在这里

独恋伊影 · 发表于 2008-5-22 20:53:41

! w$ v3 }( t* q2 f8 c& X- P- {0 k& H
2008-05-22,20:37:43: n$ f* a$ W* k6 k0 b# a: s
System Repair Engineer 2.5.16.900
G {" A6 O( z$ |1 G. G
Smallfrogs (http://www.KZTechs.com)9 Z% L) D o. o8 y# U/ W+ k
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能3 {9 |- @' X' C* S# a( l) N! t
以下内容被选中：- h- D( b2 Z6 T Z( @ `
所有的启动项目（包括注册表、启动文件夹、服务等）
+ d6 S, D+ c& a2 I
浏览器加载项
/ g) S: T& s. f9 ]
正在运行的进程（包括进程模块信息）/ r0 D. a+ n1 g; w4 J' G. a
文件关联
( v/ s7 U+ r L! W; t9 m9 O: K
Winsock 提供者
+ v- J4 ~" v; K2 _0 V5 ]
Autorun.inf' R! f. D6 n: @# `+ [+ _: B
HOSTS 文件6 n6 J( [! T7 `/ B* @0 j& S
进程特权扫描: E0 g/ b0 s. I8 ?- T$ c
0 G1 w! W! ` J" l( A: k+ B3 n1 f9 b4 y
启动项目: I/ u; p$ D s# V3 `8 \3 o: h, w
注册表9 u& p' c+ }! G4 y' ~
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
. L- X& D+ I4 V! K, Y& P$ a! B
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]. ? @: {2 G# Y* Z# ^+ P& p: k
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
# t) P6 l2 T" x
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]2 L6 }* T- H% |6 u Q
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
* j! C: L7 C5 u4 B6 i* z
<360Antiarp><C:\Program Files\360safe\AntiArp\AntiArp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
5 V4 V b( s' |* f8 P- N
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION]
2 z. k& {: [/ T! f
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A], g# n9 U( n" B
<PHIME2002A><; > [N/A]
$ ^. b& W+ h7 G: O l6 @- z' S
<PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [N/A]
: J( L( @; g6 l+ ?0 i$ l2 Y3 h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
) P4 Y$ N5 q9 w8 f: r
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]+ J) r7 W* Q; S
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]# J& i. ]5 n, G @: p) I, h0 m
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
5 l& Z7 a I6 S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]9 y5 H! K6 R; |/ v8 p
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
0 s. f- D6 p6 u0 a# J5 H- u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]2 f( S+ D; u X1 \ O0 B" ?
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
5 R9 ^) s6 ]! a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]- O2 V% X3 k; Q# F/ j
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
& D- k) ~4 a8 R# ]* N- V6 p9 j4 z ~
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
: w7 N9 t+ m0 z( _" t/ z/ B' g
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A], F2 J) U* | G5 j4 v j& R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]. V7 @4 d: ]' g- T- g
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]/ ^1 o$ E/ B8 e& t' G! X
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
$ e& v' G- {2 F, O0 q$ ?
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]% N$ C1 j1 e+ M. i
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
- K4 q. N) o/ S. i
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
# V9 d/ @) u% f
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]4 m, V2 Y% h. p3 k0 r% p# F
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
6 t- z8 J8 A% p# C/ F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]- p0 q4 A/ M: b4 U" u7 y. [
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
! c4 y6 s) k! d+ B
==================================) c$ K2 n2 l5 K6 J6 i H5 l8 s
启动文件夹
0 Z1 P# ?% ~ P1 n/ X- p
N/A% _3 l$ f/ y5 V- f& Y/ M
==================================# g: t; }2 `' I9 r+ Y# ]1 H! t
服务
- e# V; X7 }" N( b* W' J3 h
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]6 q& g( W% X e' {( `/ z
<C:\WINDOWS\System32\3wareSrv.exe><N/A>: X7 v& I# _) N6 D0 L3 }) m
[Google Updater Service / gusvc][Stopped/Manual Start]# D. V" Y' U9 |( B k6 y' z
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>5 M! G; [5 w% f" D1 z" K0 l+ r
[Help and Support / helpsvc][Stopped/Disabled]
$ G* l/ Z! Y& M. M
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>( g# N6 g2 H5 z& V, z. f! u
[Human Interface Device Access / HidServ][Stopped/Boot Start]
/ m" k, W' V1 o' h/ I- E O
<\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
! S2 t2 P# m# _
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]$ O' R5 j2 U" s' ^; m/ W
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
$ C8 H8 x6 N6 i" W+ M8 R9 w' A0 a' Z) T
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]" H; y9 W( w: V' J, C
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
8 h9 t. _! D5 w! w2 P7 V7 r
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
; D% Y/ M0 m" F( b4 K: \& t& @
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>) U. `( r$ g: V7 ^
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
! k9 K2 j. T0 }7 ]& q: D
<><N/A>
7 v4 R/ v& p0 {+ e
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
% U1 a+ ~' s) I9 _4 p9 s: R
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>- E1 _6 ?, z; u' Y5 U# Z- H: E/ |0 G
==================================! U$ _1 L$ d" k' R$ [
驱动程序
# Q# b' _0 I0 V. L* T
[22j / 22jn][Stopped/Boot Start]/ b# z+ M. H% y/ ]" B% A
<\SystemRoot\System32\DRIVERS\22jn.sys><N/A>
, Q# a7 T7 w1 c* s
[360AntiArp / 360AntiArp][Running/System Start]
0 [0 }2 ?$ _3 E# k/ ]
<\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
9 M$ ^, h+ C8 b) X
[43ec / 43ecu][Stopped/Boot Start]
& A0 o( R8 o+ t, S* @
<\SystemRoot\System32\DRIVERS\43ecu.sys><N/A>
7 x e- Y/ G1 O U( V" A2 p, {, X
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]* Q/ J' r- p4 v. R1 N7 k) B
<system32\drivers\ac97intc.sys><Intel Corporation>" I7 a4 F8 B( X! W. {
[Promise driver accelerator / bb-run][Running/Boot Start] o% P4 ?3 P# Y7 O% v3 H% \
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
3 h) Y: _1 r, H1 u
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
/ h4 ]) e* O- P) y
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>* \, s4 T, v9 L, z
[KAVBase / KAVBase][Running/Auto Start]
1 \/ G1 f1 ^; x9 v" z' l' n" ~
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>5 N, \( o; T: T. g
[KAVBootC / KAVBootC][Running/Boot Start]
: T; v3 E. n. ^* g! h/ M% i
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>" }; F c) r) A3 M# w' q' ^
[KAVSafe / KAVSafe][Running/Auto Start]6 W# t# p2 X/ ~, i* S
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>9 P- q J8 ~( n* n( H
[KNetWch / KNetWch][Running/System Start]
$ z3 J" B$ ~4 Y; n0 N
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
( @8 D0 b0 J: Y& m& @1 S
[KWatch3 / KWatch3][Running/Auto Start]
. O" i! ?+ r- D! d4 [
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>0 g7 F" _7 y6 V( H7 y% i
[ntptdb / ntptdb][Stopped/Auto Start]
5 R& j! ~% z3 s% ?! B% r, E
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>& j: b$ ?' [5 S0 q. \4 g
[nv / nv][Running/Manual Start]
: P; ?/ i0 W/ b( ?7 C& |
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>, H5 G/ [3 q: H) y( C# g5 r
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]. D) n s# N6 s
<\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
- S0 R3 u$ N' a* i5 v5 ~7 f: e: M
[DDK PACKET Protocol / Packet][Running/Manual Start]
! j4 q% P; R A4 z" T2 n) ?
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
2 `7 o3 ^( I9 |8 v4 E
[pnduojtwbt / pnduojtwbt][Stopped/Boot Start]$ f$ I f! T/ Z" P# d
<\SystemRoot\system32\drivers\pnduojtwbt.sys><N/A>
, c8 A1 ^- h: U
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
$ P# n6 k6 {. f! f& @/ j3 b1 u
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
! i& s# j: ?5 p* Y9 j, }! Z$ d
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>8 O% r. }" E( M$ C3 V
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
" `4 e! Z1 V7 I. k3 A$ {) t
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>+ D9 o* G" T) z* z9 O ]. j( m$ A
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]. y* [% Y2 Z% m( j0 q
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
5 Y& q# z3 h$ t$ A9 ?4 q$ E" @) R
[Secdrv / Secdrv][Stopped/Manual Start]/ s" ]6 ?( s M \+ N0 Z W8 q
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
`' t8 c; W4 s$ O8 d3 N
[SATALink External Device Filter / SiRemFil][Running/Boot Start]% f# x( y" d; i0 f+ {
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
( Y# y( D! P# {& F. ^) f( k
[System Restore Filter Driver / sr][Stopped/Disabled]
, b; a) K% z( Q* L% j# I
<system32\DRIVERS\sr.sys><N/A>
6 [ i9 |) E9 j1 V# g2 U% b8 y
[TesSafe / TesSafe][Stopped/Manual Start]1 e; i9 ` F# I* l1 O
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>( u: A: ~4 t' W( u7 u
[System Services / unzxzsrs][Stopped/Boot Start]
& n5 s: d. N- B1 A
<\SystemRoot\system32\drivers\unzxzsrs.sys><N/A>2 `$ d1 A: A# T
[ViBus / ViBus][Stopped/Boot Start]
; |+ S6 m3 A2 c( ]' y
<\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>! }7 d$ w7 T6 h3 J( t! F* |% v9 o2 N
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
. n5 X& [- o [, V$ e. X
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>5 Y5 }( o) V3 S$ q" c1 l) T6 [- B
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]0 }* ~3 @3 }8 w; ^4 s
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
, v! K6 s( H) N' a( E
[ATI Extend / zhibmaso][Stopped/Boot Start]) m k. ?* I. z( `
<\SystemRoot\system32\drivers\zhibmaso.sys><N/A>7 n+ g/ \: v. a \4 V
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]$ A2 l/ O5 p7 u2 O. b1 [* \1 D
<System32\Drivers\usbVM31b.sys><Vimicro Corporation>
& v+ l, b, e% ^7 W: K
==================================8 b" m8 u4 j" [3 B" c
浏览器加载项
% K! k* s. O. E" `
[Google Toolbar Helper]
0 d! w5 N, G- Q
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
' ~/ N, f- |: }/ p6 v; e; m
[Google Toolbar Notifier BHO]0 f' i1 \! U6 s. R _. v4 W
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>/ z. _$ Z: |; d, ^; Z
[SafeMon Class]& z. D1 q# Z5 P* i: F( }! T; U8 e. o
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>1 c" p8 e( f3 E6 O0 B$ \$ ]
[kingsoft browser shield]3 O, L7 D x' |* _
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>6 P9 f9 @3 N N1 I7 O
[IEBuddyExtControl Class]5 F5 H1 i4 o9 \) `! p
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>8 m. N+ c7 i3 A2 D. e5 C
[Zcom 杂志]
R0 u2 l% A2 P
{4045D313-1D5E-4fe4-93A0-A34630B6A00B} <C:\Zcom\E-Space.exe, N/A>( a6 D" J# E! B# C4 L9 Z# d7 G
[&Google]( p9 L' a$ u% {9 w M" p- E% o
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 S3 o+ J4 X/ @5 y# j& y
[KooPlayer Control]
" U$ U+ q* I2 L/ z L$ I7 `" ~
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
% B7 G# [8 S0 P$ G
[Shockwave Flash Object]
9 ^$ D* T, r% ]+ R( D' K" M/ I. u
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>4 K8 f- x- v9 p* N7 W+ F
[KUpdateObj2 Class]
% \1 }- w2 q% A4 Q0 U5 l
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
7 }; l x& F4 J$ M. I7 t
[Google Script Object]
7 K4 ]7 h9 E- G H5 b
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
4 @5 `+ K7 v- N. g; J4 u* \( }
[EWA Control]
% D# H+ |- Y6 W) ~$ a0 Y+ ?* F
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
[Windows Media Player]5 \7 }5 j. G# b
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
0 v% K* z! [4 G( K/ T! Z
[&Google]* X! m# ?6 \! Y6 p2 M
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>& B& `7 q$ J, w7 e
[HTML Document]
* L2 Z p% j- L& U6 h
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>) H, B H8 o: `- Q
[DHTML Edit Control Safe for Scripting for IE5]& F0 c, h( k4 u' W( p
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
, }* p3 f/ J: }/ u* P6 V
[RealPlayer RAM Download Handler]
- E2 s6 V+ H X. c: y
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>! Y8 W$ R6 b9 b: n5 d D
[IEBuddyExtControl Class]. n2 n) ~% f& {, `4 u
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, Kingsoft Corporation>
! E4 }' R1 F4 F) p# \( r8 L; q# B
[XML Document]
) W- F4 r8 N4 b
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>& S0 S4 i( ]3 ^+ I7 s, T$ F1 `
[HHCtrl Object]
/ s9 m$ u" B! I: \
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
- r- A! Z6 d, {7 q! |# D
[Windows Media Player]
$ ?2 R% X( ^- M6 k- l
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
" K7 s* f3 D2 B5 m; `/ W" q9 X
[Active Desktop Mover]
+ b8 i1 E v3 ^$ G, ?5 q9 ?
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>$ R5 j+ I' H( x* ^
[360SafeLive]! _7 Z- Q9 s1 a$ E) B3 x. n
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>" ?6 U4 B5 ]+ K; m f
[Microsoft Web 浏览器]
* t; `: U4 T9 {# Z+ A
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation># J0 X' Z; ^& q8 y* i% {
[Browser Enhanced Objects]
! ~2 H5 o$ A8 O# _. A- v7 Z
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2011.dll, N/A>1 r. Y* L9 d5 o2 s l
[Google Toolbar Helper]9 a, G0 g* V: t
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>9 m, A# t3 l$ Z/ J) L" w
[Microsoft Scriptlet Component]; K/ y _" T, t/ X1 G2 ^
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
% l$ |8 M7 e4 Z& D7 x$ t
[Google Toolbar Notifier BHO]: T" M8 K$ h( }) J# }( Z
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
5 T: U3 ^" A* i" G g% t! y
[SearchAssistantOC]
% b! K. J" K0 {, y% S
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
+ M- j' ?) M/ F8 p/ h
[SafeMon Class] u/ t. {( Y& h4 A. @- N6 T
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>, D! }8 x. O f- ?
[RDS.DataSpace]* X* H4 Z) m# ^) I
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>/ i. j9 ]$ f+ X( {
[KooPlayer Control]# a* q/ K* W6 O# R7 x8 b
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\system32\CCTVKO~1.OCX, Koos>
8 y4 U6 ]0 H2 ]6 e5 h
[AUDIO__MID Moniker Class]% V: t" m0 l2 p# e( ?! P+ t$ U
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
2 r+ e+ N$ v \5 j: m/ i
[AUDIO__MP3 Moniker Class]1 b4 E0 ^9 M) m
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>6 R, R* _/ S$ k" z. B( g+ F4 D
[AUDIO__X_MS_WMA Moniker Class]3 }: Y; m& w$ X/ m9 H( J4 J
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>* N+ b0 Y- D% h; P1 U
[VIDEO__X_MS_WMV Moniker Class]
8 n3 H2 A: d* |' s$ F9 Z9 ]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
3 {1 B2 O2 R2 Z/ b$ P' I N
[RealPlayer G2 Control]
8 G M J$ L& ]- N; ^4 l
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>' P2 x9 h1 W' b4 h; A
[Shockwave Flash Object]
; g% o7 [, k* ~, p' \
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
4 i: V6 o# W$ l; d
[KUpdateObj2 Class]/ v9 f) Y* W7 o0 B. S
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>, I/ Y9 r5 d3 T
[kingsoft browser shield]; g! K$ x6 l$ x$ ~5 `
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, Kingsoft Corporation>
7 Y3 u" ]" w+ e" p) w4 \/ b2 L: a
[PasswordEditCtrl Class]
3 A; r& Y# n+ f' `( X' a
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
7 U% d4 C E& s: @
[QvodCtrl Class], `$ d D0 _, Q1 B$ G( `. i
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>* }8 }, [4 Y( o
[&使用超级旋风下载]# B( c, E# \- f" Q6 i
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>% G1 {8 n6 E% @- J, N
[&使用超级旋风下载全部链接]
9 u5 j: p! ` I) w4 \ f% ^
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
) Z! x4 P0 w: U) q2 @4 l
[使用迅雷下载]
+ @$ \' f, x, X- F0 q' J/ n
<, N/A>
# N5 Q( G0 T" B6 G4 N, ?+ f5 W- i
[使用迅雷下载全部链接]8 f3 e9 u+ n, Y- T
<, N/A>
8 ^+ a; n- b/ H X
[导出到 Microsoft Office Excel(&X)]+ d1 b3 k. j/ z) r
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>8 j; h# u3 G8 Z+ s0 t
[添加到QQ表情]+ }# U3 I, k9 d5 t. Q0 H ^2 E
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A># S$ H3 j. B2 ]+ O) x
==================================. p/ X0 c3 F* N O% G
正在运行的进程; I0 u! e1 Q6 a; _% e# L
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
! C/ |0 D/ V0 [, s4 c, I- o( @
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]: Z& f& M! o! I
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 y- }3 t" C9 g+ c
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]% M; ~5 e3 d; Q$ J W- A; B: O
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]( v/ W, ?! q" v3 \7 L
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]6 T i9 J1 x' p0 N; n6 m& @* q
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]- E* R$ Z0 u8 {6 }0 Z) `) e2 r1 V
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]4 I) z+ d5 ~' |5 r1 c; U0 _- g/ f. i
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
0 K6 `0 I+ z& E- l7 I; S
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]* P4 ~+ T ^ X" ^# S
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
( j6 F' Q: e# y. e" p
[PID: 1236 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
" T8 }# l% y! W3 K
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]: _+ p. t# h% @7 s6 R: n& ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]* C# `4 b6 f1 M3 O2 {( F
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
' T( I5 f. u* p
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# u$ `: {# f( ~
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,05,07,373]# m$ F. d& l/ i
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]: L+ n( E; f/ }* H- A3 X2 ?! I5 V
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
t9 Z' i$ u2 b# y
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
H; ?+ _( ^; q% p, ^( l. P5 \
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
$ ]: c2 P' k! s- i$ p
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] s V |8 D; z6 o( X, f
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]6 J6 I; M$ w' ]- A! e3 B0 c1 B
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]" e3 V. Q* H/ H( V1 [& B: I
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
0 D; w Y6 R9 w: D+ L0 t1 B
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
: I$ n' B, M5 T0 ~ l
[PID: 1540 / Administrator][C:\Program Files\360safe\AntiArp\AntiArp.exe] [360安全中心, 2, 0, 0, 1008]% n L, X6 p! q# I
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]; J' v& l" k* N; g
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]4 X2 F3 l( L: y9 Z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
) k D$ U+ E; m" y6 y
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
5 G1 X4 I+ v1 V. u2 s* l% ~6 \! \
[PID: 1560 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]+ p7 Q; x( l% P1 b: @1 X* u! g& O
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]. o- h$ O( i9 Z1 I, o% X
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
7 ^6 G* Q! _( m, g2 }0 k
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0] G8 x. n6 G3 Q( o
[PID: 1576 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654], _6 }7 o m' b- u% a7 {5 ~
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]0 L x# ~) n; G' P8 `' P. _( v
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( z: P1 I. M d. a/ j9 Y
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: l: |$ v/ s/ C
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
1 n! D7 t5 t: O( n& K% L
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
; e$ P V! h4 m; y, e% s5 P) {
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]* Q4 ^/ L9 \: U, V
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]; |5 w$ i) ]6 C7 T/ F/ `
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
' O+ y9 b! g7 E8 X4 T
[PID: 1744 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe] [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]& Q8 Z, Q( }9 g2 I P
[PID: 1860 / SYSTEM][C:\WINDOWS\system32\skeys.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]9 w4 P' N1 D M! ^2 S- \% L5 M
[PID: 1908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]7 I, D+ y& c1 @" x1 ^
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
% x! Y( ~0 l* ]/ D9 s7 G
[PID: 2772 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]$ g: d( p" a! X4 a, f& b
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]# w8 t4 U0 t! U% C6 M) _. c
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]
% h& X! I. c/ u1 g( g5 L
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
, n6 ~+ Q0 a6 {
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]6 h5 _- q* D, U3 k# v
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
) x6 e& w$ N# R/ q% V2 c7 j
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2]6 R- T* h9 p& t: g G
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2]
9 c# E4 \$ O4 t* R+ ?8 ]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,05,14,83]" m# h) i8 q* v8 N
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,04,15,2]) F% V+ j6 m) N: b; _
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,05,13,78]. h2 z3 q3 H; I- P' D
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
& w- y K! S; e
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
# b6 F) b& L& K% l: @
[C:\WINDOWS\system32\WN.IME] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]* [1 k3 r2 z2 \$ j |
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
# z0 p" W. U) [' q
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]" {: _5 i2 r+ P4 b, z- |
[C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll] [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
9 ^6 T/ s# I$ p) X
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.2.0.0]
+ g+ y! ~% V3 G1 _. R3 |& b) M1 `" w
[C:\Documents and Settings\Administrator\My Documents\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.2.0.0]# Y7 j1 C8 E1 f j5 n) {; f" J" U6 `# G
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 4.00.950]; v w6 `# U- n
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]0 T6 e9 W @ K% _/ g
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 B, m) V9 p( T9 u& X
[PID: 1124 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
. h; ?& ^ [; [) y3 ?$ s( ~
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
# l) N. V* E" t. Y8 v+ I
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]( S, C" w( c" h) L8 \& {
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
! o0 ^+ W4 e7 P) T5 O9 A4 I
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
' V$ T# P f5 s+ S
[PID: 928 / Administrator][F:\arvmon.exe] [任软工作室, 2.2.5.201]5 v2 X v% m/ ]3 [5 X' ~6 G
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]3 a7 @4 c. z! N/ w
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]5 K; j& C* S1 V' L& r+ c1 n
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
: l! Y7 q/ U2 X$ ]8 \
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]1 a1 `5 @8 m- q) N
[F:\Vdata.dll] [任软工作室, 2, 2, 1, 94]
0 e+ J8 M3 P w0 q
[PID: 2540 / Administrator][F:\AutoGuarder.exe] [任软工作室, 2.2.5.201]
$ q: C3 X/ g% ~7 P: [( ^* R
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]4 _# O- p% S4 I6 c4 Z ^, `
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]! {# E" O: B* Q
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
6 I% d, n. J% x3 L- P
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
" m( w: f0 Q5 H5 B2 C8 Q+ T
[PID: 2476 / Administrator][d:\我的文档\桌面\系统检测修复\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]4 w! \$ Q# W7 r7 E
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]: a( i% m7 u# s: z0 s B1 x( V
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,02,5]; v+ x/ a" o+ m+ z2 [" y6 z
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]1 f) t$ `& q. l, ]9 Y. X
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 2, 1, 0, 0]
& n' o0 I& c3 {$ a9 ]5 [
[d:\我的文档\桌面\系统检测修复\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
" }3 p- ?" [( s% X( t/ @
==================================3 c8 ]- G/ c* r; R4 j! `" `+ m
文件关联; Z8 \ t: \# J! N6 J) C8 i4 O
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]# y* `+ w1 k* r8 g* [: L
.EXE OK. ["%1" %*]* @ L' @. m, T" L! l. O) X
.COM OK. ["%1" %*]! U$ h) Y4 e- k$ t& H+ x
.PIF OK. ["%1" %*], M8 ^1 K2 C: T+ {2 f v0 Z
.REG OK. [regedit.exe "%1"]
! E% O/ I& I. p/ C& `5 f, i$ p) O
.BAT OK. ["%1" %*]: `, d8 Z+ }# U3 Z/ {8 E' A2 h6 r
.SCR OK. ["%1" /S]' D `9 x0 I. u2 K3 T' D0 c
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
% O2 A% G& C4 M% S; ~1 x
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
, [0 X1 a! H p3 @" r# X0 z; F' z
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]' G1 d, a. y1 a# [; R" p- I
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]: D4 H5 [" M9 |
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]$ m& H0 _" ?/ @" Z" [2 F
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]5 h; w. g* n" @# ]; h M/ S7 J, E
.LNK OK. [{00021401-0000-0000-C000-000000000046}]- G' w7 a2 u3 K/ q. w' a- M
==================================
" v8 |9 y) l9 k% P) H+ q, m: S3 h- a
Winsock 提供者7 F8 P8 Z; l* C/ t* [$ i; L+ g
N/A
! ]+ e! a% K. y3 A3 W4 k
==================================$ ?! Y% ^- D4 u4 a* `
Autorun.inf
/ ]! T' v" Q* e2 K) p
N/A, y! A: D% }0 P
==================================. H6 M) ]) n% J
HOSTS 文件
& m% d% `0 Q6 c/ a+ N3 x8 m2 Y9 e5 T: I
N/A
% _( F7 x! {) F0 z+ F. q+ Z
==================================% T( s6 C- h" D: n
进程特权扫描
! G! g0 y- o, M5 T5 }- D5 M# j+ G/ b
特殊特权被允许： SeLoadDriverPrivilege [PID = 520, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
/ P, X- F3 v8 `
特殊特权被允许： SeDebugPrivilege [PID = 928, F:\ARVMON.EXE]
' y9 }4 u: O/ X$ k$ ?. A
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, F:\ARVMON.EXE]5 }* K0 Y$ i0 `3 `! Q- n
特殊特权被允许： SeDebugPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]
7 D/ x9 z+ g9 P" o3 s' ]; W
特殊特权被允许： SeLoadDriverPrivilege [PID = 2540, F:\AUTOGUARDER.EXE]( A% I& k. |- D: ?8 |. F8 p
==================================
2 e" ?/ a/ u9 W' `
API HOOK
" n9 `" i& G, t5 k; ~& Q1 E
N/A
/ J q6 c" A" f5 b& A5 F- [
==================================
9 q v4 l4 M% B& i
隐藏进程/ Z; x2 s) ?/ C" i1 A) _0 u8 R
N/A
$ b! {. X& N$ S3 l
==================================
8 ^2 w1 c( f+ c- k, M0 j
# Z0 F- W0 i, v

复制代码

傲天♂扬帆 · 发表于 2008-5-22 21:40:31

跟原始说了，不知道能不能看明白。。。

傲天♂元始 · 发表于 2008-5-22 22:23:55

[Start]

2008-05-22,22:24:21

SREngLOG智能分析专家 V1.2.0.125
Tored (http://hi.baidu.com/peaset)

======================================================
以下过程将用到SREng、PowerRmv，如果您不熟悉这两款工具的使用方法，请参考下列链接：
SREng详细操作方法： http://hi.baidu.com/peaset/blog/ ... dd19224e4aeadf.html
PowerRmv详细操作方法： http://hi.baidu.com/peaset/blog/ ... 6fb5eb77c63816.html
======================================================

以下是病毒清除步骤：

1、用PowerRmv删除以下文件(没有则跳过)：

; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
;
; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
C:\WINDOWS\System32\3wareSrv.exe
\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll

\SystemRoot\System32\DRIVERS\22jn.sys
\SystemRoot\System32\DRIVERS\43ecu.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys
\SystemRoot\system32\drivers\pnduojtwbt.sys
\SystemRoot\system32\drivers\RsBoot.sys
system32\DRIVERS\sr.sys
\SystemRoot\system32\drivers\unzxzsrs.sys
\SystemRoot\system32\DRIVERS\ViBus.sys
\SystemRoot\system32\drivers\zhibmaso.sys

2、用SREng删除以下【注册表】项(没有则跳过)：

<IMJPMIG8.1>
<PHIME2002A>
<PHIME2002ASync>

3、用SREng删除【所有启动文件夹】内容(没有则跳过)

4、用SREng删除以下【服务】项(没有则跳过)：

[3ware Controller Service / 3wareSrv]
[NetMeeting Remote Desktop Sharing / mnmsrvc]

5、用SREng删除以下【驱动程序】项(没有则跳过)：

[22j / 22jn]
[43ec / 43ecu]
[ntptdb / ntptdb]
[pnduojtwbt / pnduojtwbt]
[RsAntiSpyware / RsAntiSpyware]
[System Restore Filter Driver / sr]
[System Services / unzxzsrs]
[ViBus / ViBus]
[ATI Extend / zhibmaso]

6、用SREng删除以下【浏览器加载项】项(没有则跳过)：

[Zcom 杂志]
[Browser Enhanced Objects]

最后,重新启动计算机.Tored祝您好运!
======================================================
[End]

傲天♂元始 · 发表于 2008-5-22 22:24:30

你就这样弄，不行我也没办法

傲天♂扬帆 · 发表于 2008-5-23 13:18:44

独恋有按原始说的重新操作一次吗？

独恋伊影 · 发表于 2008-5-24 20:09:59

找不到要删的文件。。。。

傲天♂元始 · 发表于 2008-5-25 08:54:35

有些都是隐藏起来的

傲天♂风云 · 发表于 2008-6-5 03:36:36

我对代码一点都不懂

傲天♂元始 · 发表于 2008-6-5 14:21:26

。。。这不是代码只是系统的扫描日志而已

傲天♂冷漠 · 发表于 2008-6-5 18:19:32

我汗~~~
这么多代码~~~

技术部 收藏本版今日: 0 主题: 115

在这里

浏览过的版块

技术部 收藏本版 今日: 0 主题: 115

在这里

浏览过的版块

技术部收藏本版今日: 0 主题: 115