在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

( p ~: n$ W# ]" \% K/ [
2008-05-22,20:37:43. f' K5 k7 n8 N( Y; g4 X' [7 M
System Repair Engineer 2.5.16.9007 b H! J5 J* Y& b' E; v
Smallfrogs (http://www.KZTechs.com)
1 _/ v4 t4 o1 a- p8 Y2 r4 O
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
4 p9 V' P5 G, ~( _$ \$ a% i% x2 u
以下内容被选中：
1 w$ ]7 K* y. U9 t9 I i& M& r
所有的启动项目（包括注册表、启动文件夹、服务等）
3 K' L3 G* K! X1 R5 {
浏览器加载项3 {2 |. I( y% W& d
正在运行的进程（包括进程模块信息）3 Y. s' k7 {4 n- L5 \' O1 J
文件关联
* `/ ]9 \* P& \8 L" B9 @
Winsock 提供者$ C& F6 H+ a" s. O
Autorun.inf
8 y* H6 | x2 \8 z" `4 A/ _9 U9 ~
HOSTS 文件9 \. R) u& W& {, @
进程特权扫描
1 L6 |# V9 ~4 M/ [* K% Y% S
" U( L d8 x6 f( W z3 b
启动项目
O2 d7 Q# E$ w: ^7 l. k# b; s1 h
注册表* ]& d2 f; p& S
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
( i! j: t6 P# a7 N2 x9 q. Y
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
& ]; P- d0 j4 L
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
$ a V3 h; D0 }5 E0 T2 l
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
) N3 U$ ~) \: M
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]* M& y; m0 B5 T. z F! |
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
h( Q4 Z1 g) r6 G
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
) l# V2 s2 C% O% ~
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]+ g) e$ c, j- J0 r6 E/ z5 q
<PHIME2002A><; > [N/A]3 r% y7 ~% `+ E1 G- h8 ]
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]; C A' v' G4 ~
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]9 c( y( y6 V& G( T. e# ]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]1 f7 p' c# W' o; H' ]0 K+ b2 L
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]5 W' a4 {7 M2 e; {9 R/ Q! ]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher], m( N0 J% d- ~8 m$ o: v/ x% m
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]+ h4 I9 [: Y! d- A& ^: a" T
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
3 h* r8 s# L* R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]$ j& I2 e; ^7 S' e4 n& p! x
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]* _* o; e( H+ _6 p2 L8 y. h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]. E7 O. P+ \+ H* k6 l
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
1 C+ O; ^/ |! @( y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
8 j7 U! @3 z; w6 D- Y6 i' S$ K
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]3 J% y! L7 P2 i* D$ K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]9 M1 W+ k: F4 y1 Z% {( b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
, K1 V9 N$ a' X: A) J& m; A, Y" l
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]/ h) a6 V+ Z& ?- }
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
, w5 a g8 Y: F7 d" t2 G: }
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]2 s- `: {& Y4 F+ t. E" c; c0 h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]0 r# z% X- y7 J8 E
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]) _% h. W+ q3 n' j% u: g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]0 f- M; |, I c& D
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]' A: T {6 y- w7 p( k4 D5 L8 \
==================================
2 F% x/ u' [, m8 M: O
启动文件夹
5 Z* h4 v3 F- {5 _) }
N/A8 X6 |% s( }; o, c4 w; g' x
==================================* x1 L2 f, {* ^; j0 s
服务3 K" c e- e5 i) |2 L
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
: Q b" {- V+ k+ W3 y
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
% ~; {3 F5 ?, y
[Google Updater Service / gusvc][Stopped/Manual Start]$ T- C( B& G! [
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google># L, W6 o( c6 e
[Help and Support / helpsvc][Stopped/Disabled]
% F5 Z2 Q8 i9 U9 J/ k) F
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
% s7 _$ s6 d2 T1 u& [0 V0 j0 W0 S S
[Human Interface Device Access / HidServ][Stopped/Boot Start]
. z9 C! G2 B4 g* X
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
@ a: p6 [3 w# p" F2 Z# ?
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]; x. k7 l* D3 Y, G7 V, R
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
9 \& v9 ~) Y* p! x
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]) R! C7 {. n7 i8 b0 [
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
+ K7 `0 ~( A4 m
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]2 \* ?. [" |" f, D; |) I
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>$ \$ c+ h, g5 @, g: m
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
& P( a; e$ q5 q
<><N/A>- a: j" @, X) u1 b4 h
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
7 I. L/ R% R* a0 @) C4 y
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>% R# K4 O4 z% d3 ?5 Q
==================================
( }; g' n( u/ R3 I5 b( V! u
驱动程序
& I8 H% B( J0 P4 A7 o* b% k* _
[22j / 22jn][Stopped/Boot Start]
, o$ }. b$ g* w) P( \
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
' _) P2 [+ V! `- Y. c
[360AntiArp / 360AntiArp][Running/System Start]3 |) Y0 l+ O* l. n: s( X; \
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
0 v$ h M6 V2 ~" V x+ a% O
[43ec / 43ecu][Stopped/Boot Start]1 a2 l5 E9 G& U. t, ~ U
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
' x+ g& m: w1 B5 m9 ]
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]- S3 K6 L) W9 k! _/ r
<system32\drivers\ac97intc.sys><Intel Corporation>) O! z* v5 j7 E
[Promise driver accelerator / bb-run][Running/Boot Start]
8 e/ ~" T; S* H0 e% v7 P! s; e8 W
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>2 y5 e9 ^ _6 s# ?8 d* v
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]; c/ Z- A8 x: f3 ^3 ^" G
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
4 a6 [: @3 v$ s' Q/ C8 P8 L2 X
[KAVBase / KAVBase][Running/Auto Start]1 ?2 b* P$ @/ S z
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
% V E J' E5 ]: C+ [$ {8 Z
[KAVBootC / KAVBootC][Running/Boot Start]% l8 V0 E! |9 X, |( U0 N1 {* h
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
& c# n/ n6 Y- O/ E: @" r
[KAVSafe / KAVSafe][Running/Auto Start]
* C3 G* J, l6 N, k
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
0 ~0 t3 T0 S' b
[KNetWch / KNetWch][Running/System Start]
) O; ?2 y7 q( v+ \- L8 `8 A- `
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
: l! {! b0 L/ y$ Q0 Z1 ^+ W* x- ^/ T
[KWatch3 / KWatch3][Running/Auto Start]
4 w" a7 S# O: E9 \- F
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>+ o+ p h9 G" J: n( b- I
[ntptdb / ntptdb][Stopped/Auto Start]
& K5 i! O' r4 k% A+ a, Z( I. d
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>! W' i0 m: R2 n6 A
[nv / nv][Running/Manual Start]. F8 ^, ^2 l1 m! C" q& u, a6 Z+ e
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>, s" |$ D& z- {2 Z+ n5 B. r" X
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
4 ?) w# o7 c. q" n/ q. e2 J- W
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>1 ?/ z2 @/ N# P2 P
[DDK PACKET Protocol / Packet][Running/Manual Start]# ]$ {! V% T8 r
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
7 P( p e y6 A, T+ [
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]1 t; S% K9 k$ z( I4 a# _: G' Y
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
# Z& ~ c- Z/ e- \1 }7 i8 f
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
( g( |" H# w' N. m) \/ b
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>5 q9 u% U2 z/ ?3 b( z8 w: B9 H
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
! b7 \* C9 Q9 M; H4 n( f
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>( r- q) ]0 n6 W3 k# _
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
+ h2 J& A2 _0 {( f7 i z- @
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
) I5 e6 t8 |& ?9 p% S
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]7 K4 I: G4 ?0 n9 j, M& u/ X
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
1 i1 t* C( M8 |9 l4 i& Q Z- M
[Secdrv / Secdrv][Stopped/Manual Start]& X$ E& c) D5 ?* z
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>9 K* y! l0 w. y" H
[SATALink External Device Filter / SiRemFil][Running/Boot Start]1 M& c# h. U1 P ~ u$ n2 U
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
) b7 J+ Q4 F5 A4 A% d) @- P
[System Restore Filter Driver / sr][Stopped/Disabled]( Y3 F% g$ M" |& J$ B
<system32\DRIVERS\sr.sys><N/A>+ H* C" s" C- ^6 ^& H8 E3 G9 {0 s8 n
[TesSafe / TesSafe][Stopped/Manual Start]
- d7 H( [2 q7 @) W) R
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
( z' B+ D2 X% j3 t5 a8 `' O
[System Services / unzxzsrs][Stopped/Boot Start]
) e- W, Z! |# ]7 G
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
. I" I& K2 W& Q7 H
[ViBus / ViBus][Stopped/Boot Start]* D: W( h; O* P- `1 S1 _
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! ^$ b+ f- D: |& O8 i! B9 h5 g- s( C
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]" e5 c& g, z8 g1 u
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
2 d6 K: ?* H: k* V
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]$ s; b) d, `! r# n/ H, m
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>: d+ Z$ r% N8 X* x( c
[ATI Extend / zhibmaso][Stopped/Boot Start]
& ]: a, d5 b/ A. p6 M4 N# i' T
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
4 \5 j0 G6 i, s! N
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
+ i0 c- c$ }* ]& P2 v
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>( t( I7 u# O0 j/ x
==================================9 G3 {1 T6 m* m @! C# T4 ` A2 d
浏览器加载项
8 Z* i$ s! R% e, ?& n2 r5 j) O
[Google Toolbar Helper]. C% ?$ I# v; _/ \/ A
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>7 l6 X* @9 v2 ?' V" k0 I' y
[Google Toolbar Notifier BHO]
" x" G7 C1 K8 o1 a4 `0 r: M
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>2 J* j7 t, j: C. v. \5 n
[SafeMon Class]# y4 E ]& j/ e5 b1 W6 I" N
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>- R- L3 C+ C8 e
[kingsoft browser shield]
, I1 b6 i* ?5 U1 p) D
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>- W- W5 y$ n) J0 o" c
[IEBuddyExtControl Class]
( k2 C8 X' M7 e' H
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
( R- O. _3 W/ U5 y/ e
[Zcom 杂志]
# f7 s- h5 }7 V1 f) W
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
+ U: S$ {( W# ^- h1 { E
[&Google]) h* c e& l+ b- B, P8 @: @ w( s
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
4 z! I* o" b* ~# P/ \, R
[KooPlayer Control]( l; D/ @6 p( P- }
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>4 i6 c, r$ U6 O$ y' g" A
[Shockwave Flash Object]/ N" N+ Q- b A: X ]8 v7 m8 h
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
7 {) c% J9 C, {; H. [3 C
[KUpdateObj2 Class]! i: H, Z6 @3 M- E% E
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>+ R1 S3 f1 K( n0 ?* n
[Google Script Object]
* D& V) `7 q0 f$ j
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
5 h; A# z5 d- V$ V
[EWA Control] l E- z+ Y3 n; Q2 f5 B, Q
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
: V6 `, U# R: h/ A# @
[Windows Media Player]3 S+ t% K" P" B6 w" d% C2 R3 d
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>( H5 P" w* i9 e) c
[&Google]
8 {# c6 P) o9 c% H0 T) Q$ D
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.># A6 K" H8 r ?
[HTML Document]
4 k( @+ P& F: w0 B6 X* J$ R
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
0 T9 P) T4 h( H c( t
[DHTML Edit Control Safe for Scripting for IE5]7 d. q8 J% u* }% Q$ Y, F
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>' ^& P+ E/ N7 A0 U9 _
[RealPlayer RAM Download Handler]
0 C- t7 Z0 [% e* d9 f* U
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
. m& U, i' B: {' k, A0 N9 o, K+ r# |# W
[IEBuddyExtControl Class]
; k3 v0 f5 P2 k3 P# u
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>2 t2 P' \( m7 m F! j: u: K
[XML Document]1 u; V* ^9 ]8 y' W
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
9 j6 A% E& a: \" ?! j o' `1 m
[HHCtrl Object]
2 x6 I" p6 J- k* v
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>5 s; V' C. s2 \* o, n
[Windows Media Player]2 y9 P; [, x6 k* k8 I
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 Q D3 W/ A ]% c( O" X
[Active Desktop Mover]
3 I. b' |, B& H- Q1 N3 D
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
' Y6 I- ^$ o! Q
[360SafeLive]
) z x% @' y- _
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
/ x5 X" \3 Q' I! i
[Microsoft Web 浏览器]
3 f4 u+ i0 U% b- D6 O3 c2 X
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
$ d' P2 P- [' o/ S' b
[Browser Enhanced Objects]
! k" @ X0 h$ [8 c: @, {8 H
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>: {; Z* P) k5 U0 \6 P
[Google Toolbar Helper]
# s l, ~. a# A. E
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 r! I5 V6 B6 [: j
[Microsoft Scriptlet Component]
6 M0 V7 Q2 b. _0 l% a r
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>% s& s4 b( ?- P% i
[Google Toolbar Notifier BHO]. {9 [3 ^; I5 |# r. c
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
7 F Z+ V9 |% k% P
[SearchAssistantOC]6 O5 y3 }; X+ M& c2 F6 r" `
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>3 R, Q7 b* s: ]7 C
[SafeMon Class]
( g/ ^/ A; Y5 _" @$ B
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9 s8 L4 f+ h! v) ~6 e0 _" P
[RDS.DataSpace]
1 ~! n/ w1 j+ f" @
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
1 C! [1 V+ L4 i8 @, g4 b
[KooPlayer Control]# A7 R, E% w0 U2 ?, E% ^. q
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>7 [ f* c4 r6 N. ]
[AUDIO__MID Moniker Class]
' ~6 s' @$ M+ D' _
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
9 n! j8 x; y8 P/ x% @7 n/ p. x5 ^
[AUDIO__MP3 Moniker Class]
. b1 n' ^, ~" u/ _: T. {. s2 ?" U
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
' d. W B/ R) V. [2 C
[AUDIO__X_MS_WMA Moniker Class]
7 @4 Q' q2 `; S1 N6 l) x8 _
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
; u: m1 f+ |7 c9 p$ Z0 @. ~3 k
[VIDEO__X_MS_WMV Moniker Class]
7 Y! o' M4 q. F/ b
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>0 W: G5 i% t" k% W/ p
[RealPlayer G2 Control]( M& |( S# w6 g2 `
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
+ C' c6 Q8 V7 b- l+ B
[Shockwave Flash Object]
* S6 h+ D* B* u
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>2 G" H/ E* z) u/ H
[KUpdateObj2 Class]$ O* ]6 p8 [, z: E' o& N
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>6 f6 C, X( [) y! x% P$ F3 ]
[kingsoft browser shield]
8 ?! f" [! M6 g4 w" m% L
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
" A( a8 v/ ^) z, C: v" ^
[PasswordEditCtrl Class]
! P/ B5 O. } E- Z+ ~7 w) ^9 v
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>; U1 R# l T6 G0 R _- }/ P& _/ Z* X
[QvodCtrl Class]
$ L {3 e; v& H/ t3 x' \
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
+ n2 ?6 C8 b9 Q6 r9 B2 ]
[&使用超级旋风下载]
0 q9 f1 J1 e" F
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>& F$ Y; E; [3 F1 K
[&使用超级旋风下载全部链接]# C# h* G6 [! e/ s+ s. i6 A
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
( A& i1 @5 F) z# g
[使用迅雷下载], Y% r* t7 x+ B0 W3 `: A# ]
<, N/A>
* [' b! c! P0 ~* U
[使用迅雷下载全部链接]7 o1 I# n% j8 X4 e! c y. F) o
<, N/A>( p2 Y4 J. |; l! X9 ]. P9 r% G
[导出到 Microsoft Office Excel(&X)]
7 o7 b: P- M- u$ T* a |
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>& v6 Y b: P) a) M
[添加到QQ表情]
_. {4 g; ~8 `" }
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>1 r5 H" k! G1 J% O6 ?
==================================
. M4 D; u8 l$ y8 G/ k
正在运行的进程/ p) u' C6 W R4 [) e, E
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]" m$ f$ F, w8 z5 S
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 ~4 E6 H8 ^2 w8 K, t
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
: s1 }5 \/ k* Q+ A, P
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]& p5 M4 P& j' y8 ^$ n) X6 Y
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 b/ G) q) F- q0 V
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) G3 K& w0 @+ z* ]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 T* s* o. j) B ]
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 ]. `! ^& E; E/ _( c5 g7 j3 `" h( [
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 m% Z: t/ Z. n9 z& [8 w4 L
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 S+ k/ K: C$ K0 m' L9 @% K R
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( b& I# @8 I# o ?
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]% d% g( L/ e, C% o3 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]3 n* N+ ?* A! K7 s6 E8 r* y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 F! |0 a1 f0 K6 |8 c6 W* J: G
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]% D" \3 F0 I" E
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001], d/ w/ w' O3 }, \8 }5 r$ b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
# h. w# n X1 T& W. {( q
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
: ]5 N5 M" ]# z, N. W+ u
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
1 W8 L: m' Y3 `. A8 `
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
3 M' l, I% i+ F
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
% {( c8 Z) N6 v' D' F( e
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]0 Z* e% b' ^; y8 ]" q9 _! Q' e& ?$ l
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
. X! J; w+ |. v8 l; v9 m
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]" F2 K0 n( H, g1 F: B
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]5 W, n* o' O( J/ N
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
: T L6 ^% K6 Y/ ~
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
$ |0 \7 F3 a, L7 |
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 O# S; ~" E( Q7 p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" {& w: G- J" O9 L% h n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 a" M9 b" Z5 g6 Q$ N8 \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
- @# |/ D0 Y# e# p2 j' V
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* N! `* H$ C& ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) m5 V4 O. E: w0 `- Q7 m/ a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
( T1 f) k- w4 z, p: M+ n$ ?* O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ M( ^: D% @$ R$ ?( v, `4 p
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]1 `$ U' T0 S; w; E8 o% `
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]0 u3 b3 L" w! M2 z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
* T2 |0 v$ g# p+ j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ t4 Y, `* T# B) p$ |
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
& a8 Z5 }# ]4 a. \- i* J7 V
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
. D# ?# q5 G* o' @# A# Z& I
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 C' \( t& ~% y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& Q: W/ x5 n3 I* N
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! R" D; C& `8 P+ x4 c* `5 V8 u
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
# k$ I9 O& _" K( }1 V/ B
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# W; z0 {, n7 _
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& Z1 u4 q/ w* y0 u; R+ d* R
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
' X# V: J0 f( ]0 z6 V& g
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
5 w2 J' f" w* ?. H! k" j& {
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: U2 V- r6 U: a1 t$ j9 i$ c# [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]* Z( \+ V. _* ~7 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], f# B5 d; P9 @/ g/ E) z
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690], `2 K' T% s3 T6 d
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
% }) e/ O- k4 o' P9 b% f$ E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
: j; V/ | ]( U! q. j; N9 Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
( Q, M9 {9 j8 b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
' r0 l) }$ u7 T! ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
6 m# D1 j- o% k: y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]1 a" a4 t, M' m J
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]6 k' ~% E' R9 L( _ Y9 G5 P
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]% i! o! H _: o! t/ x& J
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' t8 v+ x9 v* s. e0 p1 p
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
6 C6 g- R/ B6 O" U/ _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]3 O; d) j" _3 s% N, H
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]7 j3 m l) W2 y+ C4 j |$ K6 d1 _3 j% z
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
/ I- f2 x! \- {* a& G& [
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
9 ]. H6 X$ ~0 r6 x& ^/ w. `5 B
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]+ T# ?& W" {# q* D% u0 p6 I* A! d
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
- |$ P% D+ o( p# R# |# t
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- q9 b% c8 x& ~
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
7 V) r& S7 j8 p' Q, g
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& ^9 u6 c. `4 ? |, ]( z5 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]8 d: r: m3 K: X! F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) d2 _" E7 ]4 q0 q' l
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 `/ e' P9 K8 O! y5 v, h
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]$ w! G7 j2 a! X/ t
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]; X3 V' G* L& {2 i. `6 O2 @- d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
! n( p5 t9 `- n9 h7 U5 ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 o# i& P7 A. O5 D3 n
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% p. O% h& n# S1 X
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
( v7 { X' x$ B8 }
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]7 F, I! L$ h* h: ^+ w& B4 f
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]! I& _ x% m* E! j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 d y4 d/ }" S8 o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
+ x0 J( w1 N( C& i
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 E- \& |5 G# x1 v2 b: K \- u! e4 ?
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
. g3 y% g: C2 M R; p6 {3 i# E
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. L0 c" `5 q+ f) E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 s, {$ y7 L8 f+ n1 o- y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]8 L: q! ]6 ^. r& c! o3 d
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. P! Y* x+ q; R: r5 \2 L1 o
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15], i& n7 j l7 E- v
==================================
6 n% r# L- A% t1 k; v4 m
文件关联
% T. h) S/ a8 S& v
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]4 A2 C4 {* j. G( u$ y' Q& B R3 K- Y
.EXE OK. ["%1" %*]
/ i" X9 H- E* ^; l N6 U
.COM OK. ["%1" %*]
1 o- L. ^/ [" L- t
.PIF OK. ["%1" %*]
9 f; a% O* S, D* T/ p" c9 Z6 K# E4 d
.REG OK. [regedit.exe "%1"]$ I v: G7 C F, p' C% r
.BAT OK. ["%1" %*]
/ a% p, M4 [6 m+ Y: U0 `
.SCR OK. ["%1" /S], f" a3 C. w9 J, k8 x( V% r6 Z
.CHM OK. ["C:\WINDOWS\hh.exe" %1]! M/ U% i6 o u3 O
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
~. w# y4 A, j: t1 j( S% W8 a
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
# m8 S# E: F% r+ L3 s h
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]1 ^% z" I/ a$ O/ L8 u$ O* ^3 B
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]* _6 A# |, r- v0 R/ d6 d! Y
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
9 v/ d9 \, l' v
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
) O, y' f: n- u3 _; A
==================================
5 G$ [' \" @ x& P" H. O
Winsock 提供者& C y" l5 U0 q7 G% }
N/A
" R/ o* O4 K& L1 F+ B& z+ g- }
==================================
8 e$ [ U4 q7 I6 Q6 f4 g" b+ Q6 a
Autorun.inf
2 S1 d4 C. L* U; l) A" I+ z
N/A0 g. p4 G8 k9 T* z! I7 O. w
==================================
0 c ]% q# J# l' E
HOSTS 文件
$ A& Q5 ? w5 u* |) z
N/A" i* T& V# D1 Y
==================================
! x K/ f _- n* c
进程特权扫描
+ w, j. b. `- Z7 g: N) ~
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] ~ _$ E9 G. V1 I# v5 n1 o6 Y
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]: u. e4 b W5 z8 _" @
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]1 |! G9 ^% R1 A$ m: m
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
' D! f# b/ ?: m7 b
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
! A. f( J, j+ J" t" A
==================================
2 X" s5 { ?) C5 g2 m6 c
API HOOK% w [8 A9 t9 F" ^3 Q$ t
N/A
6 ]- Z% R! j/ n7 A
==================================/ r# w7 P" }& \+ c/ r
隐藏进程
0 n4 v/ I1 K* X4 t
N/A4 {9 i+ {1 g; |# O3 l3 t
==================================" _; X& w( \- U l2 K
( j, J4 S K" u) r" f! `

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115