¾Ñ½£(V2008)-ϵͳÌå¼ì¼Ç¼ ¾Ñ½£ÏÂÔصØÖ·£ºhttp://www.ZhuLinFeng.com/ ====================================================== ²Ù×÷ϵͳ£ºWindows 2003 °æ±¾ºÅ£º5.2.3790.2 (Service Pack 2) ====================================================== SSDT£­HOOK£º ÐòºÅ£º12 º¯Êý£ºNtAdjustPrivilegesToken Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º18 º¯Êý£ºNtAllocateVirtualMemory Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º21 º¯Êý£ºNtAssignProcessToJobObject Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º43 º¯Êý£ºNtCreateKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º45 º¯Êý£ºNtCreateMutant Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º49 º¯Êý£ºNtCreateProcess Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º50 º¯Êý£ºNtCreateProcessEx Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º52 º¯Êý£ºNtCreateSection Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º54 º¯Êý£ºNtCreateSymbolicLinkObject Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º55 º¯Êý£ºNtCreateThread Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º59 º¯Êý£ºNtDebugActiveProcess Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º66 º¯Êý£ºNtDeleteKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º68 º¯Êý£ºNtDeleteValueKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º71 º¯Êý£ºNtDuplicateObject Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º101 º¯Êý£ºNtLoadDriver Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º108 º¯Êý£ºNtLockVirtualMemory Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º125 º¯Êý£ºNtOpenKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º128 º¯Êý£ºNtOpenProcess Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º131 º¯Êý£ºNtOpenSection Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º134 º¯Êý£ºNtOpenThread Ä£¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys HOOKÀàÐÍ£ºINLINE-HOOK ÐòºÅ£º143 º¯Êý£ºNtProtectVirtualMemory Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º151 º¯Êý£ºNtQueryDirectoryFile Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º181 º¯Êý£ºNtQuerySystemInformation Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º185 º¯Êý£ºNtQueryValueKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º188 º¯Êý£ºNtQueueApcThread Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º200 º¯Êý£ºNtRenameKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º208 º¯Êý£ºNtRequestWaitReplyPort Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º212 º¯Êý£ºNtRestoreKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º221 º¯Êý£ºNtSetContextThread Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º237 º¯Êý£ºNtSetInformationProcess Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º246 º¯Êý£ºNtSetSecurityObject Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º249 º¯Êý£ºNtSetSystemInformation Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º251 º¯Êý£ºNtSetSystemTime Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º256 º¯Êý£ºNtSetValueKey Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º262 º¯Êý£ºNtSuspendProcess Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º263 º¯Êý£ºNtSuspendThread Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º264 º¯Êý£ºNtSystemDebugControl Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º266 º¯Êý£ºNtTerminateProcess Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º267 º¯Êý£ºNtTerminateThread Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º277 º¯Êý£ºNtUnmapViewOfSection Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ÐòºÅ£º287 º¯Êý£ºNtWriteVirtualMemory Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys HOOKÀàÐÍ£ºHOOK ====================================================== FSD£­HOOK£º ÐòºÅ£º0 IRP£ºIRP_MJ_CREATE HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º2 IRP£ºIRP_MJ_CLOSE HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º4 IRP£ºIRP_MJ_WRITE HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º6 IRP£ºIRP_MJ_SET_INFORMATION HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º13 IRP£ºIRP_MJ_FILE_SYSTEM_CONTROL HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º18 IRP£ºIRP_MJ_CLEANUP HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ÐòºÅ£º21 IRP£ºIRP_MJ_SET_SECURITY HOOKÄ£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys INLINE-HOOKÄ£¿é£º ====================================================== Îļþ¹ýÂËϵͳÇý¶¯£º Îļþϵͳ£º\Driver\qutmdserv¡¡Îļþ£ºC:\WINDOWS\system32\drivers\qutmdrv.sys Îļþϵͳ£º\FileSystem\FltMgr¡¡Îļþ£ºsystem32\DRIVERS\fltMgr.sys Îļþϵͳ£º\FileSystem\Ntfs¡¡Îļþ£ºC:\WINDOWS\system32\drivers\Ntfs.sys ====================================================== ÄÚºËInline-HOOK£º Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtOpenProcess Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtOpenThread Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtCreateThread Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtCreateProcessEx Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtTerminateProcess Ìøתģ¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Inline-º¯Êý£ºNtTerminateThread ====================================================== API-HOOK: ÎÞ ====================================================== ÎÞ΢ÈíÇ©Ãû½ø³Ì£º ½ø³Ì£ºE:\IceSword122cn\IceSword122cn\IceSword.exe ½ø³Ì£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe ½ø³Ì£ºC:\Program Files\ser-u\ServUDaemon.exe ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.KDSvrMgrHost.exe ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.BkgSvcHost.exe ½ø³Ì£ºC:\Program Files\Symantec\pcAnywhere\awhost32.exe ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\KDSvrMgrService.exe ½ø³Ì£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe ½ø³Ì£ºC:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe ½ø³Ì£ºE:\¾Ñ½£V2008-0429\SnipeSword.exe ½ø³Ì£ºsystem ====================================================== ÎÞ΢ÈíÇ©ÃûÄ£¿é ½ø³Ì£ºC:\WINDOWS\System32\WScript.exe Ä£¿é£ºC:\Program Files\Rising\Ris\RavScrCh.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\safemon.dll ½ø³Ì£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL Ä£¿é£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL Ä£¿é£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll Ä£¿é£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll Ä£¿é£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll ½ø³Ì£ºC:\Program Files\ser-u\ServUDaemon.exe Ä£¿é£ºC:\Program Files\ser-u\ssleay32.DLL Ä£¿é£ºC:\Program Files\ser-u\libeay32.DLL Ä£¿é£ºC:\Program Files\ser-u\RhinoNET.dll Ä£¿é£ºC:\Program Files\ser-u\MSVCP71.dll Ä£¿é£ºC:\Program Files\ser-u\zlib1.dll ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.KDSvrMgrHost.exe Ä£¿é£ºC:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\28cee07c1277b35abcb83560cd8c677c\System.Xml.ni.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b27681770aa3d878fe5e7cfc2804656\System.Configuration.ni.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.COMMON.dll Ä£¿é£ºC:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\288044f77c184ff68e0200f762c395f4\System.Data.ni.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.IKDSvrMgr.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.VBKDSvrMgr.dll Ä£¿é£ºC:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7c95f4d3cbeb0dd34d76358bbec3047\System.ServiceProcess.ni.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Ä£¿é£ºC:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_B80FA8CA\MSVCR80.dll Ä£¿é£ºC:\WINDOWS\system32\mscoree.dll ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.BkgSvcHost.exe Ä£¿é£ºC:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.COMMON.dll Ä£¿é£ºC:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll Ä£¿é£ºC:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\28cee07c1277b35abcb83560cd8c677c\System.Xml.ni.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b27681770aa3d878fe5e7cfc2804656\System.Configuration.ni.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.IBkgSvc.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.BkgSvc.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7c95f4d3cbeb0dd34d76358bbec3047\System.ServiceProcess.ni.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll Ä£¿é£ºC:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Ä£¿é£ºC:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_B80FA8CA\MSVCR80.dll Ä£¿é£ºC:\WINDOWS\system32\mscoree.dll ½ø³Ì£ºC:\WINDOWS\system32\inetsrv\inetinfo.exe Ä£¿é£ºC:\WINDOWS\system32\msi.dll ½ø³Ì£ºC:\Program Files\Symantec\pcAnywhere\awhost32.exe Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awlog32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\snmputil.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\libsnmp.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AwioResources.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awres-host.dll Ä£¿é£ºC:\Program Files\Common Files\Symantec Shared\ehandres.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awRes-all.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWHXPRB.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWHPROBEDLL.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWDSP32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWHK32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awcp.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\TrayIcon.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\pcaime.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awtime32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWSES32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\crypto.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\AWDS32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awcm32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awofrwrk.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awio.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awgui32.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\PowerMgr.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\dundata.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\InstData.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL Ä£¿é£ºC:\Program Files\Symantec\pcAnywhere\Util.dll ½ø³Ì£ºC:\Program Files\Rising\AntiSpyware\rstray.exe Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\pscan.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\MFC71.DLL Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\ProcCom.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RsCommX2.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\runiep.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\NComm.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\pngdll.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\rsxml1.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\comx3.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\rscommon.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\ComServ.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\MSVCP71.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\Syslay.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RsXML.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\rsmginfo.dll ½ø³Ì£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll Ä£¿é£ºC:\WINDOWS\system32\mscoree.dll Ä£¿é£ºC:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_B80FA8CA\MSVCR80.dll ½ø³Ì£ºC:\WINDOWS\msagent\AgentSvr.exe Ä£¿é£ºC:\WINDOWS\system32\msi.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\safemon.dll ½ø³Ì£ºC:\WINDOWS\system32\spoolsv.exe Ä£¿é£ºC:\WINDOWS\system32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll Ä£¿é£ºC:\WINDOWS\system32\awmon.dll ½ø³Ì£ºC:\Program Files\360\360safe\safemon\360Tray.exe Ä£¿é£ºC:\Program Files\360\360safe\360P2SP.dll Ä£¿é£ºC:\Program Files\360\360safe\360net.dll Ä£¿é£ºC:\Program Files\360\360safe\LiveUpd360.dll Ä£¿é£ºC:\Program Files\360\360safe\netmon\360netctrl.dll Ä£¿é£ºC:\Program Files\360\360safe\360ver.dll Ä£¿é£ºC:\Program Files\360\360safe\pdown.dll Ä£¿é£ºC:\Program Files\360\360safe\SafeLive.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\urlproc.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\safemon.dll Ä£¿é£ºC:\Program Files\360\360safe\deepscan\qutmload.dll Ä£¿é£ºC:\Program Files\360\360safe\ipc\qutmipc.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\netmon.tpi Ä£¿é£ºC:\Program Files\360\360safe\safemon\netm.tpi Ä£¿é£ºC:\Program Files\360\360safe\safemon\360safemonpro.tpi Ä£¿é£ºC:\Program Files\360\360safe\safemon\360traylive.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\360webpro.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\360compro.dll Ä£¿é£ºC:\Program Files\360\360safe\ipc\appd.dll Ä£¿é£ºC:\Program Files\360\360safe\ipc\yhregd.dll Ä£¿é£ºC:\Program Files\360\360safe\ipc\ipcservice.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll ½ø³Ì£ºC:\Program Files\Rising\Ris\RsTray.exe Ä£¿é£ºC:\Program Files\Rising\Ris\rfwlog.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanPrxy.dll Ä£¿é£ºC:\Program Files\Rising\Ris\PngDll.dll Ä£¿é£ºC:\Program Files\Rising\Ris\CfgDll.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RSAPPMGR.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ravppops.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scanleak.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsmginfo.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwtray.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RavITray.dll Ä£¿é£ºC:\Program Files\Rising\Ris\MonTray.dll Ä£¿é£ºC:\Program Files\Rising\Ris\mruleui.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ravbintl.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsnetsvr.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rspalvd.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwrule.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsconf.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsguilib.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanEvnt.dll Ä£¿é£ºC:\Program Files\Rising\Ris\MonState.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsxml.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ProcComm.dll Ä£¿é£ºC:\Program Files\Rising\Ris\comx3.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Syslay.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rslang.dll Ä£¿é£ºC:\Program Files\Rising\Ris\comserv.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll ½ø³Ì£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\KDSvrMgrService.exe Ä£¿é£ºC:\WINDOWS\system32\msi.dll Ä£¿é£ºC:\WINDOWS\system32\VB6CHS.DLL Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\KDSvrMgrHandleImp.dll ½ø³Ì£ºC:\WINDOWS\System32\svchost.exe Ä£¿é£ºC:\WINDOWS\System32\msi.dll ½ø³Ì£ºC:\WINDOWS\system32\winlogon.exe Ä£¿é£ºC:\WINDOWS\system32\PCANotify.dll ½ø³Ì£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe Ä£¿é£ºC:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\SSnmPN70.dll Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll Ä£¿é£ºC:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\ums.dll Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\sqlsort.dll Ä£¿é£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\opends60.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll ½ø³Ì£ºC:\WINDOWS\System32\svchost.exe Ä£¿é£ºC:\WINDOWS\System32\msi.dll ½ø³Ì£ºC:\Program Files\Rising\Ris\RegGuide.exe Ä£¿é£ºC:\WINDOWS\system32\msi.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanPrxy.dll Ä£¿é£ºC:\Program Files\Rising\Ris\comx3.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Syslay.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ProcComm.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll ½ø³Ì£ºC:\Program Files\Rising\Ris\RavMonD.exe Ä£¿é£ºC:\Program Files\Rising\Ris\ur025.dat Ä£¿é£ºC:\Program Files\Rising\Ris\ScanStub.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanRavT.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanBT.dll Ä£¿é£ºC:\Program Files\Rising\Ris\extmail.dll Ä£¿é£ºC:\Program Files\Rising\Ris\posttrt.dll Ä£¿é£ºC:\Program Files\Rising\Ris\urutils.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ur023.dat Ä£¿é£ºC:\Program Files\Rising\Ris\pecompd.dll Ä£¿é£ºC:\Program Files\Rising\Ris\heurex.dll Ä£¿é£ºC:\Program Files\Rising\Ris\revm.dll Ä£¿é£ºC:\Program Files\Rising\Ris\methodex.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scantj.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scanpe.dll Ä£¿é£ºC:\Program Files\Rising\Ris\pearc.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scansct.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scanex.dll Ä£¿é£ºC:\Program Files\Rising\Ris\unexe.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scanexec.dll Ä£¿é£ºC:\Program Files\Rising\Ris\nvfile.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ffr.dll Ä£¿é£ºC:\Program Files\Rising\Ris\extsfx.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanSrv.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsstub.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rstask.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ScanAdd.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Scanner.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RSStore.dll Ä£¿é£ºC:\Program Files\Rising\Ris\bawhite.dll Ä£¿é£ºC:\Program Files\Rising\Ris\BACore.dll Ä£¿é£ºC:\Program Files\Rising\Ris\HookCont.dll Ä£¿é£ºC:\Program Files\Rising\Ris\ProcCom.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RsCommX2.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Hooksys.dll Ä£¿é£ºC:\Program Files\Rising\Ris\CfgDll.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RSAPPMGR.dll Ä£¿é£ºC:\Program Files\Rising\Ris\proccomm.dll Ä£¿é£ºC:\Program Files\Rising\Ris\cnt08.dll Ä£¿é£ºC:\Program Files\Rising\Ris\scansrvp.dll Ä£¿é£ºC:\Program Files\Rising\Ris\taskplug.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsindent.dll Ä£¿é£ºC:\Program Files\Rising\Ris\NComm.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwproxy.dll Ä£¿é£ºC:\Program Files\Rising\Ris\urllib.dll Ä£¿é£ºC:\Program Files\Rising\Ris\relibldr.dll Ä£¿é£ºC:\Program Files\Rising\Ris\comx3.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rsnetsvr.dll Ä£¿é£ºC:\Program Files\Rising\Ris\viruslib.dll Ä£¿é£ºC:\Program Files\Rising\Ris\refs.dll Ä£¿é£ºC:\Program Files\Rising\Ris\recomp.dll Ä£¿é£ºC:\Program Files\Rising\Ris\urlrule.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RfwArp.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Rfwdrv.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwdrvc.dll Ä£¿é£ºC:\Program Files\Rising\Ris\mPorts.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwsrv.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Syslay.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwrule.dll Ä£¿é£ºC:\Program Files\Rising\Ris\rfwlog.dll Ä£¿é£ºC:\Program Files\Rising\Ris\HookWeb.dll Ä£¿é£ºC:\Program Files\Rising\Ris\MailMon.dll Ä£¿é£ºC:\Program Files\Rising\Ris\FileMon.dll Ä£¿é£ºC:\Program Files\Rising\Ris\MonRule.dll Ä£¿é£ºC:\Program Files\Rising\Ris\moncom08.dll Ä£¿é£ºC:\Program Files\Rising\Ris\defmon.dll Ä£¿é£ºC:\Program Files\Rising\Ris\mondrv.dll Ä£¿é£ºC:\Program Files\Rising\Ris\Rslog.dll Ä£¿é£ºC:\Program Files\Rising\Ris\MonBase.dll Ä£¿é£ºC:\Program Files\Rising\Ris\moncomm.dll Ä£¿é£ºC:\Program Files\Rising\Ris\cnt09.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll Ä£¿é£ºC:\Program Files\Rising\Ris\combase.dll ½ø³Ì£ºC:\WINDOWS\system32\dllhost.exe Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\KDVerifyContent.dll Ä£¿é£ºC:\WINDOWS\system32\DBmsLPCn.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\kfo10.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KFOX.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\SENSE4.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDVBF.dll Ä£¿é£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\MtsCacheService.dll Ä£¿é£ºC:\WINDOWS\system32\msi.dll Ä£¿é£ºC:\WINDOWS\system32\VB6CHS.DLL Ä£¿é£ºC:\PROGRAM FILES\KINGDEE\K3ERP\K3EXPRESS\KDSYSTEM\KDCOM\Kdsvrmgr.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\safemon.dll ½ø³Ì£ºC:\WINDOWS\Explorer.EXE Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\zh-CHS\ShFusRes.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll Ä£¿é£ºC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll Ä£¿é£ºC:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_B80FA8CA\MSVCR80.dll Ä£¿é£ºC:\WINDOWS\system32\dfshim.dll Ä£¿é£ºC:\WINDOWS\system32\mscoree.dll Ä£¿é£ºC:\Program Files\Rising\Ris\RavScrCh.dll Ä£¿é£ºC:\WINDOWS\system32\MSVCP71.dll Ä£¿é£ºC:\ftc2010\FTCCommenu.dll Ä£¿é£ºC:\WINDOWS\system32\KakaExt.dll Ä£¿é£ºC:\WINDOWS\system32\RavExt.dll Ä£¿é£ºC:\Program Files\WinRAR\rarext.dll Ä£¿é£ºC:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Ä£¿é£ºC:\Program Files\Haali\MatroskaSplitter\mkunicode.dll Ä£¿é£ºC:\WINDOWS\system32\msi.dll Ä£¿é£ºC:\Program Files\Rising\AntiSpyware\RegCall.dll Ä£¿é£ºC:\Program Files\360\360safe\safemon\safemon.dll ½ø³Ì£ºC:\Program Files\360\360safe\deepscan\zhudongfangyu.exe Ä£¿é£ºC:\Program Files\360\360safe\deepscan\qutmload.dll Ä£¿é£ºC:\Program Files\360\360safe\SoftMgr\360SoftMgrS.dll ====================================================== ÎÞÇ©Ãû×ÔÆô¶¯Ïî(°üº¬ÁËIE½Ù³Ö¡¢·þÎñ¡¢SPIµÈ)£º Ãû³Æ£º ×¢²á¼ü£º¡ô Task ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º360Delay ×¢²á¼ü£ºC:\WINDOWS\Tasks\ ×¢²áÖµ£ºC:\WINDOWS\Tasks\360Delay Àà±ð£º10 Ãû³Æ£º360Disabled ×¢²á¼ü£ºC:\WINDOWS\Tasks\ ×¢²áÖµ£ºC:\WINDOWS\Tasks\360Disabled Àà±ð£º10 Ãû³Æ£ºSchedLgU.Txt ×¢²á¼ü£ºC:\WINDOWS\Tasks\ ×¢²áÖµ£ºC:\WINDOWS\Tasks\SchedLgU.Txt Àà±ð£º10 Ãû³Æ£º ×¢²á¼ü£º¡ô Logon ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºUserinit ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ×¢²áÖµ£º? Àà±ð£º19 Ãû³Æ£ºUserinit ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ×¢²áÖµ£ºÿÿ)Å•|mÆ•| Àà±ð£º19 Ãû³Æ£ºUserinit ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ×¢²áÖµ£ºC:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Tasks\conime.exe Àà±ð£º19 Ãû³Æ£º ×¢²á¼ü£º¡ô Logon¡¡Run ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º ×¢²á¼ü£º¡ô Logon Startup ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º·þÎñ¹ÜÀíÆ÷.lnk ×¢²á¼ü£ºC:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\ ×¢²áÖµ£ºC:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\·þÎñ¹ÜÀíÆ÷.lnk Àà±ð£º10 Ãû³Æ£º ×¢²á¼ü£º¡ô Serivce And Drivers ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºAFD ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º\SystemRoot\System32\drivers\afd.sys Àà±ð£º21 Ãû³Æ£ºawhost32 ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\Symantec\pcAnywhere\awhost32.exe Àà±ð£º21 Ãû³Æ£ºawlegacy ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º\SystemRoot\System32\Drivers\awlegacy.sys Àà±ð£º21 Ãû³Æ£ºAW_HOST ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºsystem32\drivers\aw_host5.sys Àà±ð£º21 Ãû³Æ£ºChanger ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\Changer.sys Àà±ð£º21 Ãû³Æ£ºFTCkillfile ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºSystem32\Drivers\FTCkillfile.sys Àà±ð£º21 Ãû³Æ£ºGernuwa ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\Gernuwa.sys Àà±ð£º21 Ãû³Æ£ºi2omgmt ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\i2omgmt.sys Àà±ð£º21 Ãû³Æ£ºidsvc ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Àà±ð£º21 Ãû³Æ£ºIpInIp ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºsystem32\DRIVERS\ipinip.sys Àà±ð£º21 Ãû³Æ£ºK3MobileService ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºD:\Program Files\Kingdee\K3ERP\K3Express\K3MobileService.exe Àà±ð£º21 Ãû³Æ£ºKDBackgroundService ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º"C:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\BIN\Kingdee.K3.PUBLIC.BkgSvcHost.exe" Àà±ð£º21 Ãû³Æ£ºKDDelegateService ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDDelegateService.exe Àà±ð£º21 Ãû³Æ£ºKDSvrMgr ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º"C:\Program Files\Kingdee\K3ERP\K3Express\K3NetSite\App_Data\Kingdee.K3.PUBLIC.KDSvrMgrHost.exe" Àà±ð£º21 Ãû³Æ£ºKDSvrMgrService ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\Kingdee\K3ERP\K3Express\KDSYSTEM\KDCOM\KDSvrMgrService.exe Àà±ð£º21 Ãû³Æ£ºLicenseInfo ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\LicenseInfo.sys Àà±ð£º21 Ãû³Æ£ºMSSEARCH ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" Àà±ð£º21 Ãû³Æ£ºMSSQLSERVER ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe Àà±ð£º21 Ãû³Æ£ºMSSQLServerADHelper ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe Àà±ð£º21 Ãû³Æ£ºPDCOMP ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\PDCOMP.sys Àà±ð£º21 Ãû³Æ£ºPDFRAME ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\PDFRAME.sys Àà±ð£º21 Ãû³Æ£ºPDRELI ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\PDRELI.sys Àà±ð£º21 Ãû³Æ£ºPDRFRAME ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\PDRFRAME.sys Àà±ð£º21 Ãû³Æ£ºServ-U ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\ser-u\ServUDaemon.exe Àà±ð£º21 Ãû³Æ£ºSQLSERVERAGENT ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER Àà±ð£º21 Ãû³Æ£ºSymEvent ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º\??\C:\Program Files\Symantec\SYMEVENT.SYS Àà±ð£º21 Ãû³Æ£ºVgaSave ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£º\SystemRoot\System32\drivers\vga.sys Àà±ð£º21 Ãû³Æ£ºWDICA ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\WDICA.sys Àà±ð£º21 Ãû³Æ£ºWinsock ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\WINDOWS\System32\Drivers\Winsock.sys Àà±ð£º21 Ãû³Æ£ºHidServ ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ×¢²áÖµ£ºC:\Documents and Settings\All Users\DRM\black.lnk%SESSIONNAME%\ecgcm.ccd Àà±ð£º11 Ãû³Æ£º ×¢²á¼ü£º¡ô WinLogon ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºPCANotify ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ×¢²áÖµ£ºPCANotify.dll Àà±ð£º1 Ãû³Æ£º ×¢²á¼ü£º¡ô Internet Explorer ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º{D27CDB6E-AE6D-11CF-96B8-444553540000} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units ×¢²áÖµ£ºhttp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Àà±ð£º6 Ãû³Æ£º{E5A1691B-D188-4419-AD02-90002030B8EE} ×¢²á¼ü£ºHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats ×¢²áÖµ£ºC:\PROGRA~1\FlashFXP\IEFlash.dll Àà±ð£º4 Ãû³Æ£º ×¢²á¼ü£º¡ô Internet Explorer ActiveX ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º{1F7DD4F2-CAC3-11D0-A35B-00AA00BDCDFD} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddr.dll Àà±ð£º4 Ãû³Æ£º{1F7DD4F3-CAC3-11D0-A35B-00AA00BDCDFD} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddr.dll Àà±ð£º4 Ãû³Æ£º{248DD896-BB45-11CF-9ABC-0080C7E7B78D} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\ftc2010\MSWINSCK.OCX Àà±ð£º4 Ãû³Æ£º{3B7C8860-D78F-101B-B9B5-04021C009402} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\ftc2010\RICHTX32.OCX Àà±ð£º4 Ãû³Æ£º{4CECCEB1-8359-11D0-A34E-00AA00BDCDFD} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddo.dll Àà±ð£º4 Ãû³Æ£º{4CECCEB2-8359-11D0-A34E-00AA00BDCDFD} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2gddo.dll Àà±ð£º4 Ãû³Æ£º{4FAAB301-CEF6-477C-9F58-F601039E9B78} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Àà±ð£º4 Ãû³Æ£º{62EC9F22-5E30-11D2-97A1-00C04FB6DD9A} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6CBE0382-A879-4D2A-8EC3-1F2A43611BA8} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Àà±ð£º4 Ãû³Æ£º{6E2270FB-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E227101-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E227109-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710A-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710B-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710C-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710D-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710E-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{6E22710F-F799-11CF-9227-00AA00A1EB95} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{8B217746-717D-11CE-AB5B-D41203C10000} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\WINDOWS\system32\TLBINF32.DLL Àà±ð£º4 Ãû³Æ£º{8B217752-717D-11CE-AB5B-D41203C10000} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\WINDOWS\system32\TLBINF32.DLL Àà±ð£º4 Ãû³Æ£º{8B21775E-717D-11CE-AB5B-D41203C10000} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\WINDOWS\system32\TLBINF32.DLL Àà±ð£º4 Ãû³Æ£º{8BD21D50-EC42-11CE-9E0D-00AA006002F3} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\WINDOWS\system32\FM20.DLL Àà±ð£º4 Ãû³Æ£º{B0406342-B0C5-11D0-89A9-00A0C9054129} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll Àà±ð£º4 Ãû³Æ£º{B0406343-B0C5-11D0-89A9-00A0C9054129} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll Àà±ð£º4 Ãû³Æ£º{B1D4ED44-EE64-11D0-97E6-00C04FC30B4A} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{D24D4450-1F01-11D1-8E63-006097D2DF48} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll Àà±ð£º4 Ãû³Æ£º{D24D4453-1F01-11D1-8E63-006097D2DF48} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners98\mdt2dd.dll Àà±ð£º4 Ãû³Æ£º{D675E22B-CAE9-11D2-AF7B-00C04F99179F} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\Repostry\repodbc.dll Àà±ð£º4 Ãû³Æ£º{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility ×¢²áÖµ£ºC:\Program Files\Common Files\Microsoft Shared\MSDesigners7\msdds.dll Àà±ð£º4 Ãû³Æ£º ×¢²á¼ü£º¡ô Internet Explorer BHO ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º{E5A1691B-D188-4419-AD02-90002030B8EE} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ×¢²áÖµ£ºC:\PROGRA~1\FlashFXP\IEFlash.dll Àà±ð£º4 Ãû³Æ£º ×¢²á¼ü£º¡ô Explorer ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£º ×¢²á¼ü£º¡ô Explorer¡¡ShellEx ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºFTCleaner ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\ftc2010\FTCCommenu.dll Àà±ð£º9 Ãû³Æ£ºFTCleaner ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\ftc2010\FTCCommenu.dll Àà±ð£º9 Ãû³Æ£ºWinRAR ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\Program Files\WinRAR\rarext.dll Àà±ð£º9 Ãû³Æ£ºFTCleaner ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\ftc2010\FTCCommenu.dll Àà±ð£º9 Ãû³Æ£ºWinRAR ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\Program Files\WinRAR\rarext.dll Àà±ð£º9 Ãû³Æ£º{B41DB860-8EE4-11D2-9906-E49FADC173CA} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ×¢²áÖµ£ºC:\Program Files\WinRAR\rarext.dll Àà±ð£º7 Ãû³Æ£º{0561EC90-CE54-4f0c-9C55-E226110A740C} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ×¢²áÖµ£ºC:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Àà±ð£º7 Ãû³Æ£º{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ×¢²áÖµ£ºC:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Àà±ð£º7 Ãû³Æ£º{327669A0-59A7-4be9-B99E-1C9F3A57611A} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ×¢²áÖµ£ºC:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Àà±ð£º7 Ãû³Æ£º{24BA04A9-97F7-4744-ABE9-8DF91792B9B5} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ×¢²áÖµ£ºC:\ftc2010\FTCCommenu.dll Àà±ð£º7 Ãû³Æ£º{0561EC90-CE54-4f0c-9C55-E226110A740C} ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers ×¢²áÖµ£ºC:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Àà±ð£º4 Ãû³Æ£º ×¢²á¼ü£º¡ô LSA Providers ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºNotification Packages ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa ×¢²áÖµ£ºcecli Àà±ð£º3 Ãû³Æ£ºNotification Packages ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa ×¢²áÖµ£ºDCSVC Àà±ð£º3 Ãû³Æ£ºSecurity Packages ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa ×¢²áÖµ£ºchannel Àà±ð£º3 Ãû³Æ£ºSecurity Packages ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa ×¢²áÖµ£ºsv1_0 Àà±ð£º3 Ãû³Æ£º ×¢²á¼ü£º¡ô ImageFile¡¡Hijacks ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºFTCleaner ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\ftc2010\FTCCommenu.dll Àà±ð£º9 Ãû³Æ£ºWinRAR ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers ×¢²áÖµ£ºC:\Program Files\WinRAR\rarext.dll Àà±ð£º9 Ãû³Æ£º ×¢²á¼ü£º¡ô Print¡¡Monitors ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºpcAnywhere Remote Printing ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors ×¢²áÖµ£ºawmon.dll Àà±ð£º1 Ãû³Æ£º ×¢²á¼ü£º¡ô Session¡¡Manager ¡ý ×¢²áÖµ£º Àà±ð£º Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\C:\Program Files\360\360safe\update\~tmF.tmp Àà±ð£º3 Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\C:\Program Files\360\360safe\update\~3F.tmp Àà±ð£º3 Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\C:\Program Files\360\360safe\update\~22.tmp Àà±ð£º3 Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\C:\Program Files\360\360safe\update\~1F.tmp Àà±ð£º3 Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\C:\Program Files\360\360safe\update\~10.tmp Àà±ð£º3 Ãû³Æ£ºPendingFileRenameOperations ×¢²á¼ü£ºHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ×¢²áÖµ£º\??\D:\arswp3_x86\arswp3\save\auto.dat Àà±ð£º3 Ãû³Æ£º ×¢²á¼ü£º¡ô Other ¡ý ×¢²áÖµ£º Àà±ð£º ====================================================== ÎÞÇ©ÃûÄÚºËÄ£¿é£º Ä£¿é»ùÖ·£ºF3D7E000¡¡Ä£¿é£º\??\e:\¾Ñ½£v2008-0429\SnipeSword.sys Ä£¿é»ùÖ·£ºF3D94000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\IsDrv122.sys Ä£¿é»ùÖ·£ºF49D0000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\RDPWD.SYS Ä£¿é»ùÖ·£ºF4C3B000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\TDTCP.SYS Ä£¿é»ùÖ·£ºF67C0000¡¡Ä£¿é£º\SystemRoot\system32\drivers\rsassist.sys Ä£¿é»ùÖ·£ºF503B000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\srv.sys Ä£¿é»ùÖ·£ºF51B5000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\HTTP.sys Ä£¿é»ùÖ·£ºF5347000¡¡Ä£¿é£º\SystemRoot\system32\drivers\HookCont.sys Ä£¿é»ùÖ·£ºF5FC7000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rfwarp.sys Ä£¿é»ùÖ·£ºF5BF8000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ndisuio.sys Ä£¿é»ùÖ·£ºBFFA0000¡¡Ä£¿é£º\SystemRoot\System32\ATMFD.DLL Ä£¿é»ùÖ·£ºBF9E8000¡¡Ä£¿é£º\SystemRoot\System32\G200eVd.dll Ä£¿é»ùÖ·£ºF5FCF000¡¡Ä£¿é£º\SystemRoot\System32\drivers\dxgthk.sys Ä£¿é»ùÖ·£ºBF9D1000¡¡Ä£¿é£º\SystemRoot\System32\drivers\dxg.sys Ä£¿é»ùÖ·£ºF5BC8000¡¡Ä£¿é£º\SystemRoot\System32\drivers\Dxapi.sys Ä£¿é»ùÖ·£ºBF800000¡¡Ä£¿é£º\SystemRoot\System32\win32k.sys Ä£¿é»ùÖ·£ºF575B000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\dump_lsi_sas.sys Ä£¿é»ùÖ·£ºF5BD8000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\dump_diskdump.sys Ä£¿é»ùÖ·£ºF57A0000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Cdfs.SYS Ä£¿é»ùÖ·£ºF5C08000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\wanarp.sys Ä£¿é»ùÖ·£ºF7797000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\mouhid.sys Ä£¿é»ùÖ·£ºF5C18000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\kbdhid.sys Ä£¿é»ùÖ·£ºF75C7000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\HIDCLASS.SYS Ä£¿é»ùÖ·£ºF5D10000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\hidusb.sys Ä£¿é»ùÖ·£ºF5E0E000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Efimon.sys Ä£¿é»ùÖ·£ºF5891000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Fips.SYS Ä£¿é»ùÖ·£ºF778F000¡¡Ä£¿é£º\SystemRoot\system32\drivers\HOOKHELP.sys Ä£¿é»ùÖ·£ºF58F2000¡¡Ä£¿é£º\SystemRoot\system32\drivers\HookSys.sys Ä£¿é»ùÖ·£ºF5919000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\mrxsmb.sys Ä£¿é»ùÖ·£ºF59B7000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rdbss.sys Ä£¿é»ùÖ·£ºF7787000¡¡Ä£¿é£º\SystemRoot\system32\drivers\aw_host5.sys Ä£¿é»ùÖ·£ºF5D90000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\netbios.sys Ä£¿é»ùÖ·£ºF59E7000¡¡Ä£¿é£º\SystemRoot\System32\drivers\afd.sys Ä£¿é»ùÖ·£ºF638C000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ProtoDrv.sys Ä£¿é»ùÖ·£ºF5A11000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\netbt.sys Ä£¿é»ùÖ·£ºF5A42000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\tcpip.sys Ä£¿é»ùÖ·£ºF5DA0000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\msgpc.sys Ä£¿é»ùÖ·£ºF5AD8000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ipsec.sys Ä£¿é»ùÖ·£ºF7777000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rasacd.sys Ä£¿é»ùÖ·£ºF7677000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Npfs.SYS Ä£¿é»ùÖ·£ºF7687000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Msfs.SYS Ä£¿é»ùÖ·£ºF7747000¡¡Ä£¿é£º\SystemRoot\System32\DRIVERS\RDPCDD.sys Ä£¿é»ùÖ·£ºF773F000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\mnmdd.SYS Ä£¿é»ùÖ·£ºF6398000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\awlegacy.sys Ä£¿é»ùÖ·£ºF75E7000¡¡Ä£¿é£º\SystemRoot\System32\drivers\vga.sys Ä£¿é»ùÖ·£ºF781F000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\HIDPARSE.SYS Ä£¿é»ùÖ·£ºF780F000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Beep.SYS Ä£¿é»ùÖ·£ºF7807000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Null.SYS Ä£¿é»ùÖ·£ºF75D7000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\Fs_Rec.SYS Ä£¿é»ùÖ·£ºF7567000¡¡Ä£¿é£º\SystemRoot\System32\Drivers\NDProxy.SYS Ä£¿é»ùÖ·£ºF67F2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\USBD.SYS Ä£¿é»ùÖ·£ºF5CFB000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\usbhub.sys Ä£¿é»ùÖ·£ºF7667000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\mssmbios.sys Ä£¿é»ùÖ·£ºF5DB0000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\update.sys Ä£¿é»ùÖ·£ºF67F4000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\swenum.sys Ä£¿é»ùÖ·£ºF6FCC000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rfwbase.sys Ä£¿é»ùÖ·£ºF6582000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\mouclass.sys Ä£¿é»ùÖ·£ºF6592000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\kbdclass.sys Ä£¿é»ùÖ·£ºF65A2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\termdd.sys Ä£¿é»ùÖ·£ºF5E22000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rdpdr.sys Ä£¿é»ùÖ·£ºF65B2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\raspti.sys Ä£¿é»ùÖ·£ºF65C2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ptilink.sys Ä£¿é»ùÖ·£ºF65D2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\TDI.SYS Ä£¿é»ùÖ·£ºF5E59000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\raspptp.sys Ä£¿é»ùÖ·£ºF65E2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\raspppoe.sys Ä£¿é»ùÖ·£ºF5E6B000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ndiswan.sys Ä£¿é»ùÖ·£ºF65F2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ndistapi.sys Ä£¿é»ùÖ·£ºF5E84000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\rasl2tp.sys Ä£¿é»ùÖ·£ºF77EF000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\audstub.sys Ä£¿é»ùÖ·£ºF77E7000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\fsvga.sys Ä£¿é»ùÖ·£ºF6602000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\intelppm.sys Ä£¿é»ùÖ·£ºF5E98000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\ks.sys Ä£¿é»ùÖ·£ºF5EBF000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\redbook.sys Ä£¿é»ùÖ·£ºF5ED2000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\cdrom.sys Ä£¿é»ùÖ·£ºF6612000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\serenum.sys Ä£¿é»ùÖ·£ºF5EEA000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\serial.sys Ä£¿é»ùÖ·£ºF7617000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\watchdog.sys Ä£¿é»ùÖ·£ºF5EFD000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS Ä£¿é»ùÖ·£ºF5F19000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\G200eVm.sys Ä£¿é»ùÖ·£ºF77DF000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\usbehci.sys Ä£¿é»ùÖ·£ºF5F4A000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\USBPORT.SYS Ä£¿é»ùÖ·£ºF77D7000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\usbuhci.sys Ä£¿é»ùÖ·£ºF5F74000¡¡Ä£¿é£º\SystemRoot\system32\DRIVERS\bxnd52x.sys Ä£¿é»ùÖ·£ºF7897000¡¡Ä£¿é£ºGernuwa.sys Ä£¿é»ùÖ·£º8BDA0348¡¡Ä£¿é£º ====================================================== Ó²¼þÉ豸¼°ÆäÖ§³ÖÎļþÁÐ±í£º ====================================================== µ±Ç°ÒÑ°²×°Èí¼þÁÐ±í£º 360°²È«ÎÀÊ¿ Adobe Flash Player 10 ActiveX Adobe SVG Viewer 3.0 AviSynth 2.5 ÖÕ¼«½âÂë2010´º½Ú°æ FlashFXP v3.6 Final WindowsľÂíÇåµÀ·ò Gordian Knot Rip Pack 0.35.0 Haali Media Splitter VBA ½ðµûK/3³É³¤°æ ΢ÈíHCP©¶´½ô¼±ÆÁ±Î²¹¶¡ Windows Server 2003 °²È«¸üР(KB923561) Windows Server 2003 °²È«¸üР(KB924667-v2) Windows Media Player 6.4 (KB925398) °²È«¸üРWindows Server 2003 °²È«¸üР(KB925902-v2) Windows Server 2003 ¸üР(KB927891) Windows Server 2003 °²È«¸üР(KB929123) Windows Server 2003 °²È«¸üР(KB930178) Windows Server 2003 °²È«¸üР(KB932168) Windows Server 2003 ÐÞ²¹³ÌÐò (KB932716-v2) Windows Server 2003 °²È«¸üР(KB933729) Windows Server 2003 °²È«¸üР(KB935839) Windows Server 2003 °²È«¸üР(KB935840) Windows Server 2003 °²È«¸üР(KB936021) Windows Server 2003 °²È«¸üР(KB936782) Windows Server 2003 °²È«¸üР(KB938127) Windows Server 2003 °²È«¸üР(KB938464-v2) Windows Server 2003 °²È«¸üР(KB941569) Windows Server 2003 ÐÞ²¹³ÌÐò (KB942288-v4) Windows Server 2003 °²È«¸üР(KB942830) Windows Server 2003 °²È«¸üР(KB942831) Windows Server 2003 °²È«¸üР(KB943055) Windows Server 2003 °²È«¸üР(KB943460) Windows Server 2003 °²È«¸üР(KB943485) Windows Server 2003 °²È«¸üР(KB944338-v2) Windows Server 2003 °²È«¸üР(KB944653) Windows Server 2003 °²È«¸üР(KB945553) Windows Server 2003 °²È«¸üР(KB946026) Windows Server 2003 ¸üР(KB948496) Windows Server 2003 ÐÞ²¹³ÌÐò (KB950224-v3) Windows Server 2003 °²È«¸üР(KB950582) Windows Server 2003 °²È«¸üР(KB950762) Windows Server 2003 °²È«¸üР(KB950974) Windows Server 2003 °²È«¸üР(KB951066) Windows Server 2003 °²È«¸üР(KB951698) Windows Server 2003 °²È«¸üР(KB951748) Windows Server 2003 °²È«¸üР(KB952004) Windows Server 2003 °²È«¸üР(KB952069) Windows Server 2003 °²È«¸üР(KB952954) Windows Server 2003 °²È«¸üР(KB953155) Windows Server 2003 °²È«¸üР(KB953298) Windows Server 2003 °²È«¸üР(KB954155) Windows Server 2003 °²È«¸üР(KB954211) Windows Server 2003 ÐÞ²¹³ÌÐò (KB954708) Windows Server 2003 °²È«¸üР(KB955069) Windows Server 2003 ¸üР(KB955704) Windows Server 2003 °²È«¸üР(KB956391) Windows Server 2003 °²È«¸üР(KB956572) Windows Server 2003 °²È«¸üР(KB956802) Windows Server 2003 °²È«¸üР(KB956803) Windows Server 2003 °²È«¸üР(KB956844) Windows Server 2003 °²È«¸üР(KB957097) Windows Server 2003 °²È«¸üР(KB958644) Windows Server 2003 °²È«¸üР(KB958687) Windows Server 2003 ¸üР(KB958752) Windows Server 2003 °²È«¸üР(KB958869) Windows Server 2003 °²È«¸üР(KB959426) Windows Server 2003 °²È«¸üР(KB960225) Windows Server 2003 °²È«¸üР(KB960715) Windows Server 2003 °²È«¸üР(KB960803) Windows Server 2003 °²È«¸üР(KB960859) Windows Server 2003 °²È«¸üР(KB961373) Windows Server 2003 °²È«¸üР(KB961501) Windows Server 2003 ¸üР(KB967715) Windows Server 2003 °²È«¸üР(KB967723) Windows Server 2003 ¸üР(KB968389) Windows Server 2003 °²È«¸üР(KB968816) Windows Server 2003 °²È«¸üР(KB969059) Windows Server 2003 °²È«¸üР(KB969898) Windows Server 2003 °²È«¸üР(KB969947) Windows Server 2003 °²È«¸üР(KB970238) Windows Server 2003 °²È«¸üР(KB970483) Windows Server 2003 °²È«¸üР(KB971032) Windows Server 2003 ÐÞ²¹³ÌÐò (KB971314) Windows Server 2003 °²È«¸üР(KB971468) Windows Server 2003 °²È«¸üР(KB971486) Windows Server 2003 °²È«¸üР(KB971557) Windows Server 2003 °²È«¸üР(KB971633) Windows Server 2003 °²È«¸üР(KB971657) Windows Server 2003 °²È«¸üР(KB971961) Windows Server 2003 °²È«¸üР(KB972270) Windows Server 2003 °²È«¸üР(KB973354) Windows Server 2003 °²È«¸üР(KB973507) Windows Server 2003 °²È«¸üР(KB973525) Windows Server 2003 °²È«¸üР(KB973540) Windows Server 2003 ¸üР(KB973815) Windows Server 2003 °²È«¸üР(KB973869) Windows Server 2003 °²È«¸üР(KB973904) Windows Server 2003 ¸üР(KB973917-v2) Windows Server 2003 °²È«¸üР(KB974112) Windows Server 2003 °²È«¸üР(KB974318) Windows Server 2003 °²È«¸üР(KB974392) Windows Server 2003 °²È«¸üР(KB974571) Windows Server 2003 °²È«¸üР(KB975025) Windows Server 2003 °²È«¸üР(KB975254) Windows Server 2003 °²È«¸üР(KB975467) Windows Server 2003 °²È«¸üР(KB975560) Windows Server 2003 °²È«¸üР(KB975562) Windows Server 2003 °²È«¸üР(KB975713) Windows Server 2003 °²È«¸üР(KB976323) Windows Server 2003 ¸üР(KB977165) Windows Server 2003 °²È«¸üР(KB977290) Windows Server 2003 °²È«¸üР(KB977816) Windows Server 2003 °²È«¸üР(KB977914) Windows Server 2003 °²È«¸üР(KB978037) Windows Server 2003 ¸üР(KB978207) Windows Server 2003 °²È«¸üР(KB978251) Windows Server 2003 °²È«¸üР(KB978262) Windows Server 2003 °²È«¸üР(KB978338) Windows Server 2003 °²È«¸üР(KB978542) Windows Server 2003 °²È«¸üР(KB978601) Windows Server 2003 °²È«¸üР(KB978695) Windows Server 2003 °²È«¸üР(KB978706) Windows Server 2003 °²È«¸üР(KB979309) Windows Server 2003 °²È«¸üР(KB979482) Windows Server 2003 °²È«¸üР(KB979559) Windows Server 2003 °²È«¸üР(KB979683) Windows Server 2003 °²È«¸üР(KB979907) Windows Server 2003 ¸üР(KB980182) Windows Server 2003 °²È«¸üР(KB980195) Windows Server 2003 °²È«¸üР(KB980218) Windows Server 2003 °²È«¸üР(KB980232) Windows Server 2003 °²È«¸üР(KB981350) Windows Server 2003 °²È«¸üР(KB982381) LiveUpdate 1.6 (Symantec Corporation) Matrox Graphics Software (remove only) MediaInfo 0.7.9 MeGUI (remove only) Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 ÓïÑÔ°ü - ¼òÌåÖÐÎÄ Microsoft SQL Server 2000 ÈðÐÇÈ«¹¦ÄÜ°²È«Èí¼þ ¿¨¿¨ÉÏÍø°²È«ÖúÊÖ Ëѹ·Æ´ÒôÊäÈë·¨ 5.0Õýʽ°æ VideoReDo TVSuite Version 3.1.5.564 VobSub v2.23 (Remove Only) Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Windows Imaging Component WinRAR ѹËõÎļþ¹ÜÀíÆ÷ XML Paper Specification Shared Components Pack 1.0 XML Paper Specification Shared Components Language Pack 1.0 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945) Microsoft .NET Framework 3.5 Language Pack - chs VBA MSXML 6 Service Pack 2 (KB954459) MSXML 4.0 SP2 (KB954430) Microsoft Silverlight Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHS Kingdee K/3 Express Microsoft .NET Framework 2.0 Service Pack 2 Transport Stream Packet Editor Professional (TSPE) Version 0.81 Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHS Symantec pcAnywhere ====================================================== HostÎļþ£º 127.0.0.1 localhost ====================================================== ϵͳÌå¼ìÈ«²¿Íê³É 2026-06-13-17:30:01