[CODE] 2008-11-05,14:25:26 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been selected: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Running Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)] <"C:\Program Files\Kingsoft\Kingsoft Internet Security U\KPFW32.EXE" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"] <; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)] [NVIDIA Corporation] [NVIDIA Corporation] <"C:\Program Files\Kingsoft\Kingsoft Internet Security U\KAVStart.exe" -startup> [(Verified)KINGSOFT CORPORATION] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)] [(Verified)] [(Verified)] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{F6A454AE-156A-415E-9F89-3795677A8A91}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <アドレス帳 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <360Safebox><; "C:\Program Files\360Safebox\SafeBoxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DAEMON Tools Code Signing Services] <; "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] <; C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] ================================== Startup Folders [Microsoft Office] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]> ================================== Services [Apache2 / Apache2][Running/Auto Start] <"C:\Apache\Apache2\bin\Apache.exe" -k runservice> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start] [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security U\KPfwSvc.EXE"> [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security U\KWatch.EXE"> [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><> [MySQL / MySQL][Running/Auto Start] <"C:\Program Files\MySQL\MySQL Server 5.2\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.2\my.ini" MySQL><(File is missing)> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start] [sys / sys][Stopped/Auto Start] <(File is missing)> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> [Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start] <"C:\Program Files\Windows Media Player\WMPNetwk.exe"> [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start] %SystemRoot%\System32\WUDFSvc.dll> ================================== Drivers [19b5406 / 19b5406][Stopped/Manual Start] <\??\C:\WINDOWS\system32\19b5406.sys> [aeaudio / aeaudio][Running/Manual Start] [aliimz / aliimz][Stopped/Manual Start] [Audsub3 / Audsub3][Running/Auto Start] <\??\C:\WINDOWS\SYSTEM32\Drivers\Audsub3.sys> [ca99d57 / ca99d57][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ca99d57.sys> [d347bus / d347bus][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\d347bus.sys><> [d347prt / d347prt][Stopped/Boot Start] <\SystemRoot\System32\Drivers\d347prt.sys><> [Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start] [fcdabus / fcdabus][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\fcdabus.sys> [RamDisk Drive Service / fsRamDsk][Stopped/Manual Start] [FVDSCSI / FVDSCSI][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\fvdscsi.sys> [HBKernel32 Driver / HBKernel32][Stopped/Boot Start] <\SystemRoot\system32\drivers\HBKernel32.sys> [ialm / ialm][Running/Manual Start] [KAVBase / KAVBase][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys> [KAVBootC / KAVBootC][Running/Boot Start] <\SystemRoot\system32\Drivers\KAVBootC.sys> [KNetWch / KNetWch][Running/System Start] <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security U\KNetWch.SYS> [KWatch3 / KWatch3][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS> [nv / nv][Running/Manual Start] [OMCI / OMCI][Running/System Start] <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [smwdm / smwdm][Running/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start] [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] ================================== Browser Add-ons [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [Yahoo!ツールバーフィッシング警告] {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} [Skype add-on (mastermind)] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [Windows Live サインイン ヘルパー] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [Yahoo!ツールバーヘルパー] {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [Skype add-on (button)] {77BF5300-1474-4EC7-9980-D32B190E9B07} [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Yahoo!ツールバー] {AEF44653-C059-42CB-A5B7-41C640DA4A67} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [DAEMON Tools Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [HGPluginJP23 Class] {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <, > [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [] {03507A1A-E0C5-4404-AA26-205385C0892D} <, > [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [Yahoo!ツールバーフィッシング警告] {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} [Skype add-on (mastermind)] {22BF413B-C6D2-4D91-82A9-A0F997BA588C} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\SYSTEM32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [] {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, > [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [DAEMON Tools Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [] {48FE89A0-486C-48DF-9DEC-BED22BDC6057} <, > [] {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <, > [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Skype add-on (button)] {77BF5300-1474-4EC7-9980-D32B190E9B07} [] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, > [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Windows Live サインイン ヘルパー] {9030D464-4C02-4ABF-8ECC-5164760863C6} [] {95B3F550-91C4-4627-BCC4-521288C52977} <, > [] {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, > [] {A986E409-30CC-4185-89BB-AB212C104524} <, > [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, > [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Yahoo!ツールバー] {AEF44653-C059-42CB-A5B7-41C640DA4A67} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, > [] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, > [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [Yahoo!ツールバーヘルパー] {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} [Thunder DapCtrl] {EF1EA76E-5428-4e40-85A1-D4DD2893183A} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, > [] {F6A454AE-156A-415E-9F89-3795677A8A91} <, > [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [Bookshelfで検索(&L)] [Yahoo!ツールバーに追加] [Yahoo!検索で検索] [オシウオアヌーメウオスウャミヌヤトタタニ・&A)] [オシウム。ヨミイソキヨオスウャミヌヤトタタニ・&S)] ================================== Running Processes [PID: 568][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 652][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 676][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC] [Microsoft Corporation, 8.1.4202.0] [PID: 720][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 732][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 980][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1104][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1484][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC] [Microsoft Corporation, 8.1.4202.0] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9424] [C:\WINDOWS\system32\NVRSJA.DLL] [NVIDIA Corporation, 6.14.10.9424] [C:\WINDOWS\system32\nvapi.dll] [N/A, ] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342] [C:\WINDOWS\system32\nvshell.dll] [, ] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Kingsoft\Kingsoft Internet Security U\KAVEXT.DLL] [Kingsoft Corporation, 2008,04,15,20] [C:\Program Files\EditPlus 2\eppshell.dll] [N/A, ] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho] [N/A, ] [C:\Program Files\Yahoo!J\Toolbar\7_0_0_11\Modules\ypho.dll] [Yahoo Japan Corporation. , 1.0.0.7] [C:\Program Files\Yahoo!J\Toolbar\7_0_0_11\Modules\YahooToolBar.dll] [Yahoo! JAPAN, 2008, 4, 11, 0] [C:\Program Files\Yahoo!J\Toolbar\7_0_0_11\Modules\YJImage.dll] [Yahoo! JAPAN, 7, 0, 0, 1] [PID: 1548][C:\Apache\Apache2\bin\Apache.exe] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\bin\libapr.dll] [Apache Software Foundation, 0.9.12] [C:\Apache\Apache2\bin\libaprutil.dll] [Apache Software Foundation, 0.9.12] [C:\Apache\Apache2\bin\libapriconv.dll] [Apache Software Foundation, 0.9.7] [C:\Apache\Apache2\bin\libhttpd.dll] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_access.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_actions.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_alias.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_asis.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_auth.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_cgi.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_dir.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_env.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_imap.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_include.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_isapi.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_log_config.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_mime.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_userdir.so] [Apache Software Foundation, 2.0.59] [C:\PHP\php5apache2.dll] [The PHP Group, 5.2.3.3] [C:\WINDOWS\system32\php5ts.dll] [The PHP Group, 5.2.3.3] [PID: 1600][C:\Program Files\MySQL\MySQL Server 5.2\bin\mysqld-nt.exe] [N/A, ] [PID: 1640][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9424] [C:\WINDOWS\system32\nvapi.dll] [N/A, ] [PID: 1696][C:\Apache\Apache2\bin\Apache.exe] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\bin\libapr.dll] [Apache Software Foundation, 0.9.12] [C:\Apache\Apache2\bin\libaprutil.dll] [Apache Software Foundation, 0.9.12] [C:\Apache\Apache2\bin\libapriconv.dll] [Apache Software Foundation, 0.9.7] [C:\Apache\Apache2\bin\libhttpd.dll] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_access.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_actions.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_alias.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_asis.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_auth.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_cgi.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_dir.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_env.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_imap.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_include.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_isapi.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_log_config.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_mime.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.59] [C:\Apache\Apache2\modules\mod_userdir.so] [Apache Software Foundation, 2.0.59] [C:\PHP\php5apache2.dll] [The PHP Group, 5.2.3.3] [C:\WINDOWS\system32\php5ts.dll] [The PHP Group, 5.2.3.3] [PID: 1468][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 6] [PID: 2168][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.9424] [C:\WINDOWS\system32\nvapi.dll] [N/A, ] [C:\WINDOWS\system32\NVRSJA.DLL] [NVIDIA Corporation, 6.14.10.9424] [PID: 2188][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 5, 0, 0, 1002] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 3, 0, 1003] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001] [C:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1028] [PID: 2224][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3076][C:\WINDOWS\system32\locator.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3216][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.17: 2008082909] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.8] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.9.0 Basic ECC] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.9.0 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.9.0 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial] [C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2pjn6lul.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll] [N/A, ] [C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2pjn6lul.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll] [N/A, ] [C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2pjn6lul.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll] [N/A, ] [C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2pjn6lul.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll] [N/A, ] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.65] [C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC] [Microsoft Corporation, 8.1.4202.0] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.17: 2008082909] [C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll] [, 1, 0, 0, 1] [PID: 4044][E:\Xunlei\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [PID: 4064][E:\Xunlei\SREcafab690.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC] [Microsoft Corporation, 8.1.4202.0] [E:\Xunlei\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [E:\Xunlei\Plugins\NTFSTREAM.SRE] [Smallfrogs Studio, 1, 0, 0, 5] [C:\WINDOWS\system32\asfsipc.dll] [Microsoft Corporation, 1.1.00.3917] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 v.onondown.com.cn 127.0.0.2 ymsdasdw1.cn 127.0.0.3 h96b.info 127.0.0.0 fuck.zttwp.cn 127.0.0.0 www.hackerbf.cn 127.0.0.0 geekbyfeng.cn 127.0.0.0 ppp.etimes888.com 127.0.0.0 www.bypk.com 127.0.0.1 va9sdhun23.cn 127.0.0.2 bnasnd83nd.cn 127.0.0.0 www.gamehacker.com.cn 127.0.0.0 gamehacker.com.cn 127.0.0.3 adlaji.cn 127.0.0.1 858656.com 127.1.1.1 bnasnd83nd.cn 127.0.0.1 my123.com 127.0.0.0 user1.12-27.net 127.0.0.1 8749.com 127.0.0.0 fengent.cn 127.0.0.1 4199.com 127.0.0.1 user1.16-22.net 127.0.0.1 7379.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 127.0.0.1 7255.com 127.0.0.1 user1.23-12.net 127.0.0.1 3448.com 127.0.0.1 www.guccia.net 127.0.0.1 7939.com 127.0.0.1 a.o1o1o1.nEt 127.0.0.1 8009.com 127.0.0.1 user1.12-73.cn 127.0.0.1 piaoxue.com 127.0.0.1 3n8nlasd.cn 127.0.0.1 kzdh.com 127.0.0.0 www.sony888.cn 127.0.0.1 about.blank.la 127.0.0.0 user1.asp-33.cn 127.0.0.1 6781.com 127.0.0.0 www.netkwek.cn 127.0.0.1 7322.com 127.0.0.0 ymsdkad6.cn 127.0.0.1 localhost 127.0.0.0 www.lkwueir.cn 127.0.0.1 06.jacai.com 127.0.1.1 user1.23-17.net 127.0.0.1 1.jopenkk.com 127.0.0.0 upa.luzhiai.net 127.0.0.1 1.jopenqc.com 127.0.0.0 www.guccia.net 127.0.0.1 1.joppnqq.com 127.0.0.0 4m9mnlmi.cn 127.0.0.1 1.xqhgm.com 127.0.0.0 mm119mkssd.cn 127.0.0.1 100.332233.com 127.0.0.0 61.128.171.115:8080 127.0.0.1 121.11.90.79 127.0.0.0 www.1119111.com 127.0.0.1 121565.net 127.0.0.0 win.nihao69.cn 127.0.0.1 125.90.88.38 127.0.0.1 16888.6to23.com 127.0.0.1 2.joppnqq.com 127.0.0.0 puc.lianxiac.net 127.0.0.1 204.177.92.68 127.0.0.0 pud.lianxiac.net 127.0.0.1 210.74.145.236 127.0.0.0 210.76.0.133 127.0.0.1 219.129.239.220 127.0.0.0 61.166.32.2 127.0.0.1 219.153.40.221 127.0.0.0 218.92.186.27 127.0.0.1 219.153.46.27 127.0.0.0 www.fsfsfag.cn 127.0.0.1 219.153.52.123 127.0.0.0 ovo.ovovov.cn 127.0.0.1 221.195.42.71 127.0.0.0 dw.com.com 127.0.0.1 222.73.218.115 127.0.0.1 203.110.168.233:80 127.0.0.1 3.joppnqq.com 127.0.0.1 203.110.168.221:80 127.0.0.1 363xx.com 127.0.0.1 www1.ip10086.com.cm 127.0.0.1 4199.com 127.0.0.1 blog.ip10086.com.cn 127.0.0.1 43242.com 127.0.0.1 www.ccji68.cn 127.0.0.1 5.xqhgm.com 127.0.0.0 t.myblank.cn 127.0.0.1 520.mm5208.com 127.0.0.0 x.myblank.cn 127.0.0.1 59.34.131.54 127.0.0.1 210.51.45.5 127.0.0.1 59.34.198.228 127.0.0.1 www.ew1q.cn 127.0.0.1 59.34.198.88 127.0.0.1 59.34.198.97 127.0.0.1 60.190.114.101 127.0.0.1 60.190.218.34 127.0.0.0 qq-xing.com.cn 127.0.0.1 60.191.124.252 127.0.0.1 61.145.117.212 127.0.0.1 61.157.109.222 127.0.0.1 75.126.3.216 127.0.0.1 75.126.3.217 127.0.0.1 75.126.3.218 127.0.0.0 59.125.231.177:17777 127.0.0.1 75.126.3.220 127.0.0.1 75.126.3.221 127.0.0.1 75.126.3.222 127.0.0.1 772630.com 127.0.0.1 832823.cn 127.0.0.1 8749.com 127.0.0.1 888.jopenqc.com 127.0.0.1 89382.cn 127.0.0.1 8v8.biz 127.0.0.1 97725.com 127.0.0.1 9gg.biz 127.0.0.1 www.9000music.com 127.0.0.1 test.591jx.com 127.0.0.1 a.topxxxx.cn 127.0.0.1 picon.chinaren.com 127.0.0.1 www.5566.net 127.0.0.1 p.qqkx.com 127.0.0.1 news.netandtv.com 127.0.0.1 z.neter888.cn 127.0.0.1 b.myblank.cn 127.0.0.1 wvw.wokutu.com 127.0.0.1 unionch.qyule.com 127.0.0.1 www.qyule.com 127.0.0.1 it.itjc.cn 127.0.0.1 www.linkwww.com 127.0.0.1 vod.kaicn.com 127.0.0.1 www.tx8688.com 127.0.0.1 b.neter888.cn 127.0.0.1 promote.huanqiu.com 127.0.0.1 www.huanqiu.com 127.0.0.1 www.haokanla.com 127.0.0.1 play.unionsky.cn 127.0.0.1 www.52v.com 127.0.0.1 www.gghka.cn 127.0.0.1 icon.ajiang.net 127.0.0.1 new.ete.cn 127.0.0.1 www.stiae.cn 127.0.0.1 o.neter888.cn 127.0.0.1 comm.jinti.com 127.0.0.1 www.google-analytics.com 127.0.0.1 hz.mmstat.com 127.0.0.1 www.game175.cn 127.0.0.1 x.neter888.cn 127.0.0.1 z.neter888.cn 127.0.0.1 p.etimes888.com 127.0.0.1 hx.etimes888.com 127.0.0.1 abc.qqkx.com 127.0.0.1 dm.popdm.cn 127.0.0.1 www.yl9999.com 127.0.0.1 www.dajiadoushe.cn 127.0.0.1 v.onondown.com.cn 127.0.0.1 www.interoo.net 127.0.0.1 bally1.bally-bally.net 127.0.0.1 www.bao5605509.cn 127.0.0.1 www.rty456.cn 127.0.0.1 www.werqwer.cn 127.0.0.1 1.360-1.cn 127.0.0.1 user1.23-16.net 127.0.0.1 www.guccia.net 127.0.0.1 www.interoo.net 127.0.0.1 upa.netsool.net 127.0.0.1 js.users.51.la 127.0.0.1 vip2.51.la 127.0.0.1 web.51.la 127.0.0.1 qq.gong2008.com 127.0.0.1 2008tl.copyip.com 127.0.0.1 tla.laozihuolaile.cn 127.0.0.1 www.tx6868.cn 127.0.0.1 p001.tiloaiai.com 127.0.0.1 s1.tl8tl.com 127.0.0.1 s1.gong2008.com 127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com ================================== Process Privileges Scan Special Privileges Enabled: SeLoadDriverPrivilege [PID = 676, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 732, C:\WINDOWS\SYSTEM32\LSASS.EXE] Special Privileges Enabled: SeSystemtimePrivilege [PID = 900, C:\WINDOWS\SYSTEM32\SVCHOST.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1484, C:\WINDOWS\EXPLORER.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1640, C:\WINDOWS\SYSTEM32\NVSVC32.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2168, C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2224, C:\WINDOWS\SYSTEM32\CTFMON.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 4044, E:\XUNLEI\SRENGLDR.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE]