在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

' m4 u; k/ Y9 L' c( `6 I0 l
2008-05-22,20:37:43( |+ v4 ?" ^. z4 _8 x* q
System Repair Engineer 2.5.16.900: h, r% p; x4 W+ ?. x
Smallfrogs (http://www.KZTechs.com)
; |& |; D- R! Q- `: T* I0 E- k
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能2 \5 d# X' x' V! [
以下内容被选中：- {* W3 }1 n# ?6 {8 m3 f
所有的启动项目（包括注册表、启动文件夹、服务等）1 i! f) x" F0 ]8 ^4 A0 E0 L9 d
浏览器加载项
6 q) F. r9 A% d+ p& S$ `
正在运行的进程（包括进程模块信息）6 z! |0 ^) v+ A6 C
文件关联
! U, F+ i3 e! q" ?9 W1 m
Winsock 提供者( A% U# e! m( V' Q2 O; [, u
Autorun.inf
3 P3 ^/ S; O* U( R- D
HOSTS 文件
$ [% ?# u: R6 Z* v
进程特权扫描
7 i- X' F1 `8 r
& Q1 ]: h9 \$ r" L+ p
启动项目. a+ | C, k/ Q1 l4 H
注册表
, X3 Y0 P. q' p2 m7 h* C% h# i/ G% m
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
5 e0 P4 }2 c6 c3 T/ h
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]) a3 y, p0 y! n8 Y
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
4 b- u1 ~$ j3 `
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]" b. q2 @8 d5 O! Q' O3 C
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]$ g% N7 u& `5 H# s# z5 @
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] [2 o' {5 I) u
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
0 I8 I& W+ o4 r2 Y1 b; O4 F, K5 _4 j
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
" L9 s: S* |" o7 m9 ]# a
<PHIME2002A><; > [N/A]
( F, ? e3 A4 G0 l5 E+ X; C
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]2 d5 N' A8 E5 [& U/ {2 a) g2 n
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- w" X- Y; X0 s& B
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]* j" c2 P& _% {2 R
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]$ X# R3 Q* c. [& r5 }; f3 t
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]3 Y' }/ ^6 C+ b1 [* D+ t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
* }( @! K+ y; D' {0 W4 t- ~; a
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]: k! a) h: `9 ^/ P0 }3 z `" |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}], _$ ^% n8 T& \! X- [
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]1 T) J# \' D% {
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
! ~: _% _ L1 O/ B; G% O
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]2 M9 J# c' s) q4 C$ I1 D% [
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
% H) W/ g2 N- E& i Z+ P$ ]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
9 h" U. X0 Z5 k0 d; ~) s9 `
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
9 e+ k; P8 ]9 C: g1 ~6 N
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]0 w0 z+ R8 X1 c8 q7 ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
/ n' S$ r) z- I! Y, I) b2 o
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]# Y/ W7 g+ l7 q3 i$ u. q
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]' q/ b# A! F# K5 V/ S l
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
4 G) Q( [3 Z/ K9 J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]& ?" w# r2 D* W
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
0 {! w$ ~) i8 f- M
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]2 i8 k0 X9 U; w8 z4 L
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]1 u. {3 ~$ w) [6 G1 ^
==================================
4 V5 `4 W5 x+ ^4 ?% y
启动文件夹
& w( d5 P N3 B3 j/ D) B
N/A( V7 U' r+ `6 h$ ^
==================================
2 {! d# H1 {. `) h
服务
0 d. F5 j* Y, V% ~0 p
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
- k2 K: B% `% A ^4 d
<C:\WINDOWS\System32\3wareSrv.exe><N/A>' ~$ q. N4 `6 \7 p& @' _ t- u, o$ R
[Google Updater Service / gusvc][Stopped/Manual Start]
' \( `3 J, G3 y: t2 P
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>9 F& B. F3 N, T
[Help and Support / helpsvc][Stopped/Disabled]
1 E3 B% |. S, I; c; L* n, J
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>0 K2 `/ [' j* |
[Human Interface Device Access / HidServ][Stopped/Boot Start]- ~/ `8 v- ~) P6 V' H% W* x
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>+ g; |9 x: g* _7 r
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
$ W: {+ o( g) f6 B# f: Q
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>- F1 ]" A7 E+ X9 @/ Q0 Y
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]" X: P8 G: o' g& P* @) K
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
$ @) X/ _' l* U3 s0 ]6 }
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]+ P8 h# P1 k; |; `$ s. x7 Q
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
9 z: E/ N) y& R) n. }
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start] m4 U- C2 S2 [4 N: u: \
<><N/A> C# H) Q" x/ ~: J
[Qvod Terminal / Qvod Terminal][Running/Auto Start]0 S8 M) F; `. e8 Z+ h+ ?: h
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>7 p. v! R# }1 v, {
==================================
- H. Y+ t+ _) L
驱动程序' ^2 e1 o% e$ ]& h
[22j / 22jn][Stopped/Boot Start]
# ]& S2 X5 R0 M# T- D2 l1 S
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
( t% k6 D$ e. D9 H& `
[360AntiArp / 360AntiArp][Running/System Start]
' _8 J+ p$ [9 ^3 x" P" P! r) G
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>. l$ E& r! B5 ^8 V; Z5 G
[43ec / 43ecu][Stopped/Boot Start]! e. l; G7 M0 U4 |! t! a- B( N, P) F
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>5 P: R* h* i0 |$ c/ e& L
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
1 O, h! {. ]/ q0 \& K9 k1 d1 `
<system32\drivers\ac97intc.sys><Intel Corporation>
* O% \1 T* E* W: i
[Promise driver accelerator / bb-run][Running/Boot Start]/ {6 Q* d! }. i1 O
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
d N% n+ [- ]; P
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
/ S2 ~- K( F0 Y9 G4 f* I7 ]9 {
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
- Y/ N* _; y, j8 [& N2 Y2 |* w: w& Z( H
[KAVBase / KAVBase][Running/Auto Start]5 e1 h7 O4 l4 ]" | a, t
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
2 P" c& b: D! ]3 _1 D; i+ J
[KAVBootC / KAVBootC][Running/Boot Start]
; ?0 H! P0 ?/ K7 F0 O! S
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
3 M M {0 K* R; | P
[KAVSafe / KAVSafe][Running/Auto Start]2 U( B& ^! P$ X+ w
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
7 I+ q, Z) N/ k
[KNetWch / KNetWch][Running/System Start]
8 ?. X8 l1 T" \9 o
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>% \2 j* [6 z- K6 C
[KWatch3 / KWatch3][Running/Auto Start]
3 m( c6 n c9 G
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
! o$ H! q+ ]) R- \1 L' O9 N
[ntptdb / ntptdb][Stopped/Auto Start]9 |1 i$ a( d( N$ S9 g
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>* ~3 W7 R# n9 t! q
[nv / nv][Running/Manual Start]
5 w' M) I" n$ l+ @/ Q
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>: M$ A n: S. h, d" y7 w, g; G# i
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
0 ?6 \" o- T0 }, ]7 _" X, J
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>0 v4 [9 S1 D. f3 `, `
[DDK PACKET Protocol / Packet][Running/Manual Start]
% t" G, w- C% X5 m
<system32\DRIVERS\ProtoDrv.sys><360安全中心>; N- Q2 J+ u0 T) k1 {! [
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
: f+ [/ j/ E. H" R2 v0 a3 _
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>5 p3 y) y C2 f) L9 l% {9 s5 |- n3 `
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
) K2 y! d+ W' I* y9 N; q' O1 r
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
/ ]! W/ Q' f+ T5 e0 |! V# N% o" j
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
8 K2 @0 T$ y% J6 V9 ?
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>+ }/ C* w& ]& y3 A
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
* G9 O. Q/ d7 G* w7 T* H5 N
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>- z1 R. d; G* ^- P L
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
. U8 r1 R2 n/ ~: l L3 m
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>; d. C3 @9 ]8 I! k6 J+ @: W9 C
[Secdrv / Secdrv][Stopped/Manual Start]
( O: Q+ Y6 O# W
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
. W! f3 l5 f- M- u" G
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
k1 j. n- {2 {
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>8 f: |1 e$ l! ?. s5 p Y
[System Restore Filter Driver / sr][Stopped/Disabled]
$ x( F/ Y! c0 ~" ~3 Y& e
<system32\DRIVERS\sr.sys><N/A>
( W( |1 ^" P) L6 g; C: L1 D8 K
[TesSafe / TesSafe][Stopped/Manual Start]
$ M. W% y& B) C4 c' B7 S6 [$ @
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
7 M% C# I. O. _" w
[System Services / unzxzsrs][Stopped/Boot Start]
# F# t- L3 ~$ ~- v3 v8 ^
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>, Z' H4 a6 ?# d# ^$ H. r
[ViBus / ViBus][Stopped/Boot Start]
) v$ x2 L' f: W1 }( ~+ B
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>% D$ [9 v$ f& U0 m. r( V
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
, [5 C) C8 E9 C$ Q. y
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>% x4 c! W7 q5 x
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
" `+ ^# t2 R! `9 {8 N4 n
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>8 v! `8 W) x) }7 Y7 M' Y) w/ q
[ATI Extend / zhibmaso][Stopped/Boot Start]+ k, D/ c; F, c; z
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
+ m; u8 Z7 _$ x3 }
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]+ V$ g( v: l0 u8 S% Y; z% J7 o
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>& Z4 z# p/ ~1 ]2 |
==================================
/ Z4 v! L4 h* e/ i9 s4 J
浏览器加载项
0 Q. W0 j( e6 e
[Google Toolbar Helper]) u7 r$ `& z6 L- ^
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
9 ?4 E$ u4 ^/ w6 {6 {
[Google Toolbar Notifier BHO]
. i' L2 r4 S/ _, M, ^. ^
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>) C; n5 U8 P: x& L
[SafeMon Class]. D/ m% q- J; r T P( A( n
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
! @: j" h8 M# q" k q% j
[kingsoft browser shield]
6 b# t$ D& r5 P7 l$ T5 i. R) w4 ^! ?
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>4 o& V2 s+ N" T1 a( `
[IEBuddyExtControl Class]
9 a& r( x9 J$ ?: E3 O9 Q
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
% Z3 F7 W8 g& Z( N, C( C
[Zcom 杂志]) a; I* _( ^5 d A: U b7 C
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>
; u X% ^6 X) M9 Z
[&Google]" T0 F& c8 }- B- Z1 s, d1 X" s$ i
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>6 f0 N. w# \: [/ y6 D
[KooPlayer Control]' n; O- U. b: s
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
+ i: F5 `8 j# ^' s. f& R# y
[Shockwave Flash Object]) r4 h5 M6 \ i9 ?) U- ^
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.># d0 m; d v& |0 w
[KUpdateObj2 Class]2 s. ]1 B& C. x; g$ A3 P( c
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>6 n* d8 B* I, F9 j& i0 n; L
[Google Script Object]2 R9 @& E& K' `+ g2 X4 P5 D. Q
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>! Q' N$ h7 G m1 E w: r6 L
[EWA Control]
/ H5 b% I/ R' S, T- _
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
7 [* I4 s+ z" K1 L; t& X
[Windows Media Player]3 S. {/ I: U. F' W- r! D9 t
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>0 d5 ~5 [1 a1 a3 _/ e7 V# C2 S# z, l4 i
[&Google]
" c% }3 P. e/ X* q( \7 `
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
$ M; Y" }6 s( u3 y [7 ]* l
[HTML Document]
: }7 M3 _' t! A$ K7 [; B
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
" h8 [9 Y* q3 v2 B
[DHTML Edit Control Safe for Scripting for IE5]0 E4 W! D b# a& F9 N3 H: l
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
/ d5 S, j4 l! e! C& @. ]( Z
[RealPlayer RAM Download Handler]' i: `- K( h4 y; r% X
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>( u% v% V, @1 Y, s1 h3 N
[IEBuddyExtControl Class]2 u$ V1 K3 ?0 B; p' k
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>- i& [: k7 D8 a2 N( N- q
[XML Document]# |9 }' v% ^( A" a" x$ i' `' a
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>; g T- V+ D9 g4 {4 W0 J# T8 s
[HHCtrl Object]! {& {4 v! R5 I
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
6 Q1 g" r. W' |. T4 g8 j
[Windows Media Player], j( o i. H5 w. T
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>; f- s. }+ a3 d. I8 W7 {. O
[Active Desktop Mover]4 C* l4 {& T2 `$ C
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>' R( u: v9 M+ Y
[360SafeLive]
/ u9 h7 r) |! K0 l, f
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
( r* m$ t; T$ I, d2 J
[Microsoft Web 浏览器]
- J0 F7 m3 o- _, A) U: ^
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>8 ^2 X5 C7 w' p# I4 U
[Browser Enhanced Objects]
4 P5 w9 O& N) T* X) t
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
; @2 B+ K- d! f/ K
[Google Toolbar Helper]
9 U. ]- _* T" j) [' O: ^
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
; w5 ]3 u2 q. s! @; a% a* \
[Microsoft Scriptlet Component]
5 p+ S, |. {, ]) w" v& V1 T- x
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
c# b+ c$ u$ }- g' K
[Google Toolbar Notifier BHO]% U" K, w9 F# m+ n- m4 ^: a
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
- t8 e& N4 }; f/ B
[SearchAssistantOC]
' i( D. O- m8 e V1 K
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>, G( b; i, s# ~" D' |+ t8 o8 l6 X
[SafeMon Class]
$ M# Z# Q, F( X
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>0 A0 C2 N6 W; e6 _& l2 q. O; u
[RDS.DataSpace]/ `: \' V( @# r. y0 H2 h) v
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
: f+ z2 e2 `' ^! `; x
[KooPlayer Control]
5 V( _" f% A G7 M
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>% E5 ?0 B) c+ O) `( _0 [
[AUDIO__MID Moniker Class]
+ [, T' @* J: n" s
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 v4 ^& F" l; t: ?2 f" G4 T
[AUDIO__MP3 Moniker Class]
6 t; v; a6 b+ C
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
% D8 [% ?/ E! x
[AUDIO__X_MS_WMA Moniker Class]+ n$ W- J# {; h& \
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>3 b2 K4 z' X% h4 t
[VIDEO__X_MS_WMV Moniker Class]
4 E6 A8 M' g5 t6 P4 q; G
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>1 e* G9 Y0 ~ M3 p1 g
[RealPlayer G2 Control]
" C7 e5 ~. X# I3 G. G: V
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>8 |5 A3 ~4 i5 P, L% b' n/ i: y
[Shockwave Flash Object]
) Z. i9 g% H, v- N g
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>; R5 W9 ~" e; u3 @0 n$ a
[KUpdateObj2 Class]
6 J- C9 [7 O$ y O
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>! j# L4 ]3 h5 Y
[kingsoft browser shield]! Q; m, T$ l B) z8 g
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>4 K$ E+ f5 |8 E
[PasswordEditCtrl Class]
8 t: T7 r3 L4 V7 \6 Y
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>% k$ Q" ~0 a. u$ c
[QvodCtrl Class]
0 [% u' W; C: u+ i3 V
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>' R# c+ _) D! L I; Y
[&使用超级旋风下载]8 i7 ]+ V/ K! f$ c1 _! Z' R
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
% l1 T9 V$ `6 U/ E
[&使用超级旋风下载全部链接]
3 Z3 @! P' F, l, S9 ?% f
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>/ {6 T* p8 p2 w7 x+ s
[使用迅雷下载]
9 B0 z$ X2 U; o4 c- S+ w
<, N/A>
7 C; ]; I1 J% F' N7 @
[使用迅雷下载全部链接]! Y T( t! g6 q6 L
<, N/A>, W. N! y- X8 T) k1 ~6 j6 y3 \4 K
[导出到 Microsoft Office Excel(&X)]8 i. a6 X) Y; e/ F" Q
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>, D2 V3 g8 U4 {8 L. N
[添加到QQ表情]1 D" j+ N: |4 c# [9 D
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>5 I( g3 }4 N" B
==================================
* U4 o/ D; l+ y
正在运行的进程
/ g; A$ r! F) L( g9 U% O" l
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ x. u, Y' T/ k( V3 ?7 d6 o
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
/ k* `! ^5 p3 W8 u
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]& }- r: n7 X$ ^ I# W1 f- I
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
6 p1 `6 v( C1 f5 \3 l! \, f
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
$ l+ W/ _9 a7 _0 ~& j4 |
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] e7 D. Z( D7 x' [7 S
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ V: y. u& v3 K# C% h9 a1 x! ^
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]1 ]- Q- ?" J! t% z1 Z0 `& r0 o
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& G; F _3 W" C( \1 a, Q
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 q# U4 L' H; }# \
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
5 F- V: `. b5 u) R
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
( w( z$ R C0 ?* Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 c5 `; r$ N! P) o
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]7 K7 U( \4 v* C' o/ K9 y
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
$ e% Z3 @8 y, G, H- y" v2 t6 g
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: P" B: T+ ^- [! D/ [5 f6 w7 j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]- i9 f3 N& H4 Y7 a, B6 N
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]# L4 q. m" a) d5 [6 \/ x
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]" ^7 v1 M2 ` J4 s; A S, N
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
. ?7 @: G4 H2 t) I% Z+ ~+ X
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
* ~" a! G( j/ I5 v( ?* f$ U
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
: z$ F5 [1 E8 V
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
4 @, S4 v4 C3 `3 n/ u2 i
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]3 C* U7 F2 T7 y" y; J
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]+ Q# L3 ]5 s4 g
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]# W' F- t+ j! v, V$ @$ G6 J. h
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]
& H3 F4 Q3 m# g
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]( V; R4 g" M4 N2 ^3 p6 S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]$ `. a1 |9 d/ J
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
' ?; l G% M+ S) s6 b
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' j9 c& M" F0 r. u7 s5 v5 J
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]2 H7 l6 s6 b6 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5], q; v2 R( D5 m# i2 J0 T3 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
- `/ d# k+ D& i9 E9 @& k8 Z* h! H
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' N# c% V# q) Z# T1 _& K" {
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
2 {' W1 d5 f% j7 v4 v3 b
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
) j: O, F) I t& z D% A
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: E3 \+ }* y6 r3 ~, ^7 t5 x0 S1 w0 k
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
4 x& e* e2 K' [/ X/ V
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
* P- |1 k( Y, J4 r0 w7 k
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
% U/ q& K" Z f/ U) K( [
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
; D4 t# S4 |. m5 J. B6 z6 P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
3 W$ e! u, M/ Y5 t8 r6 N
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- m; V' E2 s5 e0 Q: H/ t3 X
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]' Q$ j- L$ s+ k9 r1 d* g: W% R
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
* {% i8 Q7 m5 V& t; V0 ~
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]% k2 R; P" V( [5 V' c: Y
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
4 J& R2 o; e5 }3 e0 u
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)], B) ~$ F$ g* G: h t. \; n
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* r0 f# ?$ J; a
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& w/ i" O, z' |
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
/ R) a3 J9 y& _ f6 ^ x- B
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
. w8 m" ~5 @( e' l1 Q3 q/ {7 I( e' d
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
# u1 B7 J5 t; ~2 \. P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]1 l L' s$ B7 }# c) L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
5 o5 f7 N R. s: D" W5 H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]. Z. E$ g: |2 L, W' ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2], o" a& Y: O+ S8 E, [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]6 M9 W* ~. X: L0 H( n9 v
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
, v/ n- I& X' g2 o. d8 v
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
3 z! v( w9 y5 S) m2 R4 \7 {
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
! J' @) W. V2 h: C& C9 ?% \5 n+ ]
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
' n$ N+ l/ J% I! r o7 @* I
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
! c1 v: }4 A9 p5 T0 s
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]5 I/ E. f, X+ u" z; c. ]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
8 z K. j% |3 V# U& x. \$ q
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
* q7 s; T9 R$ v+ A8 P5 P: O
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]
! n8 i9 V8 l& x9 A$ G8 @; H3 U
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]" D* B! f! D7 R. R+ c, x3 G! v" h8 z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]* f& P9 e8 k: E9 B
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
( Z) f& O3 T% k8 Q) W
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 |% M5 u4 R2 E* g& j4 ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( D& @+ W& `" m" ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]) g' H7 H d7 r) ]* l W
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]" @3 a- @+ T9 m# A& h# q. W
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]9 O0 v) i7 B. m( m) ]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' S" K% p0 t! Y- E
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]9 j1 y7 y' s! P* \2 a ?5 k# j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" k9 ^% u2 D, {: Z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& z5 b5 o9 |9 |2 |9 a; i
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]! k a7 h& a( m/ |
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]; T; ]4 u: s2 g' V3 S2 L f
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]" f) X) e8 \3 U/ ?) S
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]/ U- z- O+ q0 z( M! t7 p8 P
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
. \! G1 w% [, ?; C: c
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]- X- ~$ N4 h& U9 w. O$ ?$ O
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
! V# ~8 G+ F" K3 ?
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
6 \3 A, E$ P8 l5 ?1 m
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]# u, W7 I7 x) Z: \( i7 o3 \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]6 ]9 Y4 \+ k+ E
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0], L+ ~& g3 N7 m$ m8 n7 \0 _
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]) w6 n$ Z% N5 B9 u7 O6 y
==================================1 [6 J$ O2 Q5 @8 a: y! f5 X
文件关联" X( l0 [/ g0 T O
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
2 D+ p* B8 H7 J% N
.EXE OK. ["%1" %*]
/ C% z" n3 a4 z; g1 m* T% L
.COM OK. ["%1" %*], V, @2 l2 P) A) R4 b
.PIF OK. ["%1" %*]$ y. Q! z5 }# m+ b' W- J
.REG OK. [regedit.exe "%1"]
% V, U$ ~0 `% Z( p+ O! U
.BAT OK. ["%1" %*]+ o- t1 m5 y- d
.SCR OK. ["%1" /S]
A" O( A% |1 l' t: C% \
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
0 Q) S; [% p. E' M9 B P4 R
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
& Q& k7 V+ n3 M) V8 v Y& E# q
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]3 d! i; n* h2 w4 F! k
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]( E/ J% S6 j' P* ^7 Y- \
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]- [& e8 `# i- L! g' v' l# T
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]6 o, n2 f% @0 N% ]2 ~3 {
.LNK OK. [{00021401-0000-0000-C000-000000000046}]- a& C% Y: G, V, }6 M: `
==================================+ p1 p& I7 E; S# \/ `+ t, e' {
Winsock 提供者: n) K0 j8 s" u1 u" x. W
N/A; d C c1 R6 I) C# j0 \8 _" x) @
==================================
0 c5 h9 O, I$ C% |4 q
Autorun.inf
/ o7 m/ ?7 q5 g% p2 x
N/A
8 B! Z9 _7 r; Z. f. a3 p& X( j
==================================
1 h8 r& f. g9 N9 W
HOSTS 文件
! D7 y$ f3 D9 T% s$ j% p: V
N/A
5 T+ t& P, L7 y L3 H5 y0 q& o4 x
==================================4 D# @6 k6 p, t* L/ E/ |
进程特权扫描
4 g* Z' Z; t: M Z8 t8 G
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]. E% v7 x. {8 m) D- t6 A
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
$ h, r8 @1 _( y! D" D+ a: W6 L* `5 K2 P
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]
, c! P# F; [3 X* z8 a3 d
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
# b' \" d: q$ `1 I! v: Z% o
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]; D" s. [7 d& Y
==================================
e, y) B* a& C8 w/ l; M
API HOOK
' b [* y7 l- n$ s- _& P
N/A/ \3 M3 \5 h( h
==================================
4 G$ d1 ]# q; U' t5 O
隐藏进程
/ \7 t3 k5 d7 M- R) i! ]2 }; e
N/A
" p6 G# s9 o6 Q
==================================) E3 ^* D& O8 G6 |! ^
^3 V. Y: ?, l) X0 x+ R+ t

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版 今日: 0 主题: 115

在这里

技术部收藏本版今日: 0 主题: 115