[CODE] 2008-08-22,11:34:59 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\GridService\peer.exe" -n Grid> [FS2YOU] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing] <; "C:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe" /minimize> [(Verified)Trend Media Corporation Limited] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [File is missing] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "D:\Program Files\Total Uninstall 4\TuAgent.exe"> [(Verified)Gavrila Martau] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Tuotu\Tuotu.exe /m> [File is missing] <; "C:\Program Files\Winamp\winampa.exe"> [] ================================== 启动文件夹 N/A ================================== 服务 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [MPSVC Service / MPSVCService][Running/Auto Start] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start] [AliIde / AliIde][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\aliide.sys> [AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\amdagp.sys> [asc / asc][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\asc.sys> [asc3550 / asc3550][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\asc3550.sys> [ati2mtag / ati2mtag][Stopped/Manual Start] [CmdIde / CmdIde][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\cmdide.sys> [dac2w2k / dac2w2k][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\dac2w2k.sys> [VIA Rhine-Family Fast-Ethernet Adapter Driver Service / FET5X86V][Running/Manual Start] [VMware hcmon / hcmon][Running/Auto Start] [HuaHong USBKEY Driver / HHUsb][Stopped/Manual Start] [HuaHong Virtual SmartCard Reader Driver / HHVReader][Running/Manual Start] [KVFileGuard From Jiangmin / KVFileGuard][Stopped/Manual Start] <\??\F:\杀毒\江民2008移动版(可升级)\antivirus\KVFG.SYS> [MINICD / MINICD][Running/Auto Start] [mp110001 / mp110001][Running/Auto Start] [mp110002 / mp110002][Running/Auto Start] [mp110003 / mp110003][Running/Boot Start] <\SystemRoot\system32\drivers\mp110003.sys> [mp110004 / mp110004][Running/Auto Start] [mp110005 / mp110005][Running/Manual Start] [mp110006 / mp110006][Running/System Start] [mp110007 / mp110007][Running/System Start] [mp110008 / mp110008][Running/Auto Start] [mp110009 / mp110009][Running/System Start] [mp110010 / mp110010][Running/Boot Start] <\SystemRoot\system32\drivers\mp110010.sys> [mp110011 / mp110011][Running/System Start] [mp110012 / mp110012][Running/Boot Start] <\SystemRoot\system32\drivers\mp110012.sys> [mp110013 / mp110013][Running/Boot Start] <\SystemRoot\system32\drivers\mp110013.sys> [mraid35x / mraid35x][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\mraid35x.sys> [Netgroup Packet Filter / NPF][Stopped/Manual Start] [nv / nv][Running/Manual Start] [p2pfilter / p2pfilter][Stopped/Manual Start] <\??\d:\Program Files\p2pover\p2pfilter.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [ql1080 / ql1080][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql1080.sys> [ql12160 / ql12160][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql12160.sys> [ql1280 / ql1280][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ql1280.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [SIS AGP Bus Filter / sisagp][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sisagp.sys> [Sparrow / Sparrow][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sparrow.sys> [SVKP / SVKP][Running/Auto Start] <\??\C:\WINDOWS\system32\SVKP.sys> [symc810 / symc810][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\symc810.sys> [symc8xx / symc8xx][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\symc8xx.sys> [sym_hi / sym_hi][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sym_hi.sys> [sym_u3 / sym_u3][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sym_u3.sys> [TKP / TKP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\5683> [ultra / ultra][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\ultra.sys> [VIA AGP Filter / viaagp1][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaagp1.sys> [viamraid / viamraid][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> [VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start] [videX32 / videX32][Running/Boot Start] <\SystemRoot\system32\DRIVERS\videX32.sys> [VMware Bridge Protocol / VMnetBridge][Running/Auto Start] [VMware Network Application Interface / VMnetuserif][Running/Auto Start] [VMware VMparport / VMparport][Running/Auto Start] [vmscsi / vmscsi][Stopped/Boot Start] <\SystemRoot\System32\Drivers\vmscsi.sys> [VMware Virtualization Driver / vmx86][Running/Auto Start] [Virtual PC Application Services / VPCAppSv][Running/Auto Start] [Virtual PC Emulated Ethernet Switch Driver / VPCNetS2][Running/Manual Start] ================================== 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [MiniFlashGetBHO] {C74E94A7-B7BD-4891-9328-455395BCC7AD} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [] {7B71B9D0-7A6B-4CD4-BFAD-A8852409A1D9} <, > [掌中影音伴侣] {C211C413-2833-44d5-8FE9-CBD8F2473FBE} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [XMedia 卡拉OK] {E9AE3247-63CB-4bb5-ACFF-953AA3B4797B} [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [] {03507A1A-E0C5-4404-AA26-205385C0892D} <, > [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [] {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} <, > [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [] {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, > [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [Microsoft Terminal Services Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Microsoft Terminal Services Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [] {7B71B9D0-7A6B-4CD4-BFAD-A8852409A1D9} <, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [Microsoft Terminal Services Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [] {B057BF9C-55B4-4AA4-938A-FE78617866B8} <, > [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [] {C211C413-2833-44D5-8FE9-CBD8F2473FBE} <, > [] {C2EB616C-BFB0-4361-A02C-588F869A0E97} <, > [MiniFlashGetBHO] {C74E94A7-B7BD-4891-9328-455395BCC7AD} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [] {E9AE3247-63CB-4BB5-ACFF-953AA3B4797B} <, > [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [&U使用纳米机器人下载并收藏] [&使用超级旋风下载] [&使用超级旋风下载全部链接] [Add to QQ Customized Emoticons] <, > [Add to QQ Customized Panel] <, > [Add to QQ Emotions] <, > [Send picture by MMS] <, > [Send Picture with QQ MMS] <, > [Upload to QQ Network Hard Disk] <, > [使用UUSee下载] [使用UUSee加速播放] [使用迅雷下载] [使用迅雷下载全部链接] [使用迷你快车下载] [使用迷你快车下载全部链接] [使用迷你快车下载该网页FLV] [复制到我的QQ记事本] [添加到QQ表情] [添加到广告杀手] <, > [添加到我的网易博客] ================================== 正在运行的进程 [PID: 724 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 804 / SYSTEM][\??\C:\WINDOWS\System32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 848 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 860 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 1036 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 1444 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 1704 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1956 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 208 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 392 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 456 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 276 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll] [N/A, ] [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\7-Zip\7-zip.dll] [Igor Pavlov, 4.60 beta] [C:\Program Files\Connectix\Connectix Virtual PC\VPCShExH.DLL] [, 1, 0, 0, 1] [C:\Program Files\PicaView 2.0\PicaView.dll] [ACD Systems, Ltd., 2, 0, 0, 84] [C:\Program Files\PicaView 2.0\IDE_ACDStd.apl] [ACD Systems, Ltd., 3,2,62,0] [C:\Program Files\PicaView 2.0\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\PicaView 2.0\msvcr71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\NamiRobot\Data\NamipanExt1.dll] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [PID: 1376 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 6, 20] [C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 1836 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9136] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 448 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 1676 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [PID: 2344 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 2748 / Administrator][C:\Program Files\Lenovo\IceBound\IceBound.exe] [LENOVO, 1, 0, 0, 1] [C:\PROGRA~1\Lenovo\IceBound\MagicCtl.ocx] [Ensurebit Co.,Ltd., 1, 0, 0, 1] [PID: 3480 / Administrator][C:\Program Files\360safe\360se\360Start.exe] [360安全中心 & 凤凰软件工作室, 1, 0, 1, 4] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 864 / Administrator][C:\PROGRA~1\360safe\360se\360SE.exe] [360安全中心 & 凤凰软件工作室, 1, 0, 2, 7] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 1, 3, 246, 201] [C:\Program Files\360safe\antispy.dll] [奇虎网, 4, 2, 0, 1004] [PID: 3960 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [PID: 2888 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREa8b9ba9b.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 1.2.10050] [C:\PROGRA~1\MICROS~1\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.6551] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [C:\WINDOWS\system32\winhlp32.exe %1] .INI Error. [Notepad2.ini] .INF Error. [Notepad2.inf] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn ------fs2you patch by vadera@pdahd.cn------ 59.63.157.25 www.fs2you.com 222.169.230.101 dyn.www.fs2you.com 59.32.232.195 file1.fs2you.com 222.169.230.98 file2.fs2you.com 221.204.246.79 file3.fs2you.com 61.150.85.80 file4.fs2you.com 60.2.139.27 file5.fs2you.com 61.184.189.10 file6.fs2you.com 61.174.62.132 file7.fs2you.com 58.211.75.49 file8.fs2you.com 61.134.84.238 file9.fs2you.com 61.156.40.181 file10.fs2you.com 218.75.151.4 file11.fs2you.com 58.211.75.31 file12.fs2you.com 124.94.101.133 file13.fs2you.com 221.204.246.115 file14.fs2you.com 218.75.151.10 file15.fs2you.com 58.218.209.126 file16.fs2you.com 61.157.152.173 file17.fs2you.com 125.46.41.27 file18.fs2you.com 125.91.11.223 file19.fs2you.com 59.53.48.134 file20.fs2you.com 59.53.48.136 file21.fs2you.com 59.53.48.144 file22.fs2you.com 61.139.106.204 file23.fs2you.com 59.53.48.172 file24.fs2you.com 124.94.101.146 file25.fs2you.com 61.166.111.227 file26.fs2you.com ------fs2you patch end------ ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 2748, C:\PROGRAM FILES\LENOVO\ICEBOUND\ICEBOUND.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3960, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]