在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

- x; C0 H. G1 F- Z q
2008-05-22,20:37:434 q K% b- Z& X8 v
System Repair Engineer 2.5.16.900
. U# P" X' v* L5 v
Smallfrogs (http://www.KZTechs.com)8 Y! k/ ?& d& X; h, h
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能1 I' ]+ \4 T$ w/ C4 @$ T n6 X
以下内容被选中：
0 J C5 |6 B: f/ E! `* L7 V" u
所有的启动项目（包括注册表、启动文件夹、服务等）" q5 U0 k' Q9 D
浏览器加载项8 T6 w# H# Z/ y
正在运行的进程（包括进程模块信息）
" e' v, B( ~# `8 `6 @
文件关联6 J7 `* {9 {* j6 Z7 G
Winsock 提供者
% E3 ?: N, _( W5 v3 O
Autorun.inf/ h9 G0 s2 D( r2 j& x* V, t+ q/ G
HOSTS 文件 Q3 p: i2 j/ e- B D- E3 Y' H3 w
进程特权扫描
# c- X6 l% z) H# h
$ z1 B; Z$ f0 e$ e. Z6 d$ P
启动项目+ |6 [6 u1 \- c: D( l
注册表) v7 Z* h2 `5 [, q
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
, t, z& V$ M5 f% l7 V
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
" L. T7 g& D( ~& j+ m* {
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]; \5 ~! g9 L, U7 r/ O7 S, x& n
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
- I: e0 i, E& k0 `
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
3 J) H: t* t2 x. j5 M
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
5 s% T# d/ r0 C! v! b" q
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
! t' V# \" S' O
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
3 c3 z9 s$ h( c2 W1 c/ ]' @: a
<PHIME2002A><; > [N/A]" Q$ H1 v" X& l5 q) ^( b
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]2 Z' {+ l6 _( R b: M: d# v! G: ^
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]: T3 Z! b, F) d6 Q, W) w* R
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]. V a) G& r" w. [& {2 |
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
! q6 C P, K& y2 [0 r1 Z9 ?
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]! w1 ^. L* R- @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
] ^. e/ a S: _2 f
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.] ^+ x- l. ^, ]7 q7 J, {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
& }$ s+ W: |5 A
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
6 d8 E- |% c, H7 L; ^1 ^& I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]% r' l+ T; t3 E2 n- M! G# R; Q
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]" G0 l3 |& T; m% C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]$ a3 Z) G* G: |
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]5 B9 g9 ^1 g' U6 q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]( v* i. e, |5 z- g
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]3 y |& q) h8 x
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
# _$ M2 Z9 l+ d
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
; v& Y* h2 j2 p- O8 j0 S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
2 Q5 t+ r, A, D, [2 O) \) E
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
1 u$ |. L( n7 b( I, J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
% q! _- I' Z- E9 Z
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]+ P0 a4 g. [# Q. V
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]# }7 r6 V0 S6 r$ e* f0 ]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
8 c1 l+ i& T+ s( f
==================================
启动文件夹
y' ~ O1 j! o, F' v1 f
N/A: Q5 u' R5 R; _$ P8 O$ i
==================================
2 A- t1 q( R: X2 o7 R
服务& S+ Z, J0 S" Z! C; X* O
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]( q! k _. Q7 T
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
5 |' M3 u& J# d/ I
[Google Updater Service / gusvc][Stopped/Manual Start]
h( a4 ]) c9 E! n! S
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
- f) j5 a! z B6 z1 S' Q
[Help and Support / helpsvc][Stopped/Disabled]0 I5 k$ q6 d& Y2 m" l V$ C8 x) ^
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A> ]1 `5 O, ?3 O3 `5 S% R
[Human Interface Device Access / HidServ][Stopped/Boot Start]/ z/ @1 l) P9 X* {- C4 G6 k- D0 y. V
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
3 ]4 m. D+ S3 p8 w/ w u. I3 {8 q
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]. m$ A; ?0 c# e
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
7 r4 N0 M4 x4 ]0 r; V% i
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]2 g( [# |+ M3 w8 A7 W R! F% T
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
1 {/ v) D; C0 r/ o0 z. _, v$ p
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
; {2 B2 o. ^# w8 b& J
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
& t4 \0 y$ C/ P: q1 q# I/ \6 J
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]) ?/ i6 J: M/ @: C
<><N/A>
9 b, y( v% S- o6 j# O
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
5 x* x, R6 C! }% _! L9 `
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>& ~1 K& E5 `. ^& \/ ^
==================================
& X) r. N7 x3 N3 d. z
驱动程序
1 @& `3 P3 u9 Y
[22j / 22jn][Stopped/Boot Start]
+ ~1 _" A5 B7 W: J7 u Y' m
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
1 Z& r6 t' d- r- t
[360AntiArp / 360AntiArp][Running/System Start]. \" v* J# [8 |
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
$ c; L! S+ C/ T
[43ec / 43ecu][Stopped/Boot Start]
& f Q# b+ N6 F/ x# F9 A. ]) U3 o
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
. f' R- V4 ~; B+ _8 @* p0 n6 h4 B6 P! d
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]- V6 ~0 J4 b. X4 P7 _
<system32\drivers\ac97intc.sys><Intel Corporation>
! \+ h: k5 g& S g( ?! _
[Promise driver accelerator / bb-run][Running/Boot Start]$ X b: O1 F# O- [& U; s) Y* b7 f$ @
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
# A& ?$ w3 r3 I( W* N; f) U6 ?
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]4 Z6 p; U3 \8 ?4 ^) H) Z
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
) R0 v1 E( \+ j+ O7 ], O J
[KAVBase / KAVBase][Running/Auto Start]
) v) C8 N9 @9 D( ^* |7 @
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation> x% {% } `1 B% r, s2 K" S2 C2 i
[KAVBootC / KAVBootC][Running/Boot Start]$ r7 f3 c! I# w0 Q% Q) R5 Z* K) y
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>/ Q8 ~+ h6 U" J* o) |4 R
[KAVSafe / KAVSafe][Running/Auto Start]
( d! _# ]8 R! H! R$ x7 |
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
* R% ]/ u1 k* Z6 h7 k2 ]: z4 h1 V
[KNetWch / KNetWch][Running/System Start]
' w* C* u* g# c8 i2 J; q0 ?
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>8 V' W4 A( o {7 Q
[KWatch3 / KWatch3][Running/Auto Start]
8 J* f' I- J4 m. H
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& ~; t9 K, A9 _# S
[ntptdb / ntptdb][Stopped/Auto Start]+ a# b7 \( S' j; v3 x3 s+ _! @. y" O
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>$ j! ?8 V/ u, B1 B
[nv / nv][Running/Manual Start]% Z! I1 h6 J6 K: |
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
+ A' \- o9 o: k8 w; X# ^
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]$ }- T4 F5 P- S3 |. ?$ e
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>/ I' }8 s0 D2 A/ H# z! H# i- c
[DDK PACKET Protocol / Packet][Running/Manual Start]
, f/ V- [4 M" z e4 l" `
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
# U6 n# p2 S/ e9 b$ d2 k
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
, o" A3 @; }2 M# G5 i' |! x) ~
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]1 w R' q- \0 i( C: Z- W
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>, ~, f1 E" U& @9 j! F$ n. T3 r! T
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
, X3 j/ y2 ~) Y0 B# Y
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
( D/ K% s/ Y z. v2 l
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
. _% J; d" i j% D8 B
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
+ a8 y5 a, b1 c/ @
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
6 P- |2 l* E4 p0 L
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>7 c! U# |& F. w# I0 e c6 K, D
[Secdrv / Secdrv][Stopped/Manual Start]
% N* h `! q0 n% g$ i6 k
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
4 Z% i; I( I- m W( V
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
3 ~3 t# |* s3 Q C/ j
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
$ J* D0 x' M: g" x# m D- y
[System Restore Filter Driver / sr][Stopped/Disabled]6 b. {9 _! y8 g% m$ d6 _4 m
<system32\DRIVERS\sr.sys><N/A>) X6 n: m: N M: ~9 p
[TesSafe / TesSafe][Stopped/Manual Start]
& {7 ?" U; `+ Y8 s
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
6 \ J# ~# M [/ \
[System Services / unzxzsrs][Stopped/Boot Start]
! u! O; ^2 h c& A6 B0 V
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>1 j- p F& F- t! e# I) j7 V
[ViBus / ViBus][Stopped/Boot Start]
/ I4 f9 c6 Y4 ] B. P! }' t7 I/ m
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
( T( H8 K$ Q" j1 K7 Q% y+ B
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]5 ?: U5 d% Y5 Z, D* F
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
# L4 u2 c# Y. Q
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
5 K5 L3 Z# t/ E4 \1 v C
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>% D' u3 S: X$ x: w/ T$ L7 v
[ATI Extend / zhibmaso][Stopped/Boot Start]
T5 H; s* i" C- X! a1 z1 G" ]
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>% l5 r# j# v& `3 v
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
' `) k. I9 v# B+ `
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>0 L/ F C+ U6 N; |: K% f% ]: ]
==================================# [0 _8 s- t) q
浏览器加载项
M' i: u4 |; T3 b/ [
[Google Toolbar Helper]
/ \1 [0 c* p7 m& t
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.> ~2 A8 l. d# E) Y7 B- l
[Google Toolbar Notifier BHO] Z) ^* W0 ^$ @
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>* ?3 U& l8 P' j: ?4 H
[SafeMon Class]
& I8 ]' o$ {1 t' ~; X: M& d
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
' O0 x e" \3 J; n
[kingsoft browser shield]
4 w5 H& R% y' ^! M0 K6 q
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>7 G% P2 u1 N$ x7 x
[IEBuddyExtControl Class]
3 s& i/ w! X) H0 L3 [" m
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
: l7 f* b/ O4 W
[Zcom 杂志]
' s% a9 h( F8 C
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>$ ~) G2 V/ t6 j6 j: X
[&Google]0 B5 o% [* {. q8 \: `% a, |
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
7 a7 ]) B% q3 u. H% b8 u" Y0 _
[KooPlayer Control], c. ~! O$ W5 y$ Z% B- M! L
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>' B( S+ a% H$ ]) E' z
[Shockwave Flash Object]3 _# g( }- S; [+ B# }
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
# W3 F. k6 V- Z
[KUpdateObj2 Class]$ R* F- H/ X: M
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
* N: c4 x0 s; Z. x
[Google Script Object]
" F' c1 s5 u. o# w, ~( P/ U
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>: u" `" B& Y9 y7 e5 a
[EWA Control]8 I6 X/ J4 Y6 F Y; s
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>- {9 X2 w" R, w H* s
[Windows Media Player]
, {) g; i9 l: h# f9 V7 v
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>5 e1 \% e9 x1 P1 B2 q/ o3 x
[&Google]
1 J2 o9 g0 a* A/ c$ J- \
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>/ X0 S$ [% V3 ? a' k
[HTML Document]) ?7 K- g5 S; p7 b. N, n, j& y
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
" H( M8 ^& r* Q4 t/ U
[DHTML Edit Control Safe for Scripting for IE5]* f! h& |* n2 h+ k" ?
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
' f* f/ \& H! _% p7 J& J
[RealPlayer RAM Download Handler]
- P: g4 R5 ~, P& D+ _: k
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
7 c& O8 A- d& i/ R
[IEBuddyExtControl Class]4 l' P$ H |5 a7 S% [2 r
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>9 l- Z5 g# l! E* x' b/ C6 d2 ^
[XML Document]- c& A+ z1 `& a( n- ]$ R
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
! Y6 T& l3 {% ~. b0 x: V
[HHCtrl Object]
^6 M" `* p; T: ]' A/ R
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>6 R5 a ^, Z3 i6 W" W% _
[Windows Media Player]3 W6 s- a, R/ O/ A5 q& K4 B
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>8 s2 L' R' T$ ^
[Active Desktop Mover]$ y$ u" X4 c7 g, f- d$ L: I) a9 k
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>: e) f8 I8 H1 b+ w7 L6 |% w' u
[360SafeLive]
& S5 N5 [$ i( B0 S+ ?
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>& h/ W: _! ?5 p) t
[Microsoft Web 浏览器]
) j( A$ F7 Y4 u/ O3 C
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
+ E1 }' H$ b# N) Q, [
[Browser Enhanced Objects]
0 d! }8 B* {* }: W
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
& Z( K; _9 |& h
[Google Toolbar Helper]+ o$ [2 ?; B2 Q) Q
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
+ K, s. n/ ?& J" k
[Microsoft Scriptlet Component], j1 h# o8 r; h6 Q# a a6 [0 [
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
) R @) X8 r( {8 D# p1 L
[Google Toolbar Notifier BHO]8 U2 F* I3 `9 @$ k" t
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
' K% Q( C. z7 o. U
[SearchAssistantOC]" {, w. B/ o0 q9 M/ v
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>+ m) W9 q. {4 y+ N7 Q& P" k
[SafeMon Class]. \& _) v/ }$ c1 U6 h' ^/ m- S
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>& G3 m( l% ^% T% ?& E- I ~8 T
[RDS.DataSpace]
9 a; I: I& B$ `8 ?" c& b5 e
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
- P: j+ z5 F3 p8 ^ d5 M: I( S
[KooPlayer Control]
6 [9 p e& ^0 W6 a, s; t
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
) ?9 Z8 M5 I% z1 W+ u4 f
[AUDIO__MID Moniker Class]
0 V2 `, w q$ Q7 v5 e% W) q& U
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 E/ m9 i: @4 a. H L4 I9 E7 s
[AUDIO__MP3 Moniker Class]
% B9 e" A' N# K0 X+ n- P
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
7 ~: W/ V, d4 ]) ^8 m' U
[AUDIO__X_MS_WMA Moniker Class]; N. C7 J% k/ L& u( B {
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>+ P- }& n S: p
[VIDEO__X_MS_WMV Moniker Class]8 Z* \0 e6 c# N" G, J' \: M
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>& K) g8 P' R P
[RealPlayer G2 Control]* G( b" V# v, L- z$ `. {; @6 O
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> ^9 W8 ?+ Y9 E3 |
[Shockwave Flash Object]
9 A2 H* S! L# l& L- C% Q7 C5 N
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>6 i" o8 S( b0 f8 Y; Z; [
[KUpdateObj2 Class]
8 o" v1 {. B) s3 R+ x$ h- I* }7 M
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>/ ^5 n M% K! X# F
[kingsoft browser shield] p/ P3 c5 U2 ~
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>9 }: s- o. L, r; w8 Q4 z
[PasswordEditCtrl Class]
! V# h" z) x* k! k. B; X- a
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
5 V" z. L' d3 o0 V
[QvodCtrl Class]
& j& i3 F+ g; C$ P% T0 |" c4 i
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>; ?- h6 N! n8 `* ?8 e
[&使用超级旋风下载]
7 ?' j, R: Z2 s: D5 c# D
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
. I: z% x* r+ d9 `9 j
[&使用超级旋风下载全部链接]
! r* ~. D: q- Z3 }3 r
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
S1 T/ b1 ]; ^# }9 w. o7 P" Z
[使用迅雷下载]0 k) a& h' x% z' g' H7 x+ o1 I
<, N/A>
3 [# O3 Y6 q3 t
[使用迅雷下载全部链接]
/ h- t* q1 m' Y0 r3 h0 J7 q3 l* m
<, N/A>
+ m" {3 }9 s! C) U! i5 e
[导出到 Microsoft Office Excel(&X)]9 d8 @& v& ]& S* c
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>3 V) }, |, f' o8 `0 Y9 l- V
[添加到QQ表情]
* f# S- l0 F4 }; G6 }& d
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>8 Q3 I8 S- G& ]' O8 W# |
==================================8 |, V( l# ~. I9 @
正在运行的进程
% `* t+ d' B" o$ m2 n
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 j# t) r1 ]% o) u& L1 A2 c
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* `/ H; P7 G, p; ]/ V0 q2 Y
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 d- h" M4 Q% Q( Q
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
L- c. K. k8 M6 z M
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( b7 E! ^, n( Y/ G! y
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
" g, t) \7 l( w' j% m" M
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 n7 ~: |2 D8 l
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& z/ e' m E' C P; o
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 t: _; e, n1 W) B, _
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 B9 T K. C. R, z- c2 \# A' ~
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]5 F3 L2 t+ G" @+ F) a
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]" ~0 [* R% o. T/ g; M9 D. `% ]" U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]* K& p' s t E& b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- m; J9 ]) n7 \" v& m
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
6 }! T$ D1 H* ^1 A7 W9 q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 |8 {1 R( q4 |; t! A. A, m1 E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
" S7 ]5 W& r2 P* y# x0 S- o# Q
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]( D5 X$ y0 n# ~5 ?- C: u; g+ Y, ]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
: t [5 n, U* x7 N+ b* ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]% o6 y, _* X. s6 }4 E# M
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]/ |& n/ m+ t+ c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 `# K, ~! K4 H
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
+ Y" a0 m1 @* z
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- ?8 l6 C/ C, l* S) U" c" i
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]% v% A6 E$ [6 x% m5 `
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]2 Z/ Q' k: @) x. R
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
8 C+ ~1 N9 P0 t& f, @( v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 \8 Q7 R& p: f3 L) n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]+ ^% G, L% E- X6 Y' V/ {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 A2 R x6 x+ M3 l8 ]" q# p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
4 O/ N( l5 J, a7 s+ P! G
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
9 \3 e% F4 A7 e l8 m2 ^( f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' {/ e) ?, r5 y7 x0 r
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
' h; k H# Y, t u" N3 r8 }. ~
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 i4 R3 _# s9 ]3 Q6 L
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
1 l% M- M. M( M% H# z- B% A
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]% j) t6 x! B% `0 ~7 K7 k0 P$ I: ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 W6 A9 Y/ L/ F! @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
6 z% D; ^4 ^+ q9 N4 q) |1 f8 O
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]* y7 V% ~. H- ]: e
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]' t' B- K, Q4 Z0 v N$ n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
4 k) @/ i; X0 R3 X8 u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
i' \# G% F, q1 K& L& ~
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]! p# G& b$ l/ U W% @
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]- A. M$ o# b: f S) G2 {
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
2 L* u2 T+ l7 Y3 r; A% |) K
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 k4 e N( f# F$ v5 y9 P0 k% B
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]( i. z+ G& `$ |# S
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]% t3 k2 j: j. r# e' e6 d
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]6 b" C" o) P4 i' F( y1 _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
0 J+ Q |" A( D3 B( [) ~ V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: U8 k; O* A4 j) I; {
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]" i, |+ ], V3 P8 F( S. ` e
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164], U! i: |% P$ X( F [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
5 ^! \8 {8 G! J$ G2 v, b; N% T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]+ k9 p% d3 b4 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]
" R+ F" w' Q! I6 R" ?- p$ y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
* C3 t+ V( o) L+ y# ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
; `$ M7 M4 _2 A
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
1 a" W* z% Z# H9 I% D
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]9 U( x& M' F+ t/ K1 f4 K0 K
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( N( b9 w! C v- C* p4 C1 S& t# F
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]+ [: N2 `6 _ {7 i' _% W* O
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
N/ m. ]: F7 l1 E8 E; P& H
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1] f( H/ p6 B8 F& y l* h% U, G! S
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]2 R: ?4 y7 ~6 z; d `
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]/ z: h4 V5 y4 L4 y
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]1 d( ~, [/ s0 E4 @- r7 O
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
8 D# X! i5 G: i* C' o7 X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]5 @8 ?% w+ d; O \, ^
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]1 w, V( q4 R, e) i; }
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]+ u4 U0 M3 q0 p7 E7 V3 f( H. d' D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; N6 G! x! @- w9 O% ^2 n' _! P' ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
' P/ s5 q9 \) L
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]7 H- g2 O' \ c/ f
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
4 M+ u: E1 M! A% ?4 M- h0 @
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]( W3 T, R1 l) ~: l8 h8 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
3 _: ~7 w' [9 N3 F' D4 `( a6 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" w' r9 w5 I2 I* X+ W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 Y v* N2 h* {
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
3 L, c* [& l. q: }& t, y
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
& r; o6 O( J' H6 z6 j3 W! v. [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% A, j1 n: U% A# B' M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ R! c7 y2 E$ C b, ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
; }6 l6 E9 Q Y3 J2 c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] [) w) x: }' g
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
' c' ]4 Y; v, J, x: D; g! V
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" o6 e# W, {7 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
; h1 |) e! c* M0 E: T
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* x5 j, z% B4 {, v* ?0 o! M- Z. v
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 t" i! S2 V& M
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]& x! p8 u1 z, w( z
==================================% R7 d8 K7 }: u [& ]& |
文件关联
8 ], p- S; b; A+ ^2 ^- q$ @
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- L p5 Y8 M% t, ]8 w
.EXE OK. ["%1" %*]
+ c! F2 Z: C; ~! @& Q- g
.COM OK. ["%1" %*]% X) B+ H# E0 W. ]
.PIF OK. ["%1" %*]: I/ P2 g# C! x
.REG OK. [regedit.exe "%1"]
: W( B7 ^+ A2 R. ^7 I: z
.BAT OK. ["%1" %*]
1 z5 l5 o9 p' ]/ ?# o1 {" C
.SCR OK. ["%1" /S]9 U9 d! ~+ P! p5 T& E1 Y0 a# Q3 h
.CHM OK. ["C:\WINDOWS\hh.exe" %1]+ G- d3 C6 o$ }, h( f! c# C# S) e
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]8 c# U, b- w6 |/ F+ t; s
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
/ G2 a! Q$ ^/ [
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
+ a8 S& t8 `* c! G2 s: L
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
. r# }$ p2 d, @$ U. E# z
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]0 H' R7 B% S- { D/ H8 O1 X
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
6 L1 w6 P! a$ P3 Y
==================================: x* k* W0 l4 c8 n1 y$ X3 z: Z
Winsock 提供者. S$ m* `3 y$ s9 l, x8 K, r
N/A) G9 F0 G% {( Y* p/ e9 c9 q
==================================
: a, B2 s6 m* V4 j
Autorun.inf
& @- l, z# r& j6 D* G1 |6 S6 b, a7 t
N/A
/ W; W. z) v% W% n0 y. R- {
==================================9 ]/ l8 U" Z N- G: r- `
HOSTS 文件
! J7 ? {( Q- m% f: K( p$ Q
N/A+ {' a5 V# c) a3 \1 ?/ ^
==================================
% b: J/ l7 D/ i4 o% }' O$ L
进程特权扫描3 |; c0 j# j8 o; e) ^, v: e% h
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
, U! p8 D1 Z9 g( c, Z% y# R
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
- a1 q# k3 s* s9 i; d) v2 k: N
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
- l& m9 @, Y# r
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]( f. Y5 B% ^& b9 Q; I7 U
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
4 G4 b$ A) z7 g7 t, z6 n
==================================
6 l. b: S L8 b5 x0 F
API HOOK# I O+ X) G# Q2 J
N/A
4 Y0 ]9 Y% E1 ^! G
==================================
& q t3 \' \3 M7 ~/ J* M7 a( } W
隐藏进程0 [, ^* j9 H4 [
N/A
! [+ l( ~6 R7 n
==================================
2 M' T' ?- }+ h8 y
- H( w% a L7 l

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115