在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

! I1 V8 i2 A# K% U5 _9 q
2008-05-22,20:37:43* u5 e$ k2 |' B' j; j- U
System Repair Engineer 2.5.16.900
0 |/ G9 G3 Z: C+ {5 T1 X5 M# o
Smallfrogs (http://www.KZTechs.com)4 [# U! N2 T7 \) V5 y& { C
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能+ z+ S5 R2 x! T p8 V; i
以下内容被选中： C* G' B7 d2 j0 R% s. b0 U
所有的启动项目（包括注册表、启动文件夹、服务等）! R: Z: ^) z( H( q9 y& e0 D$ }
浏览器加载项
7 t$ }( F1 B: n, z1 E, A# w* K; g
正在运行的进程（包括进程模块信息）3 N5 Z- N: p% G# d3 z
文件关联
3 g& N, ^5 |9 F- `
Winsock 提供者
0 o$ ]! C6 F( ]' I' t; F; C
Autorun.inf
# {, ^! b3 m# K
HOSTS 文件+ V+ T& A" S8 O9 X9 n6 t
进程特权扫描
% e0 U$ }& D" Q
0 c+ w8 Y' W- A! m) R1 p
启动项目
) K4 e: Z% w3 f/ ~
注册表
9 I$ e# k6 D* p
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]1 t; t. V" Z- q
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]. o4 p2 B! n3 c3 d
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run], ]. z2 v' w5 a, F2 Q$ c
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]/ J6 M2 a% m2 l! S* n/ @
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]1 j6 H2 R: z% u7 S4 k# Z
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
' Y" ~) H5 Z6 S8 I; y0 t
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
$ v8 S& k" S% ~' g! Z$ W" `+ q
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
7 Q9 V% l9 d7 u$ K' G+ V" x/ j
<PHIME2002A><; > [N/A]
5 T. x/ L1 K7 a) Y8 B
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A] @0 c1 t: n* O4 _3 S: l' ^, i
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]3 M0 n# g1 R6 K
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
7 S1 N8 X N% h1 y/ q; v" Z
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
! ]5 e- p. [2 z7 ]% Y4 g3 Q) t' d. Y8 j
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
- d" q; B j' v F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]* Q! p t+ Y* L
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]7 {8 L a9 O' s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
, y: T' K- F4 }$ B; n$ ~; a
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
9 N2 H: ]5 L Q5 Q7 ?1 S5 v% J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]& B( N. F" I+ N' H9 G2 G' ^
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]7 V" j0 W1 o) x& B' N1 K, C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
! v2 P) h9 `$ }3 B
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]$ e& }& K5 a" a# `
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
$ b' I" i+ @$ R. t+ _
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
' q2 |+ ]2 U$ |+ T& |
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]# i% A. K0 N: [1 P) J6 Z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
/ ~( A" T; R1 Z+ m- F
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
9 I" [3 _& q7 \$ X4 ~' z
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]6 k% j0 v) Z) j+ d5 F: q/ ?5 d3 T
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]/ y- I1 z( X; D& L. f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]# e& C$ e ^; @- U! t- @7 V
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
, v( r; K$ x3 Q6 o7 x
==================================
6 }$ `$ \1 y+ i9 K0 s* v/ U) X
启动文件夹* @* a2 Y; [; F% T5 o5 D3 E5 M6 g2 \
N/A
; J4 |1 I7 z5 p$ w8 C: b
==================================5 [. A3 K6 z5 t/ [+ v h( F
服务
- ], w" \0 l% F- v R+ i0 h; {
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]) X3 u$ P# i1 S% ^7 X
<C:\WINDOWS\System32\3wareSrv.exe><N/A>1 R' p& ~% a; T; s
[Google Updater Service / gusvc][Stopped/Manual Start]
5 K$ r6 ~( B" E# P
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>: {. |9 H; p0 V( H% ~' N
[Help and Support / helpsvc][Stopped/Disabled]9 R- @( G. F5 J/ F7 D k! z' \2 \1 a
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
" Q1 k7 f* o% A Z/ W4 a9 U
[Human Interface Device Access / HidServ][Stopped/Boot Start]
. R1 y g/ D! J+ f L
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
/ z$ B6 O( i( }- V# P7 o8 K
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]2 A. [, X- v: ?' m
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>% x7 e6 Q3 w2 R" q, ]
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]- F G+ b' s. m4 A; N5 m
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
% Y0 _! |! v, ?; ? W, @# M8 Z2 }
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
4 {1 ~# P: n6 x, F/ u5 R
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>$ g* T! @9 D5 N; Y" S( v
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
) x. u* D, B6 a2 v% R- T/ J
<><N/A>& U; R: S9 J" f! x& v2 O) Z
[Qvod Terminal / Qvod Terminal][Running/Auto Start]% D- F% s* t+ b
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
' I4 d6 T, X2 w3 D5 {2 O
==================================. Q& R* O. t; ?6 O8 ^7 m) n
驱动程序
* F- Q7 S. V" d
[22j / 22jn][Stopped/Boot Start]
6 i# p; h3 i: X: }( E# i& U/ C: r' L
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
9 l7 A0 f5 ~1 W& E# C5 u( E0 S2 S# e
[360AntiArp / 360AntiArp][Running/System Start]
4 e- x7 a' s* g& N' a3 ]; F
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
; H& {9 i; T. L" R( d) i
[43ec / 43ecu][Stopped/Boot Start] A. C( c5 l8 q, W3 n6 y4 C/ t
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>* G5 j" X. c* |8 k+ e& S& D
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]. {7 {8 {7 r' @9 V9 T2 m4 w$ l1 w
<system32\drivers\ac97intc.sys><Intel Corporation>/ A, {3 j6 `; p. |2 ~* c6 ?
[Promise driver accelerator / bb-run][Running/Boot Start]; E) d: d1 h8 u+ d; t5 f
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>7 G7 x2 h, D7 ^, R( p- p
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]1 r5 H, @; O- c# C
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
/ b% c2 i" H3 Y% K' @" v
[KAVBase / KAVBase][Running/Auto Start]
}4 J8 y! m2 f: Z( ^
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
) [2 V) e: v: \) a0 @- P. G, X' Z
[KAVBootC / KAVBootC][Running/Boot Start]8 H5 d$ [9 s0 ~+ [ K
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>) j9 g( \/ w" M0 ~6 H
[KAVSafe / KAVSafe][Running/Auto Start]
% d4 ^* j( g4 f$ u7 q3 y0 x
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
9 k6 v- V4 k8 S5 F" v3 P+ U
[KNetWch / KNetWch][Running/System Start]6 q9 B% r. {) S) p8 M: w
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
7 Y; a& ~" T0 O5 M
[KWatch3 / KWatch3][Running/Auto Start]5 j& }7 k8 ?) J8 Q* z# I
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
( ~$ [6 r- C2 d, W1 \; M& W
[ntptdb / ntptdb][Stopped/Auto Start]
5 U) a" |% g9 c4 l% p
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
& N% Q" Y; I. }( G6 i- L
[nv / nv][Running/Manual Start]( E |4 K, f, r$ s m
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>8 ?$ ^; N! f4 A: A6 K! V
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start], S% \ G2 _' ^ e
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
/ C# m! @1 h# s7 g8 y" A1 H
[DDK PACKET Protocol / Packet][Running/Manual Start]/ }( F4 g& p# D* h% ~: p, L, i
<system32\DRIVERS\ProtoDrv.sys><360安全中心># g' U& w" {/ k# X7 F0 J2 Z
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]! K. l0 ~9 v# B! v! n9 C
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
7 |) n0 u* X k( ~
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
G8 S: P* |$ i7 ?. t
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
+ t0 q! l5 P: ]; ~$ @8 A- g
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
+ E. W* \: Q; E% C! `) `2 M% Q8 N3 k0 n
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
6 r! t# I2 K% G% r1 t% r0 s1 I
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]" i* l8 f/ j! P# V# j
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
1 ]. B3 L' p& Y+ ]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
, M3 |" f% l& w' E' M
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
7 _) b% Y9 }, @' m3 M. v
[Secdrv / Secdrv][Stopped/Manual Start]- V: s+ \& R9 e! q2 v& f
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
, q3 h8 }3 m9 x3 S, T6 F' Y
[SATALink External Device Filter / SiRemFil][Running/Boot Start]! q5 U( k3 n$ M
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>( f% A9 L+ x: ]5 `& n
[System Restore Filter Driver / sr][Stopped/Disabled]
6 _ c8 F p8 }* E
<system32\DRIVERS\sr.sys><N/A>
0 ?9 o y2 J- w7 H6 P
[TesSafe / TesSafe][Stopped/Manual Start]
$ j1 N' b# F0 y% Y
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>3 ?9 {* t( q- Y
[System Services / unzxzsrs][Stopped/Boot Start]
3 d5 y& C$ N6 m& t; t) D9 {' |; v9 b
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>
$ w, \! w) R3 k4 C3 g+ e8 ~0 m
[ViBus / ViBus][Stopped/Boot Start]: N u- t" I+ V0 U7 S& n) ]; ^
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
' Z! [# v- m2 [
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
& ?- M% v8 _5 k
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
; h* R- n$ n, n' A' S- _
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>/ C' p# V1 h0 e+ k
[ATI Extend / zhibmaso][Stopped/Boot Start]
9 V; @# u/ s% n# J' C/ F$ R
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>" W2 H- T' O+ |
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]" @/ R, k" H! k" |
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>9 J5 }8 d4 l$ R( N! C' n7 v# g
==================================
7 g9 O+ b' @" b7 C' p/ W% f. F9 t2 q
浏览器加载项
% b3 L3 x- G# t" ]7 j' T
[Google Toolbar Helper]$ P/ [9 s; l; R9 z
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>; o4 {- K/ V1 F! @% v* P
[Google Toolbar Notifier BHO]2 z1 x* {& ?3 f! h1 H: j
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
( p3 v) B' L- p5 g1 X) K
[SafeMon Class]6 q6 ?8 r& c8 O$ `# K! w `
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>! X3 J- G) q5 w9 A" u+ ]
[kingsoft browser shield]
) e7 S9 f* x+ T( u
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
+ k5 {; r# z8 H+ `# v: ^
[IEBuddyExtControl Class]
' o3 U: _7 ]; S+ |9 v
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>% `5 L$ s E& B' K& \# _
[Zcom 杂志]( R4 U: j; b8 M/ n& A7 p8 o
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>4 `) p; F7 ^6 P, M7 O
[&Google]: g$ }! n: g2 S5 Z' y( O3 W- n
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>, E" {9 \; [4 D3 [/ j) o. V( B0 ^
[KooPlayer Control]$ x) K5 v, v/ u4 z1 Q
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
5 z# s+ Q L& |3 }0 F# K% P$ Z
[Shockwave Flash Object]
3 @' Z3 M6 \+ Y8 k, c# P4 T+ C0 \
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
4 k' _1 f+ v9 m9 M/ X7 H7 z
[KUpdateObj2 Class]$ T0 @6 g7 ]" ]6 m
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
; f! D B& b. z7 k8 @
[Google Script Object]- f P* d: `9 B" C+ {; R1 T
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
# n Q5 b( d" `* L+ ], K# y a
[EWA Control]+ ^: v3 A2 J' E7 P2 b& [9 v. @
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>! r7 I% r5 T7 }& V6 m
[Windows Media Player]
+ D4 v7 z- _2 M4 M! e
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
$ J/ _4 u0 e+ U
[&Google]
. q- m; b( _; Q
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
" l5 C3 N0 _; ?: U" H5 L5 }$ u
[HTML Document]* h3 I* Y4 O1 s% c. k7 @5 i3 X
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
! I0 `3 ^8 ?, C0 c
[DHTML Edit Control Safe for Scripting for IE5]1 C' m* q7 C( R) C; R9 [
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
+ l- y3 E2 G, ~' A
[RealPlayer RAM Download Handler]- [; i& v) J* j" d4 A
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>$ D! U+ M* z- x- u* b! `! c
[IEBuddyExtControl Class]" H0 J( K( x; J6 ?* f9 |
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>0 R# c: B, {! ^5 O1 U1 u
[XML Document]
. k6 e) a8 M' c8 P7 ?/ s0 E
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
8 m. `" i5 U1 u+ a+ I
[HHCtrl Object]
- b2 {; F- {! J m3 I+ l
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>& ?0 o* T% l: k8 b! Y
[Windows Media Player]
9 D" }, V" @; R
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
8 R3 o, X9 C0 k6 B! E; `/ A
[Active Desktop Mover]' o' e& \3 i m
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
* P0 J/ m8 r* D1 x" z$ H
[360SafeLive]
/ }8 Z- s' l, I: n
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
4 B/ i/ O$ K+ ~1 d. M
[Microsoft Web 浏览器]% t# I2 c# M0 n% p
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
# f' @; s8 U6 P' @8 R, v
[Browser Enhanced Objects]' X7 s6 D9 M/ z) }' d& w# _* n
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
& u" U$ S$ f: i: j+ b$ ~) ^1 @
[Google Toolbar Helper]
" B8 h& ~" z' |* r1 y/ c* b
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; V1 z) s: j5 y* ^3 d9 C9 |
[Microsoft Scriptlet Component]3 `; H( ?2 B8 z0 s- ^
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>/ o, w( Q) J) c! P1 D2 R
[Google Toolbar Notifier BHO]& `, |! g2 T$ L% b( b" [
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
8 z- F- F) v% \" F
[SearchAssistantOC]# T* v$ P2 d5 h* H; ]* ?
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
$ `& T9 f/ ]: Y/ M+ a. l# r
[SafeMon Class]8 [6 j- j2 Q2 i" G" ^+ o1 N& v5 M4 L
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
4 e& O6 L. b' ?: U' K/ H
[RDS.DataSpace]; \2 R1 f$ x' W% T* |+ X
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>* }+ L7 i* ]' Z, Y& q
[KooPlayer Control]$ v) s, p- U# q( }% v3 N
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>1 G; C( M1 n* m% i- C {, j
[AUDIO__MID Moniker Class]
4 M1 M! F0 G0 q! @9 m! y) ~
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; q: G9 }! ~ r# O. L& M7 O
[AUDIO__MP3 Moniker Class]
% e1 X6 L2 z) ~) s$ V0 L
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
# M. B2 C0 s# E# w$ d; f
[AUDIO__X_MS_WMA Moniker Class]3 \! k7 g( C/ n
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
$ v/ Z2 `9 \7 i7 X8 p9 G2 k6 c) H
[VIDEO__X_MS_WMV Moniker Class]1 Y% F' V/ q+ h+ J% g# c
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
9 N* n' ]# M, t6 f2 _' p) s3 A
[RealPlayer G2 Control]
9 P, \8 `/ z; n5 r( ?) t/ N8 [" W
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
5 q, F7 G. B% b& o$ G: Y6 O
[Shockwave Flash Object]
5 M U+ G8 f( ?0 r$ Z9 S
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>4 y( Y' D4 v3 \5 i( n: L* L
[KUpdateObj2 Class] _2 D7 \8 w, n9 E a0 g& q( `1 ~
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>' O c' z' y* A- I
[kingsoft browser shield]* ^: z/ t9 u2 a3 j! ^
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
4 n+ G5 |: y2 L/ x
[PasswordEditCtrl Class]
) U! ]: J; E! |& W5 g N6 j* T' q
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>. f. f- T) a X, o
[QvodCtrl Class]
" j" y, ^( ]! F% m8 U3 L
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
v- S3 b) `+ s0 e. e1 N- x/ p
[&使用超级旋风下载]
# Y( e. Q: m# ^1 P$ V1 g0 V4 W
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>; ^& R% [2 y# F0 u! Y' g
[&使用超级旋风下载全部链接]
& u- A8 N4 z0 _6 K( i+ `
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>- e! L" \6 Q7 q. }( S! e4 T/ F0 x
[使用迅雷下载]
# |0 K& y3 H, w& @ J6 @
<, N/A>
G" i, d& t- e$ K! a' h, I3 p
[使用迅雷下载全部链接]; C5 r* S9 T# z5 a0 i
<, N/A>0 O& I) ~, N0 Z% X- H' f g
[导出到 Microsoft Office Excel(&X)]
6 v# _3 b/ o$ o9 s/ Q9 @
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
& p j( K a3 v7 p: h0 e! t
[添加到QQ表情]. x- p4 M+ P$ U% d6 w8 R
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>( {( @# r, O7 I7 M
==================================; s8 X- e2 j8 R2 m: W0 `
正在运行的进程
5 i$ [$ o- q$ {$ |
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]# ?/ |" p0 g" ~1 L8 a8 D
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 e: |% w; L U# }
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. A% E7 I F, o& T0 C1 S( M, y6 G
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8 @5 `3 t" N5 n6 p( @
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
) \4 W2 |. e& p r2 J
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 d0 @1 }+ P _; m, q
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' h% d, r7 l5 O* d; [' e2 W
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
1 T$ U9 d. h2 k* ]
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) c# _# }: G; o. m; P
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 o/ @" `7 J4 v) B$ g4 F. @& U
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ _ t& u0 [6 W& _5 @5 u; T0 s% B
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]7 F. r" U) `7 ]' V' }2 X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
' w: f( X) V- N T( Q! `7 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]" g; c6 B: T8 K" b. M
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]" X3 g0 b4 q- s
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]0 B! H9 L |7 t5 Y8 r' A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]$ f$ ~$ q0 v, N! I
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
& d! K7 ?& y& G# @
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]2 ~3 D6 u0 J" j+ q' e7 Q; C- g
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
" N! ^# |- N' X& I% y
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
- ^; g- r1 P0 n. D2 o
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], M! J( I+ k9 h/ Q# S5 R: t0 [- [/ b
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
. i- u* F' h: f9 T7 x: F6 s
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]4 A) k0 O3 ^: [. d
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2] w% d- N8 ?+ x3 G6 W
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]- {: U5 W+ v$ M
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]4 m5 r0 u5 g z! Y+ q p$ d! v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
; k6 p- t& d( {# n" x3 x, N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; M* ?5 y% L6 b7 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]! j& O& w' n9 o5 ?; N7 ]$ V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" }4 }6 k7 I s
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]. a% E R7 M3 B, ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 {) m& ~1 B# I8 B3 s, O% n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
5 q9 E; y+ F0 v3 d3 w M. m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
/ l+ {& T o4 z% o; z! s$ }, I% s
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
# I2 l/ K4 p1 L# L( l, T
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]$ ]' W+ B8 Q9 E% Y- X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]' H0 [4 q9 \ u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, O$ p4 L; t7 P9 A( g& L, J
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]8 E* Q1 W/ O' B& ?# j. X
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]! _) R4 \: T, \. m8 U- c0 T
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
9 E- R# s2 S6 p3 q ?& N8 Q- @
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- H1 L' }5 A6 K6 ~+ U
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
4 R" F" F3 a# M/ A) S$ ]
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
7 h( a- m' y2 J1 F: v+ q; X ^( Z
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& s4 x$ x7 x! D6 f# t
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 L/ ]4 g# t) Z4 z: ^( Z" l
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
8 o7 S& \( I! r* P4 z5 m) e
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
( t9 z" L/ z1 Z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 |; g. w! r* A# @, Y, z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
3 d! v! R0 j& S- Z* m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ x, r- e9 V1 K; Y" @
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690], j0 f0 i3 A/ |3 _
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
& j% {% L' O0 v: B+ p/ o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]/ B# t3 |1 V' @8 r4 c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]+ s5 `5 G R Y+ }
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]# s t/ |4 B3 B0 c/ R' Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
; b7 g; O* Q) Y% b" @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]9 |3 [$ }# h4 O7 l9 W, F
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]+ j4 v+ a `6 K6 C4 Y
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] e' l/ m3 f' n! y
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
- z3 Q5 h& f8 U
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]9 {% }; B% ?3 O% q5 k+ ]# h0 }* z
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]2 P$ ?# i& e6 _1 W6 ]' `
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]# v( \' G4 P9 j3 n9 M2 v
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
4 x D% \* O* C% n' f. I
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]% Z5 R6 G$ j* N' y
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]! a! ~4 k, t1 x0 P
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
3 C3 f" T- m0 m2 _
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]% D7 r, m1 }2 G% w
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
0 m3 C! M! V" s
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
1 M8 g& w; W0 R6 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 M8 w" s; T8 N1 _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364] Q- E/ ?+ r# T- s+ n( B
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]( w# G) p, K" G4 w8 H U
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]$ d( R# Q, J$ d: P7 F7 @
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 e+ u/ T( d6 D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
) n ^& z3 ~+ i/ C" O7 w) ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 k1 e- D s# _7 O- \" B8 }
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 d& P( T- n- }1 e( a
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
7 u& e" l0 E6 Z. G. y3 Z/ l
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
! ~ p7 P* q" O5 z. x; H; a
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
! g+ M, b( V8 A8 W2 V4 u# J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; J+ v3 [" l7 c/ A: ]9 V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" c( i6 U8 [8 I' ?; k \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ K: u8 Y4 y2 P" r0 n6 r
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
1 `/ |/ h0 B8 [! z% y1 t& Q/ [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
& \) T) ]' o' ~8 q7 d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
2 V: L. s1 S6 U' x" A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 E) W d7 R W; P7 u
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]8 j# p& Y8 ]! Z9 C* l! C! F9 |' X
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
8 H8 @) b6 R* p. u, z. r) I+ L
==================================$ R9 u8 o% ~4 D; G. U6 r W
文件关联
# u8 G/ c8 K! f' T2 z
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]2 e( S6 t1 Z5 e7 A1 O
.EXE OK. ["%1" %*]
& z1 K0 r6 ^9 Q2 _/ d/ B
.COM OK. ["%1" %*]4 P$ j7 F: X- ^ i! B2 k
.PIF OK. ["%1" %*]
0 N( O$ ^+ n# ^( X# {4 d
.REG OK. [regedit.exe "%1"]
2 a H. u9 d, A/ n
.BAT OK. ["%1" %*]
% x- ~ o% ?% Y
.SCR OK. ["%1" /S]
$ @! k/ u* a( @2 W+ B
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
- b; L1 j' x$ L% t4 H+ B8 ]+ X
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
/ n3 J4 _8 O0 c9 K5 @
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]# g5 C+ o$ H) k# Q6 A1 l
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]- Y$ r0 {1 y5 o+ E2 `/ k
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
. `4 E$ B* ^2 \1 I
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
. W1 P8 o3 S" ?1 w
.LNK OK. [{00021401-0000-0000-C000-000000000046}], w. [8 [4 a5 N4 l! S6 `8 F
==================================- @6 J8 [% E$ x$ q9 Q" H
Winsock 提供者; f9 q0 B- i' w" T
N/A
1 A& A$ C; ?3 Z- ?$ J( k
==================================3 e/ N- b$ `8 k* m5 @8 W# W
Autorun.inf, ^9 e. Q% d# C
N/A5 b+ k2 ^( Q( `6 E$ Z# m% v" D
==================================
3 U0 T/ C7 D1 k- u/ u
HOSTS 文件
7 S- J) `" d' W& G7 B0 n. b
N/A
! ]1 i7 t! q" O3 a1 F+ K) A
==================================
; ^: e' g. k2 D! I; `! |3 z
进程特权扫描4 ~( l+ i% b- b
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] V, D, O4 W! F
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
0 }+ ]: g6 \- ~3 t0 k
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]3 i2 q. {( k( U2 U
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]$ V) q) P! }5 c* U5 T
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
% |- H. a8 ]1 C. L& D
==================================
{: m S1 V7 B. J( U" S
API HOOK
' ?* i5 k' B* ]8 H+ @7 |
N/A: A# j! |% }+ R0 `/ d- b
==================================, m2 t7 k4 [9 c8 F: N
隐藏进程
- J c& n4 Y% L" u$ k! l/ H$ M
N/A( h8 e. {9 I1 [8 }
==================================: I- E1 f& k$ {, [4 T5 I" g2 F
( |/ h% ?4 u o$ Q

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115