在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

: h+ D( x. p7 r: W
2008-05-22,20:37:43
9 C6 e' H3 m* @8 n# v& |
System Repair Engineer 2.5.16.9003 C& d j; n/ L7 C
Smallfrogs (http://www.KZTechs.com)& @( B( J) U: W7 o
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能! {" e/ Q! p- Z; J
以下内容被选中：( s1 d7 H' A5 G3 N) b
所有的启动项目（包括注册表、启动文件夹、服务等）
' ]- g" u3 I) X/ ~5 {* @- [( I
浏览器加载项
) ~' T$ z8 k- M! p9 _- b, g
正在运行的进程（包括进程模块信息）) Y1 ?8 X8 {! ?' l
文件关联
9 t% N. @- d9 @8 D$ b! ?
Winsock 提供者
% e' Q; u: X' V9 M7 H; n
Autorun.inf b$ t0 f6 G. X
HOSTS 文件
; k( }1 N P' F6 }0 y: ? u
进程特权扫描
: F/ s5 V5 [2 r" m" ~5 M# Y, ?
# O; x/ T1 ~, G6 ~3 z% ?& q
启动项目 V E& }& P( J. l6 |4 X7 A2 z
注册表! W- _9 ?# `1 v4 J1 s2 ?% O
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
5 @! V" W+ [9 K2 {+ z
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]. t6 r5 n/ j3 t6 r% i
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
$ k( O/ o6 \$ S# f8 z* Y, ^* \
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]) a( T; z& J# w" j6 k( C! r
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]* I: M9 b Y7 c6 @( _6 G
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]6 w/ ]7 x- u4 C2 D. L% N- s
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
4 V! E/ Q- [) p, s% X
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]& c# V! }5 b# d9 g& {& `
<PHIME2002A><; > [N/A]
$ y" t& h3 B' T n& u+ d
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
6 P. s B* T6 {# Z
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
+ O, O. u. v+ k( n( e
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
$ W5 ]. Q' x3 H' O3 f
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
! ?& j* a- a! j
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]' ]4 c: `: |9 p* t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
1 h3 B7 m& Q6 t& P2 z5 e
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]6 s% A9 X2 V( R3 G6 _! V
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
$ F8 G: n2 ^) j8 o1 |5 `% Y2 ~
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
0 T! { |9 R" ^. Z; F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]) H, X& T% w# f
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
1 I, @0 O' I) C' g1 P5 s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- E/ v& l9 x5 s5 d5 n
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]) R) u& C6 W* j6 j! t9 w
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
: E5 ^( q& t8 V
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
/ k+ q6 e" r D9 G8 F3 v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]: K% q# I3 ^% F% |$ m, ]7 [+ e
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]1 Z. k: l y: ]5 x" R3 Q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]0 S5 p; S9 k3 {! t7 ^
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
1 e) |; H: I( Y$ k" b4 M4 [' @1 P
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
% O9 K4 { i; e c/ I" H
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
) w( |7 g. o+ b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
. z( }& w* L: h# D" f
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
& D% }$ Z* \5 u7 w
==================================
* g1 ]3 Z. g) ]& O
启动文件夹4 ?) H3 r! t5 v" p7 Y0 W; _. h
N/A: U' D- P& R% V8 n8 {! J
==================================9 d4 |+ s2 W, }, e( ?5 ]
服务
( _1 B) i. P6 r; ^9 ?6 I/ Z8 H
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
, k) T9 ] ]( t% a
<C:\WINDOWS\System32\3wareSrv.exe><N/A>: B( {' }, ` S$ d2 A
[Google Updater Service / gusvc][Stopped/Manual Start]
# X% Y* \* s9 x* W: Z! v
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
0 ?& T; Z8 H3 ?; I+ R
[Help and Support / helpsvc][Stopped/Disabled]
$ Z5 n7 l0 K- o' S' e& W2 K% ^
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
5 C, i/ v, ]* N& D. u. Z6 L% E! S
[Human Interface Device Access / HidServ][Stopped/Boot Start]2 k# m8 D5 g5 r
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>& y0 ?% t4 ]/ A: \
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
+ L$ H+ {! u5 }/ g
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
" J# m3 D5 m. {2 Y5 ~/ _* _
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
3 v2 v4 M& o. u# _8 X5 U
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>! g2 G1 i0 T( p# M x9 r0 p1 S+ L
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
$ N0 Y: ~, @/ n3 p& U
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
6 a3 |8 [% T8 g" y2 z- \
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
: k( h5 g3 W+ r
<><N/A>6 m, ^( d! h. ]# w3 _
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
) |% \3 F x6 j3 U8 e" P& h+ }" ?
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>3 o5 D. k* A' ~$ \% P# u" W
==================================
1 y+ k5 ^9 b8 M3 U7 Q
驱动程序+ s. B; M: s' [' Y- u0 m
[22j / 22jn][Stopped/Boot Start]
( B/ ]' K0 g; B% {9 f9 W1 D
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
B1 u+ a/ Z: b! h
[360AntiArp / 360AntiArp][Running/System Start]! M( V# d# D/ Z$ k% X D7 g
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>. S: l/ J. `' c5 F! f
[43ec / 43ecu][Stopped/Boot Start]
! |, A# f) I) V/ ~8 }3 z- d
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
3 t3 V5 X- T* m) [3 W5 o
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
& I: Z* `) j* _& x6 ]0 e: n
<system32\drivers\ac97intc.sys><Intel Corporation>! @: a. `1 Z9 b- c2 _$ c& ] ^
[Promise driver accelerator / bb-run][Running/Boot Start]' }% x" I d2 q$ F
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>' N6 c* `, L$ W3 j
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
/ \' M& f2 U; W- M
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
- X4 B: `/ X" M
[KAVBase / KAVBase][Running/Auto Start]
" n2 ^; |2 V# I
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>% N7 i. Q. { I
[KAVBootC / KAVBootC][Running/Boot Start]
" D4 \7 Y5 a0 _
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>( J, ]8 y% M% Y% l" s
[KAVSafe / KAVSafe][Running/Auto Start]
( G. `, l/ e# T" p7 ~* h- Z
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>5 U& Y$ \& }; C: Z! N8 U- G
[KNetWch / KNetWch][Running/System Start]
1 C, f2 D8 K0 W# @! V9 o
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>0 D; P9 p+ L# v$ M
[KWatch3 / KWatch3][Running/Auto Start]
2 E1 y( G1 w2 q% K) Q! b/ N+ Q; ^6 M6 H
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
: T5 l6 ]6 [3 N
[ntptdb / ntptdb][Stopped/Auto Start]
7 H4 P+ p- ?+ {, ~% G+ S6 d1 [# j% J
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>+ I) c7 R4 j, T/ J8 F
[nv / nv][Running/Manual Start]; e: W) g& m) L" y# P
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
0 ]3 F: b$ ?0 ?& ^; s
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]3 n2 @! r: {0 D G0 H
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>, \6 a: ?) N0 C0 [5 Q# ]3 a' C! U' R
[DDK PACKET Protocol / Packet][Running/Manual Start]
, s# z* d+ j4 x0 s. x0 P" R! m6 B
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
1 ?: R; H4 M( I h2 d9 I
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
. g* x8 B9 a) t8 Q6 y0 g
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>+ i' M }; v$ o% ~4 K9 f) B
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]7 M1 X9 Q0 [/ [! x, b; S3 V9 i
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>! B5 C3 N$ y" f f
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start], m. E6 T4 f" q! [
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>/ [' v/ K& x! h- G
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
$ \ e( Y, t5 e* V+ F# t: \ z
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>, b8 P, C, d! Z7 _
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]2 f- i% B0 q- M! ~
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>; F" v, [2 c$ g; ?0 O5 U4 W
[Secdrv / Secdrv][Stopped/Manual Start]2 y: T& @, X1 s) j: `. E/ [
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>! |& F1 a) ~7 d, U$ z
[SATALink External Device Filter / SiRemFil][Running/Boot Start]( K1 O+ f: u4 a3 i
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>) k( r* k# V" x5 [8 X- L) r
[System Restore Filter Driver / sr][Stopped/Disabled]
' Q, l+ f/ P# R! b7 f8 o
<system32\DRIVERS\sr.sys><N/A>
6 T; r9 \8 e; u5 a" u
[TesSafe / TesSafe][Stopped/Manual Start]% T7 Y# M' E+ E! k+ z: f R
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
$ M, a+ o C0 n) K( Z
[System Services / unzxzsrs][Stopped/Boot Start]! R$ R: i2 U) m4 V2 j4 u
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>/ i' ~; R7 C1 r/ U
[ViBus / ViBus][Stopped/Boot Start]
9 @7 x. [, D% I8 y+ q: Y
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
6 s; o4 y& J2 @9 a& [
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]; y. L: i, I! f% Y
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>4 k/ t8 c0 I! [5 \! I! ?9 q
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]/ R( t: T) a4 R6 ?
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
; D/ ~/ W1 [% k% \* ~4 S
[ATI Extend / zhibmaso][Stopped/Boot Start]! i- s- [: ?2 l
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
- }; W9 y8 |4 T0 r- V' U
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
# G" e1 a" t( F
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>& P- ^; E6 j2 o7 ~% Y8 c; o- _* z
==================================
5 X$ c6 X4 J! V. q
浏览器加载项
% d/ R" i' W5 f- y! M- z
[Google Toolbar Helper]) A4 S7 Q; L' m1 o6 ?+ h" e; k
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
' z e1 q& G& L% [3 q+ _: ?
[Google Toolbar Notifier BHO]( D! ~* v+ V9 Z
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
: `* V" r! `, W; H: @" F% J2 N" L
[SafeMon Class]
+ d6 h4 {& v& t+ s. v& j; Y/ g) i
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
: W4 ?$ [1 [! a3 B. f' P
[kingsoft browser shield]0 J4 x6 ^0 q' k$ D& C R
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>, `. n; Z, m; D1 v/ S; v
[IEBuddyExtControl Class], V! z' T& M9 c6 o
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>" z6 p9 v+ S4 E7 m& a
[Zcom 杂志]
( z6 T) o) A6 A: o2 K
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>6 X4 g. ?. R0 ?
[&Google]
! b* _* b2 \) ]1 X# N2 y+ b
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>5 u+ g1 q, W! ?+ g$ F
[KooPlayer Control]. g" i0 L) \8 M' R) Y0 o
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
1 h1 w2 E4 T) T
[Shockwave Flash Object]) c8 H/ f6 a. }) q2 [# j
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>: n/ a! Z4 ]: ]* b: z
[KUpdateObj2 Class]
0 y+ I0 @' V6 z7 G, E" n3 l
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>" Q4 z& K/ i* e2 H5 B
[Google Script Object]
+ x# ~* Y. i! x' {
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
- n) n* g+ e2 }& Y9 F+ I
[EWA Control]0 U) o7 a# |( t$ z% |6 ^1 p* `
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
' e( \1 `6 t. O- b `- T
[Windows Media Player]
( w/ c) @+ h7 ~5 Z; t, `
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>( ~; i' b3 s; W' o
[&Google]
$ I( g" h6 {$ o" E
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>* H7 P7 g& D4 J' ]" v
[HTML Document]7 e" K4 b: j0 w3 ~
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
6 k O/ l" m; D: ^
[DHTML Edit Control Safe for Scripting for IE5]
! n: O) K8 e2 @* ^/ b. w) G
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>5 |0 D$ q3 j6 O; E1 U) h
[RealPlayer RAM Download Handler]
3 f' L; A8 C$ |5 G
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>, U1 z* ?7 |2 A, ]. ]: C& O
[IEBuddyExtControl Class]
) D) b9 h$ t' M5 L5 D
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
, E; }9 S0 T) X# a0 `6 M) ~
[XML Document]; s4 V- G, T# f+ L( {& r
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
( m) V/ Z$ a+ Q
[HHCtrl Object]
2 j1 d2 J$ m. {. t# g
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
/ i; G# T. N! m7 v9 {
[Windows Media Player]! H* ~2 `+ Z1 w ]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>, \0 V2 [, ~% e0 ~, f4 ^, h
[Active Desktop Mover]+ V- [' j( f7 A3 B& `2 ~/ |
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
% L( V0 l) N3 [: U
[360SafeLive]# ^8 C$ }- @) f) c* r8 l K
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>& g) `6 \+ ~- t/ r0 J* M4 Y3 @9 `+ b
[Microsoft Web 浏览器]
3 S6 P% `8 A O
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
5 G3 U+ w0 k9 \8 Q7 i
[Browser Enhanced Objects]* e; F+ Q4 A: ?9 v
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
# t4 P7 G$ I7 q4 `5 O. j
[Google Toolbar Helper]% y0 X+ M0 K# F0 E2 S9 g' z* _" n
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>$ M: p& }3 L+ H2 V5 U% }
[Microsoft Scriptlet Component]
# s/ q' q, C: z
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
, n! N g* B! H3 ~
[Google Toolbar Notifier BHO]8 }# D: V. _# k: V
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
# |1 [0 x9 w" J/ Z+ e! [
[SearchAssistantOC]
* S: }. {- M5 ~# d% J- g- g: @
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
( M4 h" J, { g; g
[SafeMon Class], H. k2 U m' X# W2 c
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>1 G( r1 l% @- C& ~2 e
[RDS.DataSpace]8 X+ @* C8 q" Z( N5 W, f, j! M. Q
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
9 L3 A/ w0 W) Q/ @# U" z
[KooPlayer Control]
; c. K$ S ]5 Q& U
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
6 P f6 L4 z# n2 O
[AUDIO__MID Moniker Class]) k* k+ G9 z: @' g/ j( f
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
* y) {4 n+ | }
[AUDIO__MP3 Moniker Class]
$ W( @7 A7 i" y9 r
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>) b: [% Y, x* t; W- U) @
[AUDIO__X_MS_WMA Moniker Class]# Q; u9 T2 A: {! y( e; u4 k: T
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>' P8 x, x% E, K. n
[VIDEO__X_MS_WMV Moniker Class]
& V( i) ~* ?3 F; z1 `4 h0 i
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>/ @; {( v+ m! D" k6 Z
[RealPlayer G2 Control]3 [& l! t2 x& r- ]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
1 g3 K: @* g3 {' M. X* C1 M
[Shockwave Flash Object]
: h; \) ~1 @3 F' |5 {
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
+ y" A, R' L1 o6 F1 V
[KUpdateObj2 Class]/ B* {+ \# x/ L. i: G8 v3 Y
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
! h; ?7 c" R" @2 g: R3 l8 X
[kingsoft browser shield]8 c3 {7 g0 K5 F8 F- _2 ]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>2 u; e' h1 o9 A5 O
[PasswordEditCtrl Class]
. M# A+ M* Z! F/ M, w% g
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
% ]+ o8 F! e" [5 K& Y, e+ B# A* h
[QvodCtrl Class]
# i z* R7 [3 H% c" y" D
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
9 v: V+ A7 L+ U6 R
[&使用超级旋风下载]
7 b* r7 g+ c% k. z7 X
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>6 u6 W1 p3 d: @2 w7 c
[&使用超级旋风下载全部链接]
4 u- A; j ]) N
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
8 Q1 ]" k% [# j w$ @5 Y4 m
[使用迅雷下载]
% Z: c3 H w& ^6 G# \7 `9 z
<, N/A>5 t' Z) ?- L5 T" j+ u( O1 P( I5 {* g
[使用迅雷下载全部链接]$ T2 `! ~7 C& g+ v C) s/ X
<, N/A>$ q3 Q: f# Z9 A k* z' U" r! W
[导出到 Microsoft Office Excel(&X)]
# I( N0 x& B7 N! F' H
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
6 j' s! o2 z" u! ?* e
[添加到QQ表情]
; D, @: l- m1 c
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> m$ h# _+ _8 Q Y# q
==================================
. {8 ^; u) z! Q8 ~
正在运行的进程& _4 O1 }% ]$ w9 i5 Z
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' C; `1 b. Y7 c Y$ S: `
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]; A2 r7 ~: c) V6 l
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
7 S+ g% |0 Q5 C+ s: a
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
& V& t0 V Q' I, I! w1 l! T' l7 m
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 z: x+ m" @' v8 x
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! I; p% g* r5 T- [3 [/ \/ b
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 z, w) C" g( v, z( Y6 F3 F
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ W: m# F6 K+ K
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' [ r4 c* w9 x V6 l# K
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
3 N! ^* O) J3 y' N8 ?
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- k+ [9 J4 I5 N0 y% W
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
9 r- g( @ P2 D7 R& p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]) c+ A3 V1 \6 n4 A9 |# E8 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
& R& X3 R1 R6 H- O
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]) v5 U, E" Q/ x) p; S
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 K( n: S" T9 p% } R1 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]: Z4 `" f3 R2 t W P. G: _
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]0 h3 v M4 \+ a) B
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]9 m, i2 k+ x" d0 V+ t# M% q
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
$ H. \% K; N' A+ j% D8 s: ^! Q
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9], g, Y) ^$ K @' G% t# A4 G5 G
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 g! ?. I3 x1 H) X( A$ {( f4 n, s
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
z% B; o' Q+ F" l0 [+ o
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]7 E' |9 E0 i- h
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]" q$ C( O: ~ Z: W. j
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
3 ?% `+ F! Q+ V$ W
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
5 S* T- C9 M, E' _/ p! W
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
. K0 v5 V' N% F6 o+ Y; ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5], U% N0 g: n! F! y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
+ I! G1 v4 ]6 O
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" Q/ l ]7 \ G. G/ k: T2 q+ m/ _
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
# q/ z! s6 j* q# I3 C1 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
9 J T" l0 H* ~' z y' _ `. B
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) H. L" D& d! U. O+ T3 ^# W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]+ p: N! { d7 i% m6 I
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
6 {) c$ _: n4 n% K5 R1 i
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]" p. b% ~) @4 N+ ~% {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ S5 {6 d9 W" }& `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]4 b; Y! E0 n# g1 F' l9 M3 ~
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
% U3 d! e7 m5 m) W; Y- ~8 G
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]( g- P9 ^* b1 j4 W! {! N
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 w/ s$ U! m/ a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; T5 V# Y' d- v$ a! }
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* z) z$ I# E; F2 J" c: s( m
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
4 {9 @& C5 Q8 Z, q i
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& C" n0 B3 w" U
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! E6 z7 L$ j( Z( V6 Z' {$ x
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]5 H' M. J1 Q6 b! ~9 z* w$ n
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] r3 _& \* l/ t( h- [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
7 }& q* s E3 y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]% W! z9 K9 v& P% L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]% M, |" s6 H# M# V- R% @
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]4 ?- x1 ~" `7 S, }: ^ n# P v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
3 z: t: J( ~/ b% a% D% j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]
* u8 o6 ]0 ~# P7 d% Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
9 s! g% l7 |3 A) L3 {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]) }3 H. V4 G9 O5 ]5 y/ a! R
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]
: a0 i- A. h& c5 `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]* D3 P9 E* z( A& h( \
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]' G: F- Y: b) {; m2 K4 F" v$ ~
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]; T9 J" W" R/ K2 g7 a& h
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
- E! Q& C. B: `
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]! u3 m+ U" e. _
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
% x( v& [% G) Z( u7 N b& P
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]( K3 }6 V. K, V; f+ G4 k
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
( m9 J3 ~4 G) l3 ?7 c
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]0 g$ H N/ \* y4 T$ [. j ]
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
, s; a) V/ ~) h. }3 ` z5 }( X
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]4 P8 c- c" }1 x/ d4 `' q( [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]6 Y! @% s4 ~) n' v7 l ]
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
( D) w# {$ @. \
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% C7 P: ?$ x9 h7 F0 O# T4 l
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]" ]9 R* y4 J2 z: U
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 e E% T7 c+ K
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
6 D E/ ^' Q0 f3 X8 P7 F- K, \
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]3 ~) l) X7 z$ o/ C
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]+ n. B+ ^* j% B& _$ K0 j3 M
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% h' S9 d* ~/ g) b5 L6 n+ t+ W7 w! q1 x
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
3 D, a4 p% p/ O- W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
1 g/ Q& c% B5 |( J( Y' F
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
l5 i+ m( w: H- `
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]& A& V4 [7 r/ h& [% J' o& G- Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
$ x( X5 o! S5 Y& ]& j. q" D
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& b9 J+ q, t$ V* ?7 ~) c* j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( \5 f. i& ~8 V Q+ h; G: R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
e+ U" i) ?. C: p0 v* V
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]5 |# z& e# A# T3 J" E# [, p
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
8 F: b V8 n0 Y4 ^7 X& @
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
6 c2 X8 J! O+ a+ j: g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], r' n" [) }0 p' V) N5 y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
2 Z3 T0 e7 q0 g9 }9 { Z* M& N
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]5 \' C3 X& `% M9 d' h' x( N
==================================
' A( `. a+ Y+ w, w5 `7 m
文件关联1 g, T- ^; T; F+ n! Z/ v8 I
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
9 p4 M- p2 d3 |0 l( ]
.EXE OK. ["%1" %*]
) D# L( |! {% M* a9 e8 S- b
.COM OK. ["%1" %*], Y+ B% B% v3 O ?
.PIF OK. ["%1" %*]
. y+ N0 b1 U, {, z/ D" Z& ~
.REG OK. [regedit.exe "%1"] A9 s8 T5 U t; A$ l4 M
.BAT OK. ["%1" %*]) A" N9 S4 k6 Q
.SCR OK. ["%1" /S]
- ?- P! c. v% A9 w! p( z, ]; n9 M
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
( P1 d# m; m) i& B- z
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
+ B$ [& c6 w/ M3 o4 i
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
( A; M5 K+ p7 u, w7 g7 ^! b
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]: ]+ r o9 l6 c4 j q6 U
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
8 c0 n8 Z/ _; _
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]0 S" L2 U( m5 `" _8 Y d- @7 R
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
% Z6 q1 f1 L: _, v0 P% T4 v+ J: f
==================================
2 `( h: }3 _; @4 Y0 \; D/ P' r
Winsock 提供者 ` t) w8 t+ i* F" r5 P
N/A. f; s7 |* ]8 C. C2 g9 x! K
==================================
: F) _! u+ f r9 Q
Autorun.inf
, u' L9 I, @7 l2 @ m
N/A7 Z$ |$ I( v& {$ M1 j& h+ ]
==================================
9 }9 f. a5 V. a2 [6 N
HOSTS 文件- b0 G% ^ v5 Y. l- N, Z. e
N/A
# H: p6 i6 R* I0 E; k$ W
==================================
5 t4 d$ H$ L! x7 x u
进程特权扫描# l1 y4 Z6 V5 G5 n' w% e* J! x
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
7 M" V2 a' z- k! d) M
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
1 E( X( {& z- }0 o! a- q3 E
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
+ g6 E4 N, T3 r& N; I
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]* c1 z( |. q: N
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
6 r2 g8 d0 u0 `
==================================% U$ V1 n4 o7 G
API HOOK
$ {5 ]7 ^" C2 ~, z: u7 o0 w2 `* f3 q
N/A
4 p3 A9 V/ t7 h; E. X- t
==================================
6 l& f S3 f9 Y4 w; R' q6 P
隐藏进程7 F9 V5 ^5 [0 L, k) B
N/A
; W/ [7 M* }7 D+ Q* C
==================================
: } J& y, `) B. p
0 }- m- Z! S$ U& O9 R3 x; E) U

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115