在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

- S, i6 d9 ^9 V8 Y! o. I0 u
2008-05-22,20:37:43
7 C2 K4 P8 G! u( U/ {
System Repair Engineer 2.5.16.9008 c& q8 `* F# x/ `( Y4 E
Smallfrogs (http://www.KZTechs.com)
7 R. b0 X4 X0 A9 y0 U" Q
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能0 `$ P6 e& B x4 _2 ~! G2 F8 C% x
以下内容被选中：
& R# w; l4 O; E8 R% q4 B E, w
所有的启动项目（包括注册表、启动文件夹、服务等）4 w5 Y( T3 b* c$ A" m
浏览器加载项
3 P8 s) p2 ^& ?3 T$ |
正在运行的进程（包括进程模块信息）. U/ g5 j2 r! G8 G- x( x% J
文件关联) |! Z7 b; l3 }: M' S7 s! h
Winsock 提供者
; k2 i" x3 M" Z5 s
Autorun.inf' v. p, \' G/ \3 b( Z4 Y
HOSTS 文件
! z7 p# K; I4 c7 o. s; D
进程特权扫描
( |) T+ O9 D3 J& ~5 U) S
/ c9 ~4 `: v4 P) l& r
启动项目
2 ~ u' O8 o' P
注册表- ^; c3 I) o: p1 B0 o. N2 _
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run], [! X8 o o8 Y% Q& o9 V4 C
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher], M% J( W* C2 ^% a9 o
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
% ~6 T$ j$ M( ~' D/ y( N5 N0 d
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]5 u1 i, W, h- ]! y
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]1 j4 F4 i4 X3 i7 i8 t u9 O
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]0 [) {0 g2 s* Q) \! f+ k
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION], \# g( A& p* [5 `4 A2 Z
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]! ^: h4 b. `9 P# y4 a. _
<PHIME2002A><; > [N/A]3 @3 f0 X5 |! I5 B# D6 j* @! [
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A], Q5 B" \/ v$ M; n% _, t" k
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]6 L& C# H* G4 w! e* X* N& Y* h- P
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]' @1 L' g+ h% Q9 T0 \; B, H8 w
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
+ w8 e$ n( w3 y, u) G8 w' P
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]; [8 _1 {0 N, [+ P( @. E0 F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]& ^- S8 `8 v. t+ K+ E6 L
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]7 [0 K, j1 b4 o5 j q; c; ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
. i9 x( Y T a+ E6 P3 O4 C# W2 Z
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] V0 K0 Q7 D; ?1 P+ s" D
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]* V$ @6 A9 r) U; b' E0 a
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
5 p: S' _3 H+ @
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]3 |4 ^: Y4 H1 k% [8 h; i
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
7 E- T- L; q# k+ q ^
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]. ]; T! {% p, M2 D2 L& {
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
( i5 Z0 V' ?9 P# g0 N$ w
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- G# O0 P' E8 {
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]# ?7 M# M0 u1 k. Z; F E$ ]* h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
8 Y& d; }: ~* M# n
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
" K# R" Y A+ ?" A6 g" f. }& ^4 p2 i
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]- b5 H6 w- c8 e9 o1 N3 L! E
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
! J3 D- G1 [& r5 L
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]4 m0 Y& Q* q6 @
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]9 }) V* r+ y$ z3 b0 V0 Q
==================================
: U, y3 S; b }7 \( x! ]# E% J, ~
启动文件夹# T6 |: v( V2 H8 V! _8 G0 E
N/A
$ [; y. K0 k& B, `4 r
==================================$ l! k0 C( H/ n& c4 G
服务
' M! O! N; E% h4 N9 l% o2 A
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
) K! D+ s* a O
<C:\WINDOWS\System32\3wareSrv.exe><N/A>4 @# _4 M E( F
[Google Updater Service / gusvc][Stopped/Manual Start]& Q4 H1 `* N+ b7 {
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
8 a- Z3 @# ]8 I# R
[Help and Support / helpsvc][Stopped/Disabled]
0 q L8 B6 ]8 `3 Y: o+ O
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>7 A+ k$ B9 V; `( j/ q
[Human Interface Device Access / HidServ][Stopped/Boot Start]3 A1 u" M1 g8 H: ]; d
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>* ?# f. y' g0 }9 p9 x# L# r
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]; v" Z0 g) d3 o; E" m
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
3 P- {8 T9 @8 N, ?* ?5 h
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] D( ~' b0 i) z. W0 j+ l
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
6 |# G+ s5 R6 a; z4 d
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
9 o0 P3 d% p `# y* `
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
3 \, q/ @% V0 X- K) f
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]: D: |, d# |! y% X+ F$ N6 [7 _ X
<><N/A>
' W$ ]6 j& R( E8 I. V# e$ W" m% i
[Qvod Terminal / Qvod Terminal][Running/Auto Start]8 g3 Y% V& ^ I w. ]( W
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>+ n4 n1 Y r# A* W- }
==================================
. j( {4 h6 j0 s$ I: y
驱动程序$ I# N% F! k* G% V6 y
[22j / 22jn][Stopped/Boot Start]3 o8 P* \2 u( y& y1 ~7 g1 e
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>7 D7 ^ p# q. ?+ J; w
[360AntiArp / 360AntiArp][Running/System Start]* f/ q7 I- o7 B) H1 [. l
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
: ?; D3 |, l6 K
[43ec / 43ecu][Stopped/Boot Start]- d$ y/ @( p2 n; O4 Q
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
; z$ B) u/ f% g
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
# h6 {' I+ R) o& H4 M8 e
<system32\drivers\ac97intc.sys><Intel Corporation>
7 C; `, [( D# g- x) v
[Promise driver accelerator / bb-run][Running/Boot Start]2 }1 p! r5 L0 K; y0 O, y
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
6 v4 q7 A( ?$ u
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]9 A* o4 H* ?# m/ I
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
) }9 ^4 {) J* f' q% j# P
[KAVBase / KAVBase][Running/Auto Start] M+ B5 Q+ {" c& a7 l+ v0 x; [ W
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>! j& j2 v( b; X: k
[KAVBootC / KAVBootC][Running/Boot Start]
% y! }6 \& A% i8 R1 G) h
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>* {8 }. B' g9 M5 u8 L- \# U+ x
[KAVSafe / KAVSafe][Running/Auto Start]' Z, |7 |' o6 j3 ]5 \: A8 g- o, ~
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
. R: f- Z+ W$ C- c7 Z
[KNetWch / KNetWch][Running/System Start]
Y+ t' d7 E# c" b4 w6 l
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
8 A, s& t# @9 s4 s0 r) N' {
[KWatch3 / KWatch3][Running/Auto Start]
' W- l. z O) S3 ?/ s
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
! o+ _0 N8 c; j" [2 ], M! k
[ntptdb / ntptdb][Stopped/Auto Start]* a$ ?; \/ p5 h9 D! P
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
?! i0 Y3 M* ^2 E! X+ O
[nv / nv][Running/Manual Start]' {/ G5 ?4 w0 o( `6 _
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> {7 s9 e/ M& H1 X) ]% h2 x% [
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
- p; c8 J/ `- C: P$ H" x
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
; i) t. n4 _+ _: d9 y0 Z" S
[DDK PACKET Protocol / Packet][Running/Manual Start]
' y3 h& k8 N* B2 j0 N# t
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
9 I3 r# n+ q! D5 m* w9 X( T
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]
, h. T4 F6 x3 ]9 ]
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
% W$ r9 C0 d; s* H' a& E
[Direct Parallel Link Driver / Ptilink][Running/Manual Start], a, y) S! ~& x" w6 d+ Z7 U
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
+ P: j7 @; U" k: x9 ?/ i5 b. Y* K3 V
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]( F% B4 w; ^0 V' W
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>5 @3 E9 ~) U- E y$ L* B
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
" O( d6 D7 G% l/ }# Q7 r7 O l
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
5 y8 s& E* t. ^* f2 l: C
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
7 x; A& X1 r9 C/ T( [& M! d
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
; G- ?; s/ V/ R$ T" X
[Secdrv / Secdrv][Stopped/Manual Start]
) v3 P P+ Z% Q( v5 }
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
: t+ N( y" l9 ^2 e) H+ V4 M
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
% G: @2 k8 \4 X3 X) V5 w/ o
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>9 E9 a6 D1 E* |0 G4 b& {
[System Restore Filter Driver / sr][Stopped/Disabled] x2 S; C3 I% g7 k8 p8 y
<system32\DRIVERS\sr.sys><N/A> ]5 y( ?' O. p1 m, b7 t% H
[TesSafe / TesSafe][Stopped/Manual Start] l6 n' c: V' p2 O9 P3 c) \2 o
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
: c4 U6 W1 |. p9 f5 S& j
[System Services / unzxzsrs][Stopped/Boot Start]
/ ~* f' I3 b$ ?" ~7 R1 I# t0 @% z2 t
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>6 d: |8 P& C5 U
[ViBus / ViBus][Stopped/Boot Start]6 L9 b; l8 e$ R, |
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
$ {+ g, k' N5 j: M. k2 Y( F* n
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
0 P& ~9 |1 Z" E g
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>+ T9 l! y. X7 o
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]. U, E0 {/ `4 I) Q$ l* T
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>1 ~/ {4 ^0 L) e9 J2 J
[ATI Extend / zhibmaso][Stopped/Boot Start]3 z, d. u1 g2 a) G/ X4 x
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>
, o8 |/ U0 U3 H) A5 `
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
6 J2 v0 X$ L# X
<System32\Drivers\usbVM31b.sys><Vimicro Corporation># }) k$ X0 P8 {# h
==================================
9 O/ I' r' }% Q9 f* \
浏览器加载项
' S" m5 ?9 o4 D4 g+ V# }% x m" p
[Google Toolbar Helper]( j6 i& d3 l/ E1 X+ p" N. i
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
$ V2 z& s& V9 d% v# ]* ^- M
[Google Toolbar Notifier BHO]3 Y# U1 c; m0 ?
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>3 v# Q% R9 ^* f; U
[SafeMon Class]
- I7 Q1 _0 d- X9 x% C
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>' R$ T& ?8 U, G9 P: @8 z$ b
[kingsoft browser shield]
& Q7 S& N4 A5 \2 H5 Y3 h4 B
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>* R' K. L5 N8 C: O+ N4 |
[IEBuddyExtControl Class]
% v) W% y9 k0 O- ]& O( V& r
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
" G1 p% j! I9 l7 c" ` U: X
[Zcom 杂志]
6 F4 I* f' x) ~# H" Q5 ` a* \
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>& J" i: u+ c2 j$ B3 D5 j
[&Google]/ k! Y4 w5 V# ^: d
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.># z: `( k, M( j
[KooPlayer Control]
/ A1 w3 [, o6 ~
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>5 _) V/ W0 t# b: g
[Shockwave Flash Object]
* F/ T' b5 j# [5 @
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
6 a- ~! X# ?+ K6 ~; R. e* p
[KUpdateObj2 Class]
+ {+ I/ ]' Y; v7 n6 d) Q* T& E" j
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>4 {& F; }5 |9 Z9 t# m |) B& T
[Google Script Object]
' _2 K0 T& f4 _2 T% E# Z T
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>* a& q$ i ^# D7 H3 V
[EWA Control]
1 M2 y) l# \' e6 ], u2 T* d
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
! o% S9 H6 j0 z- A3 k& J
[Windows Media Player]
/ {' g9 A; w9 \: U, v2 H) R
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
$ W% }: u5 a7 k$ P
[&Google]
1 M: Q" o6 P# F ?9 A5 _% b3 W
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>. |: }4 A( [3 `2 N7 D
[HTML Document]
; U+ u$ S; R3 R" k
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
& a" B! s; n( p, i/ T# N9 j- w
[DHTML Edit Control Safe for Scripting for IE5]
. [9 R) C, f' _& y) m9 Y
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
* ]& {: ^# t! j4 D n- _
[RealPlayer RAM Download Handler]1 n, g( U# q1 Z* `
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>5 e4 l3 F4 K& t7 g5 O- R; H
[IEBuddyExtControl Class]& @9 n/ V7 j+ G# g
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>5 t$ ^: E' ^5 M0 A/ f8 [0 z& K
[XML Document]- B, E7 P7 S7 Q; h& X
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>5 N/ U8 R; t- ^0 V k
[HHCtrl Object]5 }- z& H9 h$ b, C
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
, w: w+ U4 n) V
[Windows Media Player]
# r6 Z; ~# q/ V Y3 [# f
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
, e0 {% l' ?- s
[Active Desktop Mover]6 Z, H: Q- e. L2 a' `8 H3 _
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
; b8 H- }- v' `/ }
[360SafeLive]
& }5 K+ ^; b+ M4 A0 P
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
5 \- h1 O- N& X( E r4 Z7 q' M
[Microsoft Web 浏览器]+ ~$ ~! O/ w6 v
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
4 b6 T% x; o9 B
[Browser Enhanced Objects]- d& S3 m4 {; p) P) j7 ? u
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>
5 j( v; ]+ P* k7 m8 |
[Google Toolbar Helper]
( t4 a& k# D! Y/ y: w' @
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
2 n$ M( U1 f1 A
[Microsoft Scriptlet Component]
: j! P9 U, k) W9 N- a1 \* M
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>! v% \* v4 a" U6 g8 U+ t- ~& D
[Google Toolbar Notifier BHO]5 S9 C/ Q4 B2 F" |! [
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
& L; T5 p. y! t# A# X
[SearchAssistantOC]( k9 M. j) T8 s1 L9 E" c3 [
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
+ T& U1 E& P/ i, _7 q! T9 d
[SafeMon Class]! n/ B3 {. q$ G: z+ x
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>5 T, J7 g, t* F4 @3 l
[RDS.DataSpace] [! l" h0 j% N4 D+ V; `
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
% w, p; t0 _; Q) { ^( m# l/ |/ O
[KooPlayer Control]5 O' E4 a2 o* x5 }7 ]- C
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
' c6 K$ N* i5 y0 K$ r$ J9 e
[AUDIO__MID Moniker Class]
* r9 X! y3 {; w G; W; p
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 n2 K! Q. d; _$ D' o
[AUDIO__MP3 Moniker Class]
z+ u+ v/ N0 K' N( I/ h
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
. _5 p7 x, A- |3 s, M6 }2 H- p! r
[AUDIO__X_MS_WMA Moniker Class]
5 @8 }) R$ r9 `1 b
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>$ s- u( n& s8 c. `/ Y- I0 q5 K: n3 f
[VIDEO__X_MS_WMV Moniker Class]
' z( _3 T% a1 P3 L
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>: i: Q- R P; u4 [- {
[RealPlayer G2 Control]0 e, q1 }5 N/ A9 j$ Y; E
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
9 ^0 o" [3 l9 b2 o" \; v
[Shockwave Flash Object]& _1 l/ b2 o/ I6 ^
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
0 T ]( P# Q% z% l: Y' w
[KUpdateObj2 Class]1 L& d5 a, k7 Q
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>0 E& e2 z' @; d
[kingsoft browser shield]
' e# I7 {* |& O' s: e; e; w
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 ?1 p1 K l7 |6 M
[PasswordEditCtrl Class]% V2 O' L3 ?$ {; x
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
- D |0 J0 C3 O: w: V
[QvodCtrl Class]4 Y9 h9 S4 |2 ]6 g Q! k0 L6 p* |
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>! J/ F2 \" p0 l; A4 I
[&使用超级旋风下载]" c( L% p2 Z1 m1 [' n
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
. i; f" ?8 d) g" C ]$ F
[&使用超级旋风下载全部链接]
. s" M; p& o# q! j0 N5 k" z+ P
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
* U! {' g5 H& l8 b$ q+ t/ X- ?8 W+ P
[使用迅雷下载]
# [9 I2 o1 M6 r
<, N/A>
" C, r( H7 o( E# n: C; O; U
[使用迅雷下载全部链接]; l! Y+ ^5 v9 x8 }
<, N/A>0 _0 H1 W- i0 a8 ]0 c
[导出到 Microsoft Office Excel(&X)], d' Q1 H* U6 A6 \
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>+ }. ^! Z T9 j: D* t E
[添加到QQ表情]7 g B+ W: b* w+ d7 F* _! i' x
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
4 {* a( v0 `" c# A2 b! r. K
==================================- j5 a0 F, d5 c1 w- j$ x! V
正在运行的进程: W2 E8 c5 F& [/ ?
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]$ `3 H+ a/ K9 Z8 V9 L
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
& W1 `# U& F0 p T1 g3 @& h
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! \ l( g4 z: u: {
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
# {& [- v9 t$ A1 s" ~1 c$ R
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
; }* _) u5 t4 W, |% `1 M
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 W [( O# H( O( V( h+ b
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]' d" A7 Q/ {. n4 {/ n
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: L2 {! z6 l# _3 k
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 L1 ^& _1 A! V* s6 G" T
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 p3 w7 N7 v$ p: @
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
8 V) r3 N' |( J) M) l
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
7 E& T$ {% ~$ e: O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
4 n) W% \) t1 g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364], n' a& R) r: C
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)], y! y) a4 I/ F& |$ m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
2 J M" u3 Q* F9 B, [; c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]. b& ^0 m, @0 _5 J' {8 J& b2 n) F& F
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]4 m& D6 ?! x# S! C5 j7 [1 M7 L; Q% [$ `
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]* f" s1 l" a+ u2 z
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
7 m5 D1 N: Z0 C) z& i
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
" t- L9 Z2 M. K0 ?/ m
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]3 R8 v$ j) C# l5 o$ W) X0 A+ a
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
* h+ ]. m3 ^3 @, @; a% I
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]+ l$ {: |3 l$ W0 R+ r
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]; y: C8 R5 U% ^1 R- K! w
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
7 h* @- n5 H. E/ L: _' \# I
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]6 B; _2 t0 f- v& z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
d1 Q2 d6 n+ G9 u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]0 C) y9 z* W0 f3 t' m) ?
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
1 O. i) N* d5 [2 C" R
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
8 H; g+ v; v& v, H4 L+ N
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] y$ F* H1 ]0 V4 u
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
& A. R0 j: c5 g! S/ g2 A1 Y/ N; G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) j* E* |* q% G9 d0 O% z
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; X, t' G1 ]' }1 i
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
) V- |3 f) m- v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
+ \1 s3 K- L ]6 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
. Y2 S$ f! y! {: R! Z0 t
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 s/ z( c Y% u
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
- u5 o- y" d4 L" k8 `" }
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
9 r# B; l. S5 w; Z ~0 P
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
* i9 }5 Y6 \' t; k0 v; _ [/ ^9 E4 [
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
# q; Q0 B- k1 M) G' w" r
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
6 ^# J4 g, A- y6 z5 \
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]7 q& F% F, I6 ~
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]8 `, ^8 {" V' K2 g* e" N( v
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]) v, x* }6 c6 N0 d6 h) |
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]- n% n# M$ z: A
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
3 s/ {7 |) @6 i* s& K
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]2 U# C7 V- P& T1 Z7 v/ i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]- E: m l3 {7 K! G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]( A/ v7 _/ e8 y; F" V) U" n: A6 _
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
/ V' _9 ?6 X2 W6 \# }9 y! k2 I
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]: y" d* Q# }2 l4 ^
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]' x1 p A" Q6 L5 b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
* P* e5 e: H. O5 X6 c+ d
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]# M) I6 I' O* |/ T0 T! f
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]; v0 F; g4 J; l: y( {- ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]
" a* w0 G8 |, t3 l# v9 b/ E
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]! H0 c2 V4 C/ O3 b) |9 u" ^' x' l
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]* z& s! `7 t$ s& y! V
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
" V# G' {% v, H5 j/ t+ R& @
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]) V2 h6 x) c) @
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
( W% v+ o a8 R- f& N( W2 E: p7 [
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
$ [( f: ^+ ?% z* h
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
1 i; z1 @* x; I. [
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]
1 B) i' ]# L+ v1 ^. U0 ~+ R- q
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]- h1 c. d1 Z6 @: p
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]* R2 t7 c# \! k7 K, _" Y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]. s* o+ Z1 _2 c' i# m' M1 k; e
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
% L/ w% A9 {6 R' n( |& z
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]6 J3 Z/ `0 G- x1 U4 [
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
1 C8 s4 U3 t8 T8 p
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" U- ~5 x' H, p5 y: y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] R/ f- Y& z% O( I+ E/ o- x
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]
( d, u1 i7 ^9 g, J4 m
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
: k" D( v6 M3 d/ h" p H
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 _% n' P; b) l& `/ t$ b
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]/ [9 @1 z5 W& g/ E
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
. S4 W8 Z; f3 N4 g- Q
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]+ D! e. ^. C+ Q9 @
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
# F/ d1 d5 H2 i3 y3 ^; v
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
% R8 _2 C- F2 W& y9 A' V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
8 O( o5 v7 N& J! o. \
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]: j* H A. j9 \% G8 w2 |1 k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
0 q( l+ ]9 J2 G! w9 N5 r+ Q8 S
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
8 G" ~. i! p% d, I5 v7 q. W$ Q
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]' y! ] ?3 F8 i
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
/ ]0 ^' Y& o9 e$ p. O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
" h5 D6 t7 ?3 q: a
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]! e) A1 N+ D2 y/ p! [ N0 q
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
' V2 g% Y5 C$ z: l* f1 `, D
==================================
0 k$ } q# o2 `
文件关联2 D# {: l6 t6 D+ G1 \, z( e
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]2 ^/ {6 c& B2 B6 E
.EXE OK. ["%1" %*]! a& L2 p8 ]5 H5 W$ j
.COM OK. ["%1" %*]
! H1 [9 e" V" u/ J- C
.PIF OK. ["%1" %*], ^/ o5 W, v, k. O3 L
.REG OK. [regedit.exe "%1"]
8 k% b# M2 X! V( p# O8 l
.BAT OK. ["%1" %*]$ f5 `1 u( T& X2 X8 ?3 Z; i: c
.SCR OK. ["%1" /S]' O( U" Z6 s) O9 C! z# s6 {
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
/ h. K' T5 v, H% Q, R; T
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]. A \' D" @5 \9 `5 ]+ i. y* Q# b* r
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]: O+ F* N' ^' e. X. x/ i
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]' Z( ]$ X" _# U" t P' s3 y8 k
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*], r2 B0 P- l4 W0 }5 K
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]" Z# X2 l; K2 p0 ?1 q
.LNK OK. [{00021401-0000-0000-C000-000000000046}]3 T) [% F" B/ o9 n+ ?
==================================
Winsock 提供者& {2 u( @( S. z9 q6 @
N/A4 z+ C5 w$ R- H* U3 H' h6 P9 V
==================================
2 k: b7 o1 z: m' v- M( ^
Autorun.inf
5 a& s2 Y+ f. q. k3 I& X
N/A" n2 E4 W: x) J% G: [/ Y
==================================
7 H8 }5 [' F* m. g
HOSTS 文件
7 Z/ i# d8 |: a
N/A
" f1 K+ P4 P j8 L) U) X, w
==================================8 X. b. d8 t1 S2 l* Y! c8 ]0 g
进程特权扫描. u1 o; Z2 [$ c+ ?
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
& {5 m7 J# k% t7 O. j5 o" z6 Y9 q
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]7 G: A5 a4 t& K7 {$ _5 A
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]/ M2 [& g9 n g! r, Q* S# J
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]; P) e, w- E3 M" w
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
6 g4 k2 M; W6 J% e! \" v$ w. |. K ]
================================== ?8 a: f' S1 f$ W' H$ V+ t
API HOOK
9 i6 M% m; ]& {9 F8 P6 j
N/A/ ~2 [: {% \1 l0 _ }
==================================/ S5 D4 U( A R1 B/ L$ R
隐藏进程' T! `; C4 S# T: |, P
N/A
) p% r: G& R9 }) Z% P% k
==================================
J t3 |$ t+ D2 ?4 z1 u2 n6 M; Y
. i" i$ e" R; M8 v/ B) t

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115