在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

' E9 @* p9 B. i& L
2008-05-22,20:37:43% C% ?+ [; Q, J+ {5 o
System Repair Engineer 2.5.16.9002 Y4 _/ c# ^6 q
Smallfrogs (http://www.KZTechs.com)
- l& k/ J2 C/ U& D* Y
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能- q W! M. W1 i. b7 V
以下内容被选中： T$ R* d" k( y: k4 o/ }
所有的启动项目（包括注册表、启动文件夹、服务等）
4 m* i/ ^ F, k0 S; ^ L0 |
浏览器加载项
2 Z3 \4 ]( ~' j- f
正在运行的进程（包括进程模块信息）
- A& D' x4 Z( o5 M+ ^$ X( O
文件关联7 Q) u5 b+ [) w& Y
Winsock 提供者
/ H; Z1 x3 f* Q
Autorun.inf
9 F* V# ^2 V3 K7 v% E1 `5 K3 K$ a V
HOSTS 文件
, M1 O+ ?/ |7 f. W. E3 W9 c# F
进程特权扫描' V+ P( v" P; _5 ~1 j
. y8 Q# e% r/ T z' i# ^, C0 N
启动项目5 T T$ t7 ~8 p0 U7 ?
注册表
/ ~5 p$ e h* o0 t) S7 _5 ^
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
! H4 o# h, Q$ D% }! G* a
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]0 ~5 j# A2 @& E
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
0 x0 @4 r& V% L
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]5 f% E, n' y5 g2 h
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]0 h6 \/ L- {, K+ c6 Q. H
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
* G' w. A! T1 \$ E a
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]. v2 I( R# P4 R1 |4 S6 t& E+ r- m
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
9 a* {* t2 x- b5 q% o
<PHIME2002A><; > [N/A]
/ {! Y' K1 h5 E' f
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]: R: R/ |' {4 a: D8 f
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]" @3 k& a3 ^# F
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]1 `# u5 X0 S. _2 W7 k/ a0 j1 y
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
Y5 [0 v3 }" ]: G2 Y0 }2 _
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]: g( x1 y3 X2 v1 [1 W
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
R0 d8 l; B9 Z
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
) X7 R+ m5 u9 F$ |- a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]# |9 K5 d1 ~0 K+ u' d' A
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]8 ]" t/ b4 k# j
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]$ z8 O* ]# A1 d" B$ D2 ~
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
) V7 K: |; ~ i6 ?) y/ t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]- ^. R, P# y. B
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]3 O" x: l- }2 Q& M
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]$ B& V1 z# p7 [3 N& K! R
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
3 ?, Z* N. u u% ?8 P& S! Z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
1 G# v8 i! O+ Y1 F1 Z8 \5 u
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
, |1 `0 t0 Q8 H6 A
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- N- o) w$ {' Q# k7 R* F
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]$ g, I0 ]$ A' t- x
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]% ^# \: @0 \# t& u: ?
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
$ f8 K! B, r% d O
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
8 c2 g* y7 u' A3 H; t$ w5 V6 ~
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]1 M" R0 `( h( F }0 Q, x9 z
==================================
9 c9 W; z: _/ ^/ d" Q6 i
启动文件夹3 q6 U/ q$ }* b9 v$ Q
N/A
8 k* J' T' i3 N0 |
==================================
5 g& U8 Z+ L5 Y/ ?; ?+ z/ }. `2 \1 J
服务6 N, f* W8 v* k$ k$ C
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
% @# ` K2 E2 T
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
3 G3 Z9 }: E9 S+ G3 f0 b4 W# p
[Google Updater Service / gusvc][Stopped/Manual Start]% S9 x( P, n! h% H+ I; E4 T$ b
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
, Z7 |) L" G8 t
[Help and Support / helpsvc][Stopped/Disabled]
1 Z+ i5 s4 s# V! a2 B5 n) ?# H
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>' {1 `. C; a. j' e; _4 |7 M% y% C
[Human Interface Device Access / HidServ][Stopped/Boot Start]
8 p% j! ?7 A' i0 _' V6 {4 u# ]
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>$ p3 R; n1 H ?, @/ W: h; T3 ]
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]' q) f- ^1 ^1 G+ Y' ~- `
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
+ r4 Q& b f' ?0 [2 I
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
% Q! q% N5 W7 ~. I$ b
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
+ {# l4 c2 ^ j; P" y# g
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
3 ?/ _1 C! a* G0 H+ p; u
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
3 `* T1 F& R9 g5 C
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
) I. S8 Y$ `( e; ^2 x
<><N/A>1 D7 A8 C% F9 Q/ }/ P5 u
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
- Z. L/ _, {* g7 K+ f1 q
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>2 \% T5 P5 i: b; M7 m) f
==================================4 c1 R0 v. n' ~7 B6 a$ K
驱动程序( ^9 Y; ?" p* Y, f$ x7 V
[22j / 22jn][Stopped/Boot Start]
" P* v3 j# A1 B+ g1 I# N
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>* }3 ]( F' O3 b& |
[360AntiArp / 360AntiArp][Running/System Start]
9 v# F$ H C7 \2 Q
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>! y6 G3 [9 }6 `! }- }3 D
[43ec / 43ecu][Stopped/Boot Start]% i8 a$ c. n. J2 p
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>' k1 }+ Q3 S% b1 T. f7 e' T
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
) ?! z1 D+ o6 p+ b* K
<system32\drivers\ac97intc.sys><Intel Corporation>
1 u* k: s6 W- K# s( F# G
[Promise driver accelerator / bb-run][Running/Boot Start]# _1 e9 `& c7 ?2 G8 D3 ?% w
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
8 K+ H" V, ]6 L# E
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]) x+ Y8 d( q& u' b7 X4 T/ z
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
# j7 I6 C' {5 M1 o7 n; g% s
[KAVBase / KAVBase][Running/Auto Start]
% X$ n" d2 J( N9 H: o0 m# X
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation># B, I0 m y" O/ H7 o3 P& T& M
[KAVBootC / KAVBootC][Running/Boot Start]
- ]/ a! s2 `! m/ H) m
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>+ x+ k4 O5 i) o% h* e# d2 _" K
[KAVSafe / KAVSafe][Running/Auto Start]3 u* W: u: f6 I! ? h
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
5 t- c6 S! _; o) a! {( {# i
[KNetWch / KNetWch][Running/System Start]0 ]; \9 t5 V$ I; c C' C
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
$ F. c' g; x) `: { X
[KWatch3 / KWatch3][Running/Auto Start]
! A! f3 W6 Z' e* Z$ Y9 y9 p
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation># O, X$ i0 [) G1 C4 z
[ntptdb / ntptdb][Stopped/Auto Start]
: O8 }6 d1 p; m. w6 z) {
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>. ^1 h$ }& l- ~# ]3 N. |/ N
[nv / nv][Running/Manual Start]
8 n) J: q7 h* Z- U
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
4 h' n3 m# x, M; q
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]- {9 D; k, r6 |2 I2 R; e
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation># D% d; n4 }8 f# P
[DDK PACKET Protocol / Packet][Running/Manual Start]1 P2 S! k$ a5 }, |8 t4 k/ L
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
8 q! Y9 Z8 }$ S: Y
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
5 p- a* a- f% e
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>3 j2 l3 ~3 R7 d6 F+ u' K7 w3 |" o
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]# ?! Q3 [& B1 K5 b0 H
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>* ?/ R. V, s/ t: r' C) H
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]2 p6 d) v) q' N7 ]9 `
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>& u# r1 i# t% e1 k, R9 P0 L
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]0 {9 M- e, `$ K0 v1 F
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>5 i, n) X8 k& }; ?0 p# k
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
$ |4 E5 ~3 _8 u1 ?8 c' I
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
) A7 f+ p/ a! u% R# a
[Secdrv / Secdrv][Stopped/Manual Start]
# e4 Y# h2 O. ?# @" p q8 k
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
& u. ~3 O& U: ^$ d
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
9 n% W7 ^7 I+ T$ H8 a* c. x
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
2 H* \2 ?: Q' m# W
[System Restore Filter Driver / sr][Stopped/Disabled]
( A2 @ i/ J& z" Q
<system32\DRIVERS\sr.sys><N/A>0 t& y, u$ c" ^) n& a' q3 r
[TesSafe / TesSafe][Stopped/Manual Start]
( y6 [) @! P' B( o; r
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>6 k' J2 O* ?/ ~; E& i
[System Services / unzxzsrs][Stopped/Boot Start]% o8 W" a7 K! K$ w4 x& R2 b2 V- f
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>6 V$ K" y. R" ~" |
[ViBus / ViBus][Stopped/Boot Start]1 W4 R7 u9 {& s& t) n% i
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
3 N/ c4 F7 y9 q) `+ t
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]$ N, ^3 u) z% B3 c
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
% y) U. e. e. G! ~5 z6 k
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]: w" n0 t: D% R# k2 A5 W% ]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
( R. r5 w; b5 p$ v9 y* Q6 B/ A5 V
[ATI Extend / zhibmaso][Stopped/Boot Start]3 B- [* z3 f8 ^( Q# \+ l
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>$ ?2 j' A5 q# R2 G
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]) q @ Q, F. H6 x, |; Y
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
" u* r/ C/ M* g8 Q1 G
==================================1 h' y) l. H# t
浏览器加载项( Y) u; T! U" q4 d
[Google Toolbar Helper]
1 n0 ]; S. G& ^ K5 _7 }
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>" }9 j ~8 D: N9 ?4 _- {5 g6 q4 S
[Google Toolbar Notifier BHO]
+ [) Q! x- M% s7 z' F% P
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
2 @# \+ a9 j3 h9 V
[SafeMon Class]/ |! C+ v5 Q0 a' O& Q( z, m. Q
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
! S+ w) ?6 t2 M2 U$ l, y
[kingsoft browser shield]) Q% Z- `: `' { y3 N
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
" [: ]- k' p* C# j
[IEBuddyExtControl Class]' M. C3 ~/ R# L5 T
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>2 m5 D e3 X8 `5 `' x7 c3 k
[Zcom 杂志]6 U' O( S4 h" n9 w O3 `
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>( O/ M8 s- P6 Z F( I/ f+ j
[&Google]( w7 l4 ]+ C; P$ P, w
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>- Z2 ]( W H4 i" o: n) ~) B8 r' u
[KooPlayer Control]
8 ?' e3 X! O ^9 d8 Q* t5 t/ N
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>% X5 }/ Y- H4 r0 P: z
[Shockwave Flash Object]
7 S5 H) o: ?: O
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>1 h, H- A. D' R0 T
[KUpdateObj2 Class]
* A \5 o: l' W" {- L0 l J \
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
+ M" D( L8 J1 S' u
[Google Script Object]+ q- w" ^# p4 H
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>: y. w) u: [; G( W' v" c( u
[EWA Control]' A" Z- ?! v" A. E- l: s
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
. b8 K; H( b e- n0 E0 b) N
[Windows Media Player], b8 S' I6 L, w7 n/ S7 A
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>' ]9 j; j/ C# M$ |
[&Google]6 k3 \4 \; A; d, m- q
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
8 @- ~: a9 M: H. \( t v
[HTML Document]" U6 |$ u' y2 n. Z: @
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>9 i/ W; _0 F: S: W
[DHTML Edit Control Safe for Scripting for IE5]
1 G: Q; K1 ^4 Y( e
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>4 p4 k( m# Y: M) E4 Z
[RealPlayer RAM Download Handler]
0 q2 a( b1 a" b; S! I6 b& V
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>! v0 j0 L; |& w' \' r7 @6 |* s
[IEBuddyExtControl Class]
& G( P" i2 n7 v! B' O) ?
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>8 Z. t7 I6 g! ^- u# L, \
[XML Document]; X8 t0 J( C3 U$ v1 _
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>9 C1 z. q) R- P' n6 N5 x
[HHCtrl Object]
$ z1 d n J2 c; T0 z# D
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
: q4 F9 L1 E5 n2 _
[Windows Media Player]
9 x- G3 u3 h) ?' B$ }! L
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>1 w5 c! j1 R* D
[Active Desktop Mover]4 f3 x4 A: M) W; u
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
/ {0 ~2 d% S B+ H" L4 b
[360SafeLive]3 b- @4 s. J# U+ A. A
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
# i/ K* U8 O, y; E2 Z6 K
[Microsoft Web 浏览器]! L! Y0 E% t6 o* `
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
: W* g0 q, F! a; p
[Browser Enhanced Objects]+ `, |1 \1 Y( Y4 I: y3 {2 k0 n
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>* Z- w8 ~9 I' Q2 V6 ?7 Z
[Google Toolbar Helper]
! H; K) [& ]5 n z4 b
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>; Z) G# k9 f* l+ L) O) L
[Microsoft Scriptlet Component]
0 r" H7 M7 w- F4 d, F4 r
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>- Y3 e1 b( f" V: V$ v
[Google Toolbar Notifier BHO]
0 V" h# n# m1 v" S0 W" A
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>0 j6 r/ H5 O6 H0 [# y% s* `
[SearchAssistantOC]
H* L" x! P* u4 w. y
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
6 E9 [+ D* S% [9 u
[SafeMon Class] e0 w$ x' t) c5 {& D" C
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
! ]5 a5 `6 Y+ ^7 }" \4 ?% u
[RDS.DataSpace]
; J: j- H" M8 L4 S, O2 I- V
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
( R; I" Y% ^- W4 |, U8 f
[KooPlayer Control]
. J" M. f" e. R/ a2 O" l1 V$ b) w
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
. I/ C( }3 _- e
[AUDIO__MID Moniker Class]
- i4 L n, ^& G- S
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>( S$ Q% u6 M3 ~/ G& G# I1 }
[AUDIO__MP3 Moniker Class]' H; T! y2 ~& P# g' s* b
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
- [! X% p% M( _! a/ E
[AUDIO__X_MS_WMA Moniker Class]; @- u% x5 Z E, n
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
+ f4 Y" D) m9 k0 {3 ^
[VIDEO__X_MS_WMV Moniker Class]( n" `, M8 q+ H9 x! w- v( \* B! @
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
6 Z' D6 X: V7 _& y7 e4 Z
[RealPlayer G2 Control]) K- s' g; [2 p W* b- R) H- f
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
/ P# R$ L4 S$ Q. ?& q
[Shockwave Flash Object]
% v7 f' p T- v$ z
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>; p. l4 a) ?4 O5 X: G" U3 m$ N0 {
[KUpdateObj2 Class]
. k$ c$ @$ |8 q. c* ?9 [8 G& h
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>" x( w$ L3 P4 Z! v1 |4 q2 [
[kingsoft browser shield]5 [9 O, O4 z" T7 U' }
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>0 P, p" F2 g5 b: Y
[PasswordEditCtrl Class]' k5 v) W; B& Y: M
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[QvodCtrl Class]+ S/ ~4 Z6 Q: r0 }7 [9 H
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>9 K2 k8 `$ I4 A& r) p
[&使用超级旋风下载]
( J6 ~9 s+ v% w9 m8 i; y
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A> K1 A8 c# K: m* v) j! ^3 ~6 `
[&使用超级旋风下载全部链接]
& T" H* ]+ y* h O
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>- ~: S: Q2 J: s! T0 W% g" f
[使用迅雷下载] ^: I" v# e$ W& }
<, N/A>1 n: I l2 _8 Z3 n0 R
[使用迅雷下载全部链接]* G, T% Y7 }2 J5 V& q
<, N/A>1 X' G1 k# G$ s: a E( \
[导出到 Microsoft Office Excel(&X)]: i3 M$ p8 h- o8 {/ Q I3 o+ E
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
/ Z6 N2 _/ `' V+ X' z( C! D1 H
[添加到QQ表情]. ~! L/ D# j# v" A4 @3 F- W) ^
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>( T. p9 N# } R! r) f# c4 C
==================================
0 b- M+ H* K4 }
正在运行的进程, T5 m K' A7 y2 V$ x% X3 c
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- k, ^$ |$ D ^$ N
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% O* {7 M1 Q& ~# o
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# P7 g6 y8 k8 k4 V' ~. i8 x
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
: S+ P$ N: d7 Y9 q: j' \
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 f+ \ p# i6 h) e5 x" p1 Q
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ v! l/ t+ e8 S+ O) X
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
% q/ X( l1 B9 W$ t2 }8 s1 b4 b
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' ?- `9 H3 e Q( i) H
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]/ O$ Z. J# N+ E. h
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
. w! m! v' `+ ^0 m5 q
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# ^8 S u6 ]. E
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]/ I( ], z! T# B* m N. Y, [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]2 A- x9 H: k7 |8 F
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
9 o: L3 G% q+ V' U9 w( T/ T" P
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
o" g3 F8 \& H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]
3 f M* a3 T" L8 ]8 w
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]; n$ }; Y3 Y$ @: `
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
' H1 ?6 \5 }4 }5 x. Z. ?
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]' |4 D5 ~- _8 K; ]( C
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
- f, |# @0 c9 @1 r
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" Z" F0 J5 X) ?. t' V
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
6 V, M Y3 V" |% f* N \* R: X
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
: j! C8 H( i* t8 _; b3 v
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]5 e/ P: ^. c! i5 ^# G+ H* o( l
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]; D, z8 _: A- P% Z
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]2 ~! \% B2 M# B ^ B s' m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: k) F+ j- h' M5 q9 S( o1 s
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]. F+ u$ P& r$ t" h3 Y( c; n: M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 [( c$ d$ g3 S9 V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
f9 U2 S1 F' f* o _( X# I$ Y/ D
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. ?4 R) a4 s7 N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]6 @/ n( q8 C; e' Y" k- c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( q3 [3 U- T% G+ A& m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 F/ A w9 A' C/ T! d
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]/ u2 C' g% E' j& D8 h2 N
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
0 V( @8 y9 Z: L, t( c; z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ r. w- O9 ^7 ~3 p, P$ i" ^, g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]& E7 s, y4 r2 \4 G" q( j
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]' I' f2 [& `, u5 |0 C9 C: n$ X/ R
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]3 p/ t6 {, x( ]! W
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]7 D0 z i n, a) T( I( V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
* ?; M4 f9 T' X- m4 S4 S
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) m" c) O! V6 S& a. b
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
2 K! |5 J' [* C; R6 ~% b c
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& G0 a" x% M2 J
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] L& T9 U. a/ v3 K
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]" G- q; [& b) c8 w
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]' v- } p ], H9 N1 _& Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. d$ n7 r- L- ? H, c6 C
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" U( y" Y. U9 i/ q; M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 X/ C6 O3 k$ M$ z
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
% S) ~, \9 p+ @: Y
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]( l: ^3 @" ^( b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
/ c5 p6 J& `6 r! j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
" c5 x8 x* O P7 h
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]9 ~/ e- M" H* W) r2 V5 |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2] j. l4 c0 d! K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]5 k8 ?1 [: e( ?; l0 z- A4 p& D" x
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]2 u+ Y% P1 e$ z7 L/ H
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
, }- x9 R) {/ a: H
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]2 e" `, c& A5 z7 M; J! f
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
6 J, ^; t% v9 j- v2 i# B, M* u* J* }
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' v" p5 Z# u9 c# [
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
: t5 p3 a% F0 d' p: O
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
/ `/ j4 w1 n5 b8 \
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]/ E |- c3 p: \+ m" ~$ p: O
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
, [1 l; G" f3 f" {1 B
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
# O" ?, }% {) ]. K0 T& ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 Z( ?: c+ x4 |
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]7 m; x7 |7 o% c! r n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]+ }: E+ r! T7 Y+ F3 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 U: K- B' [; x% ]& @6 S! I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]% a p: a9 {1 ~! ?; C: @( _! B2 b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. ]* [/ J2 { c- K$ K/ p1 I
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]$ n, w& ~5 N* [7 I' f9 r& Z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
5 b# Q$ T& g8 [ |; b" Z2 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# Y4 I+ f& x7 `* n$ |0 A. |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]- |9 C: R+ {! Z Q' ?
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]5 m- f3 z/ e, }/ y5 ]: }1 ^# r
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]% f# G$ @/ H. s: ^7 _4 i8 M. m* A
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
9 H. O% _# j: T, L0 w
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] h4 v& D9 ]/ ^8 P0 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]3 ^$ V2 b" A! V. k* f, }$ ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" o* Z1 l4 i2 k0 v9 J- _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; i0 a0 c% J% y- K6 ]0 c
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
5 c- p$ z q7 u+ e" S
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]; T/ W, y S# x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& G3 j' L+ i' S- \2 B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
2 V3 L' t- E7 Q: B6 y6 z0 f. p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" b9 g. N: q3 O
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
r1 X$ Y, L# B# P# B' K
==================================5 m: W. y) w' }) Z2 m8 @+ P& O) R
文件关联
0 ^8 x$ ~" ?2 Z& t2 r
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
5 O; \2 x# G0 ?* U# U
.EXE OK. ["%1" %*]
7 P, H9 Z' B4 n" K1 }+ b, O, L
.COM OK. ["%1" %*]
$ L7 U- u1 [/ i5 \/ @( `4 l6 ^
.PIF OK. ["%1" %*]
1 K1 b; B5 U0 O! D: f8 U F
.REG OK. [regedit.exe "%1"]
4 {6 o, D8 [- E- A) t( P
.BAT OK. ["%1" %*]
/ _( m' t! \. `7 G; V
.SCR OK. ["%1" /S]
% p4 b, _, m7 n3 P1 r
.CHM OK. ["C:\WINDOWS\hh.exe" %1]5 N1 W/ F, }0 q3 q. u' J/ B
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] a5 \" L* l3 k' j' F+ B2 \
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
3 X; i2 Z% g1 F% q
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
) t. {$ [8 a' _. b7 @7 F
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
! w4 U$ {; d# x4 V" {
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]# Z- O5 Y, _* [- c) P0 ^4 e
.LNK OK. [{00021401-0000-0000-C000-000000000046}]2 ]6 \' w2 C9 Z# e* Q* B5 c/ l H3 L0 F
==================================
. K- u3 K2 Z+ B4 O1 H- [' ^* \
Winsock 提供者2 e, T) U; x5 p' I- C" i
N/A" Y6 r! k$ C. `6 B6 p; `7 D$ U
==================================
, y. j0 M$ Y6 I! s
Autorun.inf# P0 p, X \# d
N/A
* u. \* a6 S0 }, Q4 G2 Z8 M: k
==================================
4 Y1 y1 [1 A: V3 B4 D6 s( {
HOSTS 文件! v+ g) H2 R! h" y# v% h8 n8 c
N/A+ f8 u7 c( |3 }# U' L. Q
==================================
* j: c: b7 j2 A
进程特权扫描
7 f1 E2 ^) u( y$ v
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]8 B. e5 | O6 T: T/ j
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]$ ]9 o+ g8 T0 o& W& _1 J) A0 @
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]- `/ E3 G- x( H" f3 ?, b' z
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE], ]% M4 r/ ?* E! x$ j
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
8 e! _& ^. a2 F$ `9 o! `
==================================
& u! B3 A9 c; e' z7 S8 f
API HOOK
$ O4 o% U6 v; f1 l
N/A2 @, h. w. e" `
==================================
2 }+ d/ P) i9 N/ R! S* U/ }( ^
隐藏进程
9 Z8 |. y0 S$ l M
N/A
7 F0 d4 ] ?- h4 ~' t3 Q
==================================+ |! ^# {7 o( z' y" ~
: w$ p( ]( {" A" f

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115