瑞星卡卡安全论坛

2006-10-09,08:06:13

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SiS Windows KeyHook><C:\WINDOWS\system32\keyhook.exe>  [Silicon Integrated Systems Corporation]
    <SiSUSBRG><C:\WINDOWS\SiSUSBrg.exe>  [Silicon Integrated Systems Corp.]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <RServer><C:\PROGRA~1\LANSER~1\RSERVER.EXE>  [RealVNC Ltd.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <SysExplr><C:\Herosoft\HeroV8\SYSEXPLR.EXE>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <Show_B><C:\Ltdrv\Show_B.exe>  [N/A]
    <part559><c:\ltdrv\part559.exe ltrun>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Utility Tray]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Utility Tray.lnk --> C:\WINDOWS\system32\sistray.exe [Silicon Integrated Systems Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[OfficeScanNT 实时扫描 / ntrtscan]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[OfficeScanNT 侦听程序 / tmlisten]
  <C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[KNT / KNT]
  <C:\WINDOWS\SYSTEM32\DRIVERS\KNT.SYS><>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023]
  <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf]
  <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[Trend Micro Filter / TmFilter]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[Common Firewall Driver / TM_CFW]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys><Trend Micro Inc.>

==================================
浏览器加载项
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINDOWS\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
  {08D75BB0-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
  {08D75BC1-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll, Trend Micro Inc.>
[Encrypt Class]
  {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINDOWS\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
  {5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[PbDown Control]
  {AD237084-9159-4846-9AE7-6F03949F9011} <C:\WINDOWS\DOWNLO~1\pbDown.ocx, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINDOWS\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
  {08D75BB0-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetupINI.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
  {08D75BC1-D2B5-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanSetup.dll, Trend Micro Inc.>
[Windows Genuine Advantage]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft? Corporation>
[Encrypt Class]
  {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINDOWS\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
  {5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINDOWS\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[PbDown Control]
  {AD237084-9159-4846-9AE7-6F03949F9011} <C:\WINDOWS\DOWNLO~1\pbDown.ocx, >
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[百度Flash搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

==================================

正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1380][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BaiDuBar.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1524][C:\WINDOWS\system32\keyhook.exe]  [Silicon Integrated Systems Corporation, 0.0.0.3590]
    [C:\WINDOWS\system32\SiSApCom.dll]  [Silicon Integrated Systems Corporation, 0.0.0.3590]
    [C:\WINDOWS\system32\SiSBase.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
    [C:\WINDOWS\system32\InstFunc.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
    [C:\WINDOWS\system32\SiSParse.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1540][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.27]
[PID: 1556][C:\PROGRA~1\LANSER~1\RSERVER.EXE]  [RealVNC Ltd., 3, 3, 7, 0]
    [C:\PROGRA~1\LANSER~1\VNCHooks.dll]  [RealVNC Ltd., 3, 3, 7, 0]
    [C:\PROGRA~1\LANSER~1\othread2.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1564][C:\PROGRA~1\LANSER~1\CSERVER.EXE]  [N/A, N/A]
[PID: 1580][C:\Herosoft\HeroV8\SYSEXPLR.EXE]  [N/A, N/A]
    [C:\Herosoft\HeroV8\AVCDROM.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\CoolMenu.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\Sys936.DLL]  [N/A, N/A]
[PID: 1588][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
[PID: 1608][C:\Ltdrv\Show_B.exe]  [N/A, N/A]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1616][C:\ltdrv\part559.exe]  [N/A, N/A]
[PID: 1624][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1756][C:\WINDOWS\system32\sistray.exe]  [Silicon Integrated Systems Corporation, 0.0.0.3590]
    [C:\WINDOWS\system32\SiSApCom.dll]  [Silicon Integrated Systems Corporation, 0.0.0.3590]
    [C:\WINDOWS\system32\SiSBase.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
    [C:\WINDOWS\system32\InstFunc.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
    [C:\WINDOWS\system32\SiSParse.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3590]
[PID: 1816][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2560][C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.3985]
    [C:\Program Files\Ringz Studio\Storm Codec\lang\systray_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
    [C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll]  [RealNetworks, Inc., 7.0.0.1616]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 2796][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3440][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
[PID: 3708][C:\WINDOWS\TEMP\NI40A4.EXE]  [N/A, N/A]
[PID: 3756][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll]  [Trend Micro Inc., 2,6,0,1367]
[PID: 3812][C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll]  [Trend Micro Inc., 1.31.0.1708]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll]  [Trend Micro Inc., 1.2.0.1020]
[PID: 660][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1408][C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe]  [Trend Micro Inc., 7.0.0.1116]
[PID: 2308][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BaiDuBar.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\macromed\flash\swflash.ocx]  [Macromedia, Inc., 5,0,30,0]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 3348][D:\shenfei\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=~tmp0.1st.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================