在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

1 X! s% F5 U8 u6 e: t5 w! O, u: Y
2008-05-22,20:37:43
& k) Y9 A2 A+ I
System Repair Engineer 2.5.16.900
0 I) l. u; h& X
Smallfrogs (http://www.KZTechs.com)
( {/ {7 |; D/ R! K
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能3 d- I+ {9 O) i$ q' Y! P1 u) P9 ^
以下内容被选中：
7 V+ J4 a( U/ f9 e0 \2 J- v1 f
所有的启动项目（包括注册表、启动文件夹、服务等）
/ ]$ p4 t" Z; r1 ~/ R+ `4 s
浏览器加载项
! p! m5 q8 ]) p; n, h H
正在运行的进程（包括进程模块信息）
9 c/ ^; y( [/ c% _5 q: U- t
文件关联5 B. K/ y. R7 v- q; [3 t
Winsock 提供者' I* T: i# I. n1 ]
Autorun.inf
6 }8 r/ W6 |% h6 [
HOSTS 文件
C$ Z3 ~: I' I6 r' Y
进程特权扫描
* @( f9 H# m8 B8 Z) W! w) K4 G
9 V* h( _! U. C
启动项目
) g: |+ |- ]7 g
注册表
4 }- I: j8 q/ f1 b4 Z/ P
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]8 B2 S2 e& z: U. {( b& g
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
0 k% U5 z! `7 N% k
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
4 p7 _' ~( P+ p( T0 Y, d
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]1 l6 n0 Y% {* H- q( D/ f& @
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
; Z4 ]* |1 Y' T U" b
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] { ?7 g/ m0 Z. t4 Y; y& ?$ w# S o
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]) a6 y& j" A1 F) [+ l7 F1 A2 _( N5 P
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]; j$ M0 S( D) a
<PHIME2002A><; > [N/A]7 u m) @ \; H
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
- B5 D6 L1 c9 P8 a& b5 ~
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
1 @2 k, P/ M+ f& }2 i+ {2 G
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
) ~5 i) u% J0 q" q4 t+ |- @
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]6 @& a: v' l! ^9 ?4 E
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
) r( G, j1 p2 t( T
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
$ p2 P: R8 i- o9 a9 o7 |& y
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]4 ~ j* P0 K. r+ W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
4 p0 d3 \# ?' x, M
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
! S7 M' P% K q* z6 F5 a( m
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
2 I s7 L, r! b
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]. l3 b$ `5 P/ [! u' V$ M/ @3 b3 A" |6 q8 t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]6 z, N' o; j: @) [$ k) T) G/ e5 t
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
( p0 C; c7 k+ a$ R% X, a2 w% h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
1 g# ^* P+ U& G
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]+ d" X8 n# y, \! R' K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
/ n( k/ T- P7 `. a1 B9 l
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
7 C2 h( T4 O5 J `7 ?2 K
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
% g$ x& B4 n) v1 Q3 [
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
' X0 W5 f+ \: J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]$ n9 Y, x% R% T
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]- {5 f8 u4 [3 V" x4 i2 a3 u4 W9 S7 d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]# a' a7 ?7 {9 q# ]. z* p( {
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
. C7 e( F4 D+ E y0 ]9 L6 i
==================================
( ]# }. c( I& n: I( r
启动文件夹
; F3 b+ l- F( Z" l3 K( x' Q0 R) [
N/A4 k4 s6 z% {* a+ P+ Q$ o! i) c- @
==================================
; U# a6 x# Y5 _& g3 H; |! }
服务
, B) d. Z7 a1 G; f+ ~4 `: b
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]4 f8 u/ X/ U( N& n2 C0 p* T: v! r+ H$ v
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
# I" k1 G) F' f! Y( ^
[Google Updater Service / gusvc][Stopped/Manual Start] ?0 f2 A. G# @ z* s0 P) W
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>$ X* T- h5 U: O8 w2 K+ D4 b
[Help and Support / helpsvc][Stopped/Disabled]
$ S2 G+ j* ]! ^& P: I6 }
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
w0 I4 ?. i: N6 f% q& V5 M
[Human Interface Device Access / HidServ][Stopped/Boot Start]5 M4 c+ c% F# {* _
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
: d. b7 t v% C. h& c
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]5 w3 J$ V* t3 U# p$ q$ w2 `
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>* ^0 j! S$ u! _! c* _- i: q, _. Z. B
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
7 o- g( y2 A0 ?1 I
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
* r& w" m9 O3 o8 o' L: ?+ u. ~ h
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
3 Z0 g" c% u' S& l" F3 f. g, n
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
2 N# z; K. O. z3 s s' @" m G* ?
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]7 r9 Q' D$ s7 @8 O4 z$ ?+ |! O
<><N/A>
) U9 ~- m' z4 {- I; `
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
; X& }9 m! O& u* Q
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
7 r* q8 o* P; U/ c! R5 z7 k. B
==================================" `' t& H6 ~. ~0 s* E9 H1 M1 y
驱动程序8 L: ?% g9 C6 d+ L; x( F! {2 E( _) j
[22j / 22jn][Stopped/Boot Start]
7 w1 X2 T' S/ z& w; Z7 d
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>& Y6 c0 I. t+ f+ r
[360AntiArp / 360AntiArp][Running/System Start], _3 c9 m% J6 P P# g- v s
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>$ G5 m, R! E0 h' Y% A
[43ec / 43ecu][Stopped/Boot Start]1 ?, s! P5 O6 g& a
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
/ B. W* A! H" s' r' l6 D
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]* T' a, i \. w. E2 }
<system32\drivers\ac97intc.sys><Intel Corporation>' X- K: x, h$ y, M
[Promise driver accelerator / bb-run][Running/Boot Start]9 y* J) I9 M2 X+ F
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>! b/ q6 S$ Z/ w4 }# h
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]2 j# |8 q6 a+ Y. V7 A3 |: U
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
$ A# s. k2 F, |
[KAVBase / KAVBase][Running/Auto Start]
' a2 r8 E0 y: ^& e6 i4 \
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>+ S F6 v* X! w4 j/ Y7 A
[KAVBootC / KAVBootC][Running/Boot Start]
+ A% W- |$ W# g
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>% S- P; A P& f- \' N* w1 Y
[KAVSafe / KAVSafe][Running/Auto Start]
7 b7 F; \" Y% \8 o
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>$ `4 k0 O$ t! }6 s6 {5 Y- V
[KNetWch / KNetWch][Running/System Start]# o+ }; g! l. t }
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
* ]9 K% L' t; |. s
[KWatch3 / KWatch3][Running/Auto Start]
5 T- y9 B3 V: L3 C U
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>& k; R7 M5 N0 P
[ntptdb / ntptdb][Stopped/Auto Start]
; b* S7 e6 u" C
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>3 V# D' X$ a1 r* K! G2 }
[nv / nv][Running/Manual Start]
w2 }$ U( ~5 K; _: i
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>2 M+ _' X+ g9 T1 i! I1 ] p9 b
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
! `! Q8 W# Q. w2 I1 ?( G7 ]2 r
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>0 k3 S5 s- p8 G [4 F
[DDK PACKET Protocol / Packet][Running/Manual Start]/ r/ W* J1 J- Q$ _5 A2 i5 C
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
/ m! E8 j0 Y6 U! }. V- v! e
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]' r# G* c2 `8 E5 C5 U! ^4 `! p
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>' C9 r$ o6 u7 N \( P
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
. l! Q: L e K) R- t
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>$ n' m& G0 ^! n1 r
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]0 N2 }& i, C( i0 ^: V R3 h
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
& A- q3 B& ?% N3 f7 R. c
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
% }7 _/ W- `9 ~4 [
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
. q7 U/ {: H% D$ y
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
( X$ A4 y T* f% [8 h7 G& x7 W7 G
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
8 G6 O" Y5 a1 U7 r$ U) a
[Secdrv / Secdrv][Stopped/Manual Start]9 j8 A/ U7 F G% I0 j) u( \
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
+ C1 D, P/ M2 j+ ^ b3 N9 m
[SATALink External Device Filter / SiRemFil][Running/Boot Start]9 j0 N) n/ y& u: p
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
) I6 Q; m* q* U
[System Restore Filter Driver / sr][Stopped/Disabled]
5 |' n6 X1 l0 h+ j
<system32\DRIVERS\sr.sys><N/A>
- h( _( Z* ]8 S! t
[TesSafe / TesSafe][Stopped/Manual Start]2 X0 b. M( M9 j& H d/ O y2 |' `
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>/ X! E6 E) U* D7 m
[System Services / unzxzsrs][Stopped/Boot Start]' Y1 t9 k V) _+ e
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>. c3 W# ]& e- ^: l1 ^
[ViBus / ViBus][Stopped/Boot Start]) b) z4 A3 A5 e c, v, z
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>$ u2 Y6 B- J- D5 u) Z% z3 Q6 E: B' u
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]6 D& m3 J8 ~' p
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>* M. c4 C! m" `$ q( O" p- f
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
5 x. X% \/ ]7 G
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
0 S3 L/ n c& ~5 S
[ATI Extend / zhibmaso][Stopped/Boot Start]
; X2 L7 {) R; q6 |- Q! |- x# A* Q
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
4 \9 z/ K) A, t# ~8 |1 n
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
, y! U/ O v @" B8 \& f
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>( ]$ }7 e7 E' G' S2 J% X
==================================& {0 U6 X N. H
浏览器加载项
. ] n2 U+ z& e8 i6 p3 M7 [* \ v
[Google Toolbar Helper]) _% z; J2 S" z/ {9 l7 h2 S/ o; K
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
3 b: s/ @1 K. l6 F, `# F5 m
[Google Toolbar Notifier BHO]# A) V3 q, K# q) D0 O" h
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
3 i: S8 K# z T9 N* `
[SafeMon Class]6 d- w) \+ b9 g6 o- G/ F+ T
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
/ M# z, s+ n% o8 a
[kingsoft browser shield]
8 }3 v$ z( i) |: |/ c) ^! I
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>( U- z/ M2 k Z, _% X- M. F' ?
[IEBuddyExtControl Class]
5 y/ L% Q* i: _& I/ [
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
' Y \4 h, z9 Q/ }0 m
[Zcom 杂志]: y: X; U) i. `/ h+ A
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A># w% i5 ^7 M8 m, l' q( G
[&Google]
( t: e0 z- o; Q8 _' Q. E O
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>" \, m- X, t5 w+ v+ k6 N& I
[KooPlayer Control]* E9 |1 k N! O: S, l8 S$ Q0 c9 m6 h
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>/ c+ n) n( K: ^/ ^- s1 X4 T/ r
[Shockwave Flash Object]* G% e; W+ J! Y$ s4 t% h
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
/ q2 p% v% T& p) O. o- I6 G) R
[KUpdateObj2 Class]
( r+ U( _9 `+ w& R. G8 M/ ?
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
8 }4 X; n1 l& V! z
[Google Script Object]" Y3 [* p3 r0 b) l4 i
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>8 f$ r# k T7 n4 ^! t
[EWA Control]5 P* r' q7 |- k7 u. ~* `
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
' K& S% r8 D6 F, G: K( f
[Windows Media Player]
1 M, t9 l5 U/ I6 ]: O1 g
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>9 s( t- F% Y$ Z. m
[&Google]. _" M- c$ A9 m$ n
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>* Y4 h# r6 E ^2 _2 S8 |
[HTML Document]
7 N( k7 P# Z" y, G4 V
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
7 {" @9 g" y# n8 @8 E$ u+ y7 Y
[DHTML Edit Control Safe for Scripting for IE5]+ E/ X5 T% {. I& F- b) j) H
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>, X+ A: U( K* X
[RealPlayer RAM Download Handler]
$ K" C: k7 o% g6 `" X
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
7 }1 A0 P- p4 H" i# f0 X
[IEBuddyExtControl Class]% B- V1 w, r! x: o$ {
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>' f- J' I) m* j2 A5 R
[XML Document]8 k; M7 f5 [* K+ R V: s& s/ c" W
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>- i, b' M# J2 }+ ~1 R9 z4 @
[HHCtrl Object]
n! h( p0 v6 h
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
( [: B; o7 y3 J
[Windows Media Player]$ s; G6 x" d. d N% [( L3 U. T* q, k
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>5 I9 g+ m: \/ [0 `. v, u/ Q
[Active Desktop Mover]
1 a6 t2 p; m# |5 {# w
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>- t3 G2 _( {4 I2 o* z
[360SafeLive]
$ j; Q1 x `9 U6 P: N7 ?# b; Z
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>2 I/ w6 [2 O, y3 A
[Microsoft Web 浏览器]
1 o+ s; V& S2 H
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>; e5 Y% G! F2 B* ^ M! _1 b/ `
[Browser Enhanced Objects]3 @' e0 ?- s0 p1 a" p
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
" [; \% l+ T2 P, E. p
[Google Toolbar Helper]
8 Y" _, [- B0 U' E( e o# c
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
8 T" P9 _+ g' V& Z, k1 [9 v& b
[Microsoft Scriptlet Component]
8 {! B% p1 L6 f! v; y. T U
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>0 y' U+ m) { y' m# h
[Google Toolbar Notifier BHO]
8 b d7 p' [5 f, J
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
1 L, u. z7 b7 h( g' m
[SearchAssistantOC]) z& r! N7 y' g4 w0 P/ f
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
, T' I! _$ N* M' F! H
[SafeMon Class]" [7 U, B' l" L* a5 w# M! H
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
$ r; x# H, W3 F0 M# ?9 U' f
[RDS.DataSpace]$ E2 A; {; o9 Z0 w
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
* J5 Y& A [3 z4 u3 D6 s+ {& m
[KooPlayer Control]0 D$ E* H7 u' ]3 Z) G
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
; d/ X/ R1 m8 j6 K" p/ D5 \
[AUDIO__MID Moniker Class], W0 z8 L- C$ d* [5 A
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 Q- X: n2 B7 k7 O
[AUDIO__MP3 Moniker Class]- a* V" E/ j: G; y; S* j4 ]7 u
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>" h& L" W9 `* V1 B: S% C# g2 l; a
[AUDIO__X_MS_WMA Moniker Class]4 G7 v* m1 S: @! L! ]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>! a7 F! J( V6 U! I! D( ] a8 M
[VIDEO__X_MS_WMV Moniker Class] H) |" A& n% M# `% b E
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 x' l N) @3 G4 g
[RealPlayer G2 Control]1 B6 S" L( `# c- x
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>/ O+ \7 R) [/ v, F; d- O1 U7 r, e
[Shockwave Flash Object]) k' Z$ S U' t" i: y
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
4 w; v$ w* g# a5 z
[KUpdateObj2 Class]
0 N5 ~5 }. V7 |: B$ o
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>: |, j5 `; t" p4 d3 U6 n3 M
[kingsoft browser shield]0 y, H& e& c8 E# D6 a
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
6 U+ P1 v* e. X: y7 ^- [" C% o
[PasswordEditCtrl Class]' H3 Z9 b5 i3 a
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
% M( e$ ]* e2 h' m; k& R) G
[QvodCtrl Class]
5 }: l, \! @0 N/ `4 `
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
6 h' b- C5 h# c
[&使用超级旋风下载]2 O+ N; X+ G- P/ u/ R; I6 L2 t7 z$ c4 A
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>% l) j; u" |+ f. y# x! k7 @* N) G
[&使用超级旋风下载全部链接]" s: D: E& n0 Y8 i8 O( C
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>8 C0 f8 H! m& D! W; z* n
[使用迅雷下载]
k9 G+ ]! @$ O- o" H; y
<, N/A>
% M" \! `2 g+ i/ t! ]
[使用迅雷下载全部链接]& x. H- W( c$ k8 ?, k4 F9 P
<, N/A>: B2 ^2 H8 k+ j4 V
[导出到 Microsoft Office Excel(&X)]
2 ~% D0 ?# F, t8 I1 p! |
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
8 ~. ~; S U2 l1 Z. {& L
[添加到QQ表情]
( t7 V( c7 R! u$ Z
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>3 l* ^" ?2 z [
==================================9 Y! z; U; N7 p6 b4 N; `$ r1 P2 K5 M
正在运行的进程
4 t- Y9 C; e8 E" y: [
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 O$ S: \( [3 |' ^6 v/ d8 c$ a
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 T) @7 ~! n( D, f6 R9 u
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 g. X8 e' D2 G6 p
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
) R; `6 N7 M7 H: E
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 [/ c- r+ H' j- N6 G+ e
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ B# y5 t) B" `- u
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% o- U6 ?' b) X e: q6 T" M
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ j# f" J) x/ }
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ b8 r. T) ?0 a0 ^) R" S3 ?
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# @: @& j6 U7 Q* a; b2 C
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 V+ n( b2 z* s+ m
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]2 d L$ j1 I, j+ J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 c0 A* c6 V4 _+ f8 ^+ y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 y: I0 {3 Y, @( h6 W, r
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
5 _. h7 c% i: {0 y& [! h. ?3 h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]! {' P$ W' V6 Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
# Y% \- J Q# {8 y( E
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]! H" g# ^! ^: K6 e
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]9 F3 D4 }4 T* y3 m! k' w
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]- C$ d/ d7 }- w# ^0 l/ Z
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]6 ]. T& }4 p1 e s6 }! \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]& u _. [' E" T! t
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
; z4 F0 e% X" p7 y4 o% ?( @$ D5 Q
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]4 R0 @+ T6 H% h2 _: w/ C5 |/ s
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
+ L% w! V2 V# W
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]) O2 K, K1 u' u8 `
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]1 m) B o P, p, L5 p3 C4 P
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
: Y7 u+ k( v" w l$ M" }; N% g' @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 ~; p; g4 D" c# ^* w* A; O9 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]; {7 h/ i i$ ?. ^2 q& K1 F- c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], c( R' n3 N9 `7 W8 N* F: {
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: t1 G6 ]% G* o+ [0 Z' T: ^2 S/ E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
! K8 Q9 v# e5 `# R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]0 J% f: L' ~: z3 F9 D2 Z9 P; A" \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& [( o8 X4 \) `" L8 g! s; \
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
! q9 g5 o& y0 _' \# s% l7 P8 H
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
4 p2 ~& I2 D: R; S# [: s F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ b" U+ G3 U$ `! ^8 I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" H7 q* _6 u3 I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]$ ~* m3 K7 x1 N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
0 t& I ^ R4 n5 D0 Y) {# h
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 ?. Q6 F! L1 l( \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 z& Q& ?9 b+ `# v9 ~0 C, o
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ E; g, g' ]. {+ e
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
7 U$ w9 z% ^: ]: m9 X( g
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) M' g9 f5 r) \8 L
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 A8 J& U3 ?9 Q3 b, T E/ r
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
* z" N. g) [% Q4 g
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
# l. T; c. y' P {
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]1 ~$ g' P- S @2 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 r/ ~; w5 }( {$ {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- S, |0 \" ]" F! d9 h* ]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
9 h7 `% M3 {) }5 v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] ^3 Q: S. D/ a* U2 ~ `4 v5 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
: s3 [/ j% x7 A* W. A$ h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
& D1 V: [. C2 C- N7 o3 E+ o" t( H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]) o: p5 R0 {0 o3 C l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
. d, e+ o8 N: P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]* w4 e4 Y5 c% X8 {$ ?
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
% O+ x& `& G( ?0 n! K
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]0 { B2 R& f$ C
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]- k. K9 g! g4 `) Y. J: Q
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
* B( L* u7 G5 \8 a' l5 h4 `9 x+ u
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
! k! } l) i+ @* j4 a& ?1 j
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]. N7 W( p9 M( E+ r
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]$ u. a1 f% p- w% D# s
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
0 V" l x- s6 D+ J" V+ w9 N
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]7 D: t5 _1 ^1 N( {- s* c" v$ X
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
8 X+ w! x2 T' G, X* v- W; V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' a; g7 c( _/ b% n% p, C1 o& `
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
" j+ h0 t+ N1 ^1 w8 E* X
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]5 z! s) Q% ]) g( p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% v/ b/ s b1 O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) {$ W+ H0 B+ X. Q
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
! T i! m9 x3 c. u' [: I
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
$ X" w+ y0 v% |4 }3 l% o
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 b. t8 o! x0 r! y( a$ g$ g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
7 z y6 y# U+ l7 h) X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) L6 }3 P: l$ U$ y2 u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 p/ J5 ^2 k1 o) ?" J2 t4 y- h9 c# {
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]" m7 u) v: J' F" Q
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]" [( j$ s1 F. `
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 F5 W" A: D& `* l" T K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; _! J5 J% l. P7 v5 G* N( m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] g+ _" g: t1 u: Q# I1 |
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]9 b2 W! ? [5 k. A8 X x
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]8 Z1 g% u' s; P. N) f0 G9 x
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]% D# S" ^) I; L: B) T1 e
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 M7 Q6 a: X G0 c. u3 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]+ t, \0 {% D% D" Y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ B% n+ d2 s, I5 ?- J9 H
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
% o5 h F7 x- r7 w
==================================
/ p4 |) J, m/ q# e9 n$ U
文件关联
1 s3 }4 f) @) s3 s% O) G7 f
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]9 Y1 R) [* C* [( B
.EXE OK. ["%1" %*]
- r' P. ] _; o; L0 Z \2 S/ s# s
.COM OK. ["%1" %*]
& f" u, G! p9 j) u5 D3 l
.PIF OK. ["%1" %*]1 W' y& y! t7 ^& z( ^
.REG OK. [regedit.exe "%1"]- `9 Y* {4 e% ]2 j
.BAT OK. ["%1" %*]: {4 K2 \6 B, Q( c; v" }- Y
.SCR OK. ["%1" /S]4 C& P! L% J9 A7 x- ]! ?0 M2 q
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
: U: H4 C, k* J9 f
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
1 d" j3 z$ |& g4 A' t6 H: Z. W; U1 m* E
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
4 }; ^1 X1 b' y4 g$ `
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]3 i2 z' X5 A9 V& N0 w7 u) }8 N
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]( F! O* R# \3 \) s8 B5 t: h
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
' j4 M' w4 Y3 k; `0 u
.LNK OK. [{00021401-0000-0000-C000-000000000046}]. d& ^7 a4 } c+ i g( A' G3 L
==================================/ V0 {: W6 w+ q( `* v- H
Winsock 提供者
$ c5 q {) E4 `* t, ?8 x
N/A
; E' v0 |9 r+ o4 I9 G( P
==================================- E7 P9 r8 G2 ^( k' M: ~0 l
Autorun.inf
: M" k+ x6 f0 S# t
N/A
; B/ x; `, k: T3 b+ ~7 m
==================================
M$ [; \ P* o+ @6 l8 V
HOSTS 文件
! O! \+ @4 Q& @5 ~
N/A! B# C$ w$ R, K1 q9 O
==================================
) |' g* @9 W. J# y
进程特权扫描
) @3 @$ F6 U" m: J/ E+ y9 m, a/ h
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
+ L9 o' ^9 N* Y
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
- X+ Q" s# j* X
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
" |! U, Q8 {" w5 P8 \
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]7 _5 Y( m) Q8 D& p
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
" y2 E F S. w! q! H) G
==================================* i' d6 D. X6 i$ A2 X) Q
API HOOK& V7 J7 s3 h* \8 `3 |( _
N/A
9 @. L; K* m. l6 v! a
==================================
/ t; b0 [/ j# R- V' C
隐藏进程
2 t' m, W4 N3 A
N/A8 C( J4 _" y. M$ F
==================================
& p% k; P! W3 i, g U2 I
6 n/ \0 Q- V" C5 Q" I+ b

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115