Toolbar Notifier BHO]
! j8 C( N. T8 a; u8 }: a
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
5 \( j. s+ i2 W7 Q) X/ F: d
[SearchAssistantOC]
2 q. Y3 U9 Z' j) E: \5 J3 E; C
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
, W+ B! b. X8 `+ u
[SafeMon Class]
: |0 c4 h* |9 P. k# r+ {
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>1 Y" O# E# H1 o9 E3 G
[RDS.DataSpace]5 d( O, H5 p# p4 z2 |$ t- R4 t
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>- n( ~ V+ H( H, _4 v$ K
[KooPlayer Control]
: o4 w/ R: l) O
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>; k, R& _2 F3 h/ M
[AUDIO__MID Moniker Class]/ l g, N2 y1 a* [+ P; s( \( M
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>4 e( S# J. w+ w6 y; h
[AUDIO__MP3 Moniker Class]
: w3 B$ Z' ?, k
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>7 a2 F% l0 g: M8 P) R" @
[AUDIO__X_MS_WMA Moniker Class]
, Z$ m6 g5 g0 ]: @" ^4 r
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
6 ]* L7 m9 q: ^; _
[VIDEO__X_MS_WMV Moniker Class]
5 j1 \3 V. K; [& f) l
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* m4 v1 f [/ U/ C+ L, \$ |
[RealPlayer G2 Control]
; f) w* G& \1 q: U; H
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
6 M3 T3 Z# H% a& P8 [4 N* l2 k& \
[Shockwave Flash Object]
* E, x, s0 h3 O1 u/ }
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[KUpdateObj2 Class]* J& e' [2 {! O* f
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation># {; G; u5 p w* e% M( j
[kingsoft browser shield]
, j! G$ Q3 w# B$ q9 q5 _
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>0 s# a+ |) `" C% P% M/ K2 e
[PasswordEditCtrl Class]
6 b' Q- Q# V, e
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
. A5 N$ P k! {8 w
[QvodCtrl Class]
+ s4 q8 F4 B2 v) c0 p
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
0 k' ]% I* `$ a7 |1 z; f1 k; L0 L
[&使用超级旋风下载]
: z8 a6 h! I/ B4 A) a1 p
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
: C% W# ?3 j: A+ f+ _
[&使用超级旋风下载全部链接]
. [- z# n1 l a# O# ]0 r+ a' V
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
, c9 l7 k3 D6 D$ ^0 Y0 S' [: b! I
[使用迅雷下载]
% N4 o* W) z* o0 @2 P+ ?
<, N/A>
7 Y) G& R8 W# R# F( ]% s% Q
[使用迅雷下载全部链接]
4 l$ P4 M: s8 F) q
<, N/A>; M5 ^: r; P& z
[导出到 Microsoft Office Excel(&X)]
: b9 s1 E8 E. P; T
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
2 U) U7 L! Q9 p8 e
[添加到QQ表情]
) k. I2 V0 D9 s' T" ~$ t6 n
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>0 d# R8 I8 z. d4 s/ \
==================================
) @1 m3 P/ ^ m" l, L/ \
正在运行的进程7 A+ |2 F, W/ G1 O! r
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' A3 }, M, o) }1 x( O( m, A0 E8 L
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' y- _" k1 S. a9 D
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# U, x" ~: r! l) ^* G3 N
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]' I ~1 i. O: H# C
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) B2 G m, {' F1 e0 t6 @ W
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 }+ a c( M* z( c
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* b, f! r c6 w0 r4 L' I, }
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: p$ L, p) Y6 x
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) E, z1 u2 ~0 v1 C7 r
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]3 g- [4 C1 @ e
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# o/ @& ~ {' ~; h8 @3 v7 m7 y/ ~
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]# e+ y& ]3 S. q7 m. Q9 T) `8 r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! ^7 q8 H4 E( j1 F9 x- l! M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 L$ ^: f }' M: s, Q- s" l7 ?
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]% a0 J7 L3 W* B% }/ p" x. F0 @( E: E2 ` `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* W* u" V& p7 Y' m. `5 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
# f: J# Y2 m6 k& q- `0 b- x: w
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]/ ?& W: b2 e* f8 M& P% X
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
) A' ^- x1 o ]4 O& p7 G1 Q% e* G, l
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]# ~; r" P! K- L* X# s2 y/ m
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
8 O3 K2 h2 m( e. }; Z7 }' L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ C4 M! c- t3 C5 Q w
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]. g% J- K1 L3 D% R* C3 V$ K
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
' W2 ~5 I. r2 ^6 A. }
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]4 I! x Y; K' Z& e
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
' {% m6 M. H3 ~0 v
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]0 f+ q0 J, M: Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 V/ a4 O M! O+ A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
$ L# [' V7 g! u1 k* h6 W0 b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. ]$ U# H' ]/ f
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
) a/ P+ c4 l- R% T/ J8 w7 a
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 @5 G3 X& C: @* Z; f4 W% ~$ S6 W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
. l1 E0 y$ i$ Y! P( I- d9 b! z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ E. ?+ U. U( q1 I% X5 @
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]' |! [: T5 v& l) a* X& @$ H, I5 r
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]" z' T6 d7 g4 E J7 c. {3 B5 i
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
1 u0 d- p& v0 a8 l- P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 ~, R) C6 E! Y2 F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]' z) @( `" P# |" X9 |" \) v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]. ~; c% s7 |. b1 W+ N( O* I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
3 J3 M4 \9 U/ Y; V; o8 m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]& o5 l2 Q; }, {* p; w8 q/ B- c: |6 Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 @$ O7 p/ g$ \( I) H
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 v% S% S" v! b- B
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
, M5 J5 j! |6 z1 O' w, I+ J
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]0 t. p5 L J) v6 f
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- U/ ^9 S2 \: h& s# q J8 ]& l% ~
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
) y, |) [$ Z9 w9 D' M
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]8 A# F2 W: e; \ d" x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]- ~9 L( O+ g! h% l( X0 E) j/ A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; ~+ U" {8 I; a# X! P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 @9 o5 r/ `; v' G$ C
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
6 m0 C$ M4 Y7 N7 C: Z& ~% Z9 S
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
% u( h* h7 @3 F' U& k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
, x% g: `2 T. Z" l+ \3 X0 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
U* U% ?: x! @3 d0 d( k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]2 q3 W6 i7 }# y; m0 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
! [& h# f( j0 \; a- I; [# W
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]! _9 G% d- @$ q9 ~' s- r; M
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
" h9 N# T" z0 G4 @) P1 p
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
?- w: o$ R. P% U
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]+ b4 s( Y* p$ _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' b7 f0 M3 `- P) {( D8 v) t
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
; y1 @ d0 ~5 }, j2 U4 D' a
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
; |7 e- u3 E6 I# ^
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
+ i; n( i' P6 w# M6 O" K( E' R
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
5 D; w! F9 ?' D$ V! S' [' M
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
3 e* c. j5 H7 o4 U2 Z5 g
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
7 O2 V: Q5 b/ N
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 W9 e% k9 `4 [+ J3 U
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
% E9 q) T1 I2 a
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% Z9 _' ~' S, [9 T" y3 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5] s- b+ u; m- y% Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]5 B) _; U* f7 K& l4 `; a% K* q! x, R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]4 D% _; k. H7 B4 T7 w! B, Z. ?
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]" n6 X0 ^! M5 z H6 `; b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* M/ F# x, T% e* f% H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
. y7 b- Z; X A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]2 z3 I/ V$ @7 ^
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]) q- H. h) ?; q0 v
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
9 D- i! L- \8 T( M
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]8 N. L9 ?; c, M( y! b: L
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]- @2 |/ S- `$ E# x1 n! k' n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
, y: n5 Q) l) @1 M' D; c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
/ c4 A' j5 Q0 G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
+ J' z; ~" ^ Z, F+ C' v
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
$ H. w9 n: D1 v7 E2 i4 N& O/ X
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
' T, p" ^5 n5 k+ d4 C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 |& o3 R7 U( L! Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
2 @( d1 v9 {9 R! U A
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]/ M3 U" V) _& o0 S! U9 S+ j3 f
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
3 {0 q0 j" T, ~$ ?2 Q) B
==================================# R, ^, t9 M2 V, a6 J
文件关联
* j( C! K% K2 P: w/ R V" H, c
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
5 k1 d+ B" `- D2 a! U8 F
.EXE OK. ["%1" %*]
; [, y5 `1 g2 E% j! G" m
.COM OK. ["%1" %*]6 e: P/ a0 y' Y4 n
.PIF OK. ["%1" %*]# U& T% q K3 y" u3 v
.REG OK. [regedit.exe "%1"]
V! T/ |: Q \# i/ W4 t
.BAT OK. ["%1" %*]* e1 [% `' m+ N0 B
.SCR OK. ["%1" /S]5 z( X8 O+ d# S- p* y$ Q8 C
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
# o( x& {" A- T
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]% u- i t# C( }" {4 C/ V
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]- a; N& z& P4 l
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
* K# B3 P9 C' G$ `: C0 s/ _' W+ _
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
6 y; x" \$ C: G0 @% ?7 {
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]) z( t, x: C) i1 g% S6 ~/ M
.LNK OK. [{00021401-0000-0000-C000-000000000046}]; {: h1 F& K. D1 E
==================================5 O5 q) o r, K p; ]$ g/ O, z2 m
Winsock 提供者
' v2 G# |/ m6 j9 _" ^
N/A; T. i- s- E# {; w* H) a
==================================) ~9 |6 I$ r4 }* c1 _5 M( t6 B
Autorun.inf2 V# y1 L0 `; t5 G& R
N/A1 Z& M/ A2 b% {
==================================
0 q+ v. N. g2 Q9 S+ O4 A
HOSTS 文件
4 T$ M: s4 ?, F2 q$ `, z8 ]
N/A1 O' Y7 j8 b0 H# j7 L
==================================
( c! c: ]* Y' I
进程特权扫描
; d& f- W& z" S0 J; \
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
* {1 n" o4 |8 S) S5 k3 X
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]) Y0 S0 a+ P% p# L2 {. B! S' {
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
$ Y$ J" F, Z% k# u% `
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]+ q5 t$ ]2 @$ u& e/ V5 F2 t
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]. d0 j0 o( o9 o
==================================
! O6 @5 E3 s9 W+ ^, Y: Z) j
API HOOK
" w. j. ?. j/ Z8 Z3 R3 M2 l) p8 N
N/A: R' K! K- c5 r$ e# U) g) H" {7 t3 R
==================================
' a) z- f! l' h% l7 T7 i
隐藏进程) k# S+ D. s4 `, W M
N/A ? j; V4 w1 ]+ \ ^
==================================
+ \- X$ T z+ F1 F9 _; U
, c$ I i! q5 b5 }$ Y2 R

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115