求助...机子中毒了 bbs.ikaka.com

BBAttt - 2008-5-17 11:02:00

最近有点怪...好象是中毒了....可是杀来杀去还是杀不死........
各位大虾教教偶怎么杀才杀得彻底...以下是日志....
[CODE]

2008-05-17,10:57:36

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<iTudouAutoStart><F:\Program Files\Tudou\iTudou\iTudou.exe -AutoStart> [土豆网]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
<Thunder><"C:\Program Files\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<TBMExe><C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\clfmon.exe> []
<inudhya><C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\soundma.exe> []
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<runeip><"F:\kakazhushou\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
<Storm2Set><; C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv> [北京暴风网际科技有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><F:\kakazhushou\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><ghynjr.dll,dgxsrr.dll,dfhtrhy.dll,ghjkdr.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,dgxsrr.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,ghjdtry.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,fdght.dll,> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{37FD640A-158F-48AC-FD14-1597F14A9773}><C:\WINDOWS\system32\mndscsrv.dll> []
<{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><C:\WINDOWS\system32\ttNNBNNB1047.dll> []
<{170165F1-9F65-569F-F895-F14F58F41071}><C:\WINDOWS\system32\lofsajbo.dll> []
<{4A041F13-A111-12A3-B0CF-F99818AA68A4}><C:\WINDOWS\system32\zxmsawin.dll> [N/A]
<{3319A1F1-9410-9654-3201-345FFA349133}><C:\WINDOWS\system32\zywmcime.dll> [N/A]
<{33d2503b-149b-4fc2-8e62-e2b472784949}><dqWLVWLV1012.dll> [N/A]
<{4319A1F1-9410-9654-3201-345FFA349134}><C:\WINDOWS\system32\zywmdime.dll> []
<{42c395b4-2de7-4f52-8020-bf84ff9a66ce}><C:\WINDOWS\system32\MMWLVAHB1017.dll> []
<{29fab913-d0cd-477b-a3f0-3d7c3a90379b}><C:\WINDOWS\system32\ttVUFVUF1011.dll> []
<{5A59145F-315D-BC23-AC1F-145DF81A34A5}><C:\WINDOWS\system32\zyzxeime.dll> []
<{40AF1289-F140-A140-D012-C1458759FC04}><C:\WINDOWS\system32\ypcqchlp.dll> [N/A]
<{dc546cb1-0be7-4957-98c5-469b55a6923d}><C:\WINDOWS\system32\ttQACQAC1038.dll> []
<{17A924AF-1A5F-CF21-AB1D-1D5CF82A8A71}><C:\WINDOWS\system32\zywlaime.dll> []
<{328DF602-9541-A985-210A-984A698C6F23}><C:\WINDOWS\system32\ptjhchlp.dll> [N/A]
<{1AB1F65A-964F-4AE7-B254-05146A0E602E}><C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys> []
<{3C648541-1025-9650-9057-6541258720C3}><C:\WINDOWS\system32\mndhcdwd.dll> []
<{5A041F13-A111-12A3-B0CF-F99818AA68A5}><C:\WINDOWS\system32\zxmsbwin.dll> []
<{4629FF4F-ACDB-5C90-A098-FACB3456A264}><C:\WINDOWS\system32\mpmydapi.dll> []
<{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll> []
<{50AF1289-F140-A140-D012-C1458759FC05}><C:\WINDOWS\system32\ypcqdhlp.dll> []
<{91698482-6555-3666-1222-954784129019}><C:\WINDOWS\system32\zxptejpg.dll> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{bae58dbb-1a79-4e18-ac84-07fe296d81c5}><C:\WINDOWS\system32\MMFKKLJK1075.dll> []
<{6490415F-65F8-B5C5-D8BA-9405FB120546}><C:\WINDOWS\system32\yzztfmsn.dll> []
<{d5464c94-2030-4f7d-88ad-44354dba774b}><C:\WINDOWS\system32\MMSADZFB1050.dll> []
<{428DF602-9541-A985-210A-984A698C6F24}><C:\WINDOWS\system32\ptjhdhlp.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
<IFEO[ACKWIN32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
<IFEO[ANTI-TROJAN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
<IFEO[APVXDWIN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
<IFEO[AUTODOWN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
<IFEO[AVCONSOL.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
<IFEO[AVE32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
<IFEO[AVGCTRL.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
<IFEO[AVKSERV.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]
<IFEO[AVNT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
<IFEO[AVP.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
<IFEO[AVP32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
<IFEO[AVPCC.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
<IFEO[AVPDOS32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE]
<IFEO[AVPM.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
<IFEO[AVPTC32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
<IFEO[AVPUPD.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
<IFEO[AVSCHED32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
<IFEO[AVWIN95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
<IFEO[AVWUPD32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
<IFEO[BLACKD.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
<IFEO[BLACKICE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
<IFEO[CFIADMIN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
<IFEO[CFIAUDIT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
<IFEO[CFINET.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
<IFEO[CFINET32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
<IFEO[CLAW95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
<IFEO[CLAW95CF.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
<IFEO[CLEANER.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
<IFEO[CLEANER3.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
<IFEO[DVP95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
<IFEO[DVP95_0.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
<IFEO[ECENGINE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE]
<IFEO[EGHOST.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
<IFEO[ESAFE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
<IFEO[EXPWATCH.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
<IFEO[F-AGNT95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
<IFEO[F-PROT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
<IFEO[F-PROT95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
<IFEO[F-STOPW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
<IFEO[FESCUE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
<IFEO[FINDVIRU.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
<IFEO[FP-WIN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
<IFEO[FPROT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
<IFEO[FRW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
<IFEO[IAMAPP.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
<IFEO[IAMSERV.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
<IFEO[IBMASN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
<IFEO[IBMAVSP.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
<IFEO[ICLOAD95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
<IFEO[ICLOADNT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
<IFEO[ICMON.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
<IFEO[ICSUPP95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
<IFEO[ICSUPPNT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
<IFEO[IFACE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
<IFEO[IOMON98.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
<IFEO[JEDI.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
<IFEO[KAVPFW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe]
<IFEO[KAVsvc.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe]
<IFEO[KAVSvcUI.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
<IFEO[KVFW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
<IFEO[KVMonXP.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<IFEO[KVMonXP.kxp]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe]
<IFEO[KVwsc.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<IFEO[KvXP.kxp]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
<IFEO[KWatchUI.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )

BBAttt - 2008-5-17 11:03:00

<IFEO[LOCKDOWN2000.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
<IFEO[Logo1_.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
<IFEO[Logo_1.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
<IFEO[LOOKOUT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
<IFEO[LUALL.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAILMON.EXE]
<IFEO[MAILMON.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
<IFEO[MOOLIVE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
<IFEO[MPFTRAY.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my.exe]
<IFEO[my.exe]><C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\lmmh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
<IFEO[N32SCANW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
<IFEO[Navapsvc.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
<IFEO[Navapw32.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
<IFEO[NAVLU32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
<IFEO[NAVNT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
<IFEO[navw32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
<IFEO[NAVWNT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
<IFEO[NISUM.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.exe]
<IFEO[NMain.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
<IFEO[NORMIST.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
<IFEO[NUPGRADE.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
<IFEO[NVC95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
<IFEO[PAVCL.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
<IFEO[PAVSCHED.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
<IFEO[PAVW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
<IFEO[PCCWIN98.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
<IFEO[PCFWALLICON.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
<IFEO[PERSFW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
<IFEO[PFW.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQLogin.exe]
<IFEO[QQLogin.exe]><"C:\WINDOWS\system32\qqxyd.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
<IFEO[Rav.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
<IFEO[RAV7.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
<IFEO[RAV7WIN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe]
<IFEO[RAVmon.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe]
<IFEO[RAVmonD.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe]
<IFEO[RAVtimer.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe]
<IFEO[Rising.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
<IFEO[SAFEWEB.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE]
<IFEO[SCAN32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
<IFEO[SCAN95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
<IFEO[SCANPM.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
<IFEO[SCRSCAN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
<IFEO[SERV95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
<IFEO[SMC.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
<IFEO[SPHINX.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
<IFEO[SWEEP95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE]
<IFEO[TBSCAN.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE]
<IFEO[TCA.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
<IFEO[TDS2-98.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
<IFEO[TDS2-NT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE]
<IFEO[THGUARD.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe]
<IFEO[TrojanHunter.exe]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
<IFEO[VET95.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
<IFEO[VETTRAY.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
<IFEO[VSCAN40.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
<IFEO[VSECOMR.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
<IFEO[VSHWIN32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE]
<IFEO[VSSTAT.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE]
<IFEO[WEBSCANX.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
<IFEO[WFINDV32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XYD2.exe]
<IFEO[XYD2.exe]><"C:\WINDOWS\system32\qqxyd.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
<IFEO[ZONEALARM.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
<IFEO[_AVP32.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
<IFEO[_AVPCC.EXE]><c:\\xue.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
<IFEO[_AVPM.EXE]><c:\\xue.exe> [N/A]

==================================
启动文件夹
[QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ.lnk --> E:\QQ2008\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><H>

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
<C:\WINDOWS\System32\3wareSrv.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Intexxxce Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
<C:\WINDOWS\system32\mnmsrvc.exe><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\2310_00.sys><HighPoint Technologies, Inc.>
[3wareDrv / 3wareDrv][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\3wareDrv.sys><N/A>
[3waregsm / 3waregsm][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\3waregsm.sys><N/A>
[3wDrv100 / 3wDrv100][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\3wDrv100.sys><N/A>
[3wFlt100 / 3wFlt100][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\3wFlt100.sys><N/A>
[a320raid / a320raid][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[aaatimeo / aaatimeo][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[Adaptec RAID Miniport Driver / aac][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aac.sys><Adaptec, Inc.>
[Adaptec SAS/SATA-II RAID Miniport Driver / aacsas][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aacsas.sys><Adaptec, Inc.>
[aarich / aarich][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aarich.sys><Adaptec, Inc.>
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[adsrsvc / adsrsvc][Running/Boot Start]
<\SystemRoot\system32\drivers\adsrsvc.SYS><>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\AEC6880.sys><ACARD Technology Corp.>
[aec6897 / aec6897][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\aec6897.sys><ACARD Technology Corp.>
[AFAMgt / AFAMgt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[ahcix86 / ahcix86][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[amdbusdr / amdbusdr][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atiide / atiide][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[BdGuard / BdGuard][Running/Boot Start]
<\SystemRoot\system32\drivers\BDGuard.SYS><>
[cda1000 / cda1000][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\cda1000.sys><Adaptec, Inc.>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[Cpq32fs2 / Cpq32fs2][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[Creative SB16/AWE32/AWE64 Driver (WDM) / ctlsb16][Stopped/Manual Start]
<system32\drivers\ctlsb16.sys><Copyright (C) Creative Technology Ltd. 1994-2001>
[DC21x4 Based Network Adapter Driver / DC21x4][Stopped/Manual Start]
<system32\DRIVERS\dc21x4.sys><Intel Corporation.>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp><N/A>
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[FastSx / FastSx][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\FastSx.sys><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp21.tmp><N/A>
[fttxr52P / fttxr52P][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[hpt374 / hpt374][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptmv6 / hptmv6][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel RAID Controller / iaStor][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[JMicron Hot-Plug Driver / JGOGO][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[m5281 / m5281][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>

BBAttt - 2008-5-17 11:04:00

[m5289 / m5289][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MegaIDE / MegaIDE][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[mhfp / mhfp][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp25.tmp><N/A>
[mraid35x / mraid35x][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\Mraid35x.sys><LSI Logic Corporation>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[mv61xx / mv61xx][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[ping / ping][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1E.tmp><N/A>
[CMD IDE Raid Controller / Pnp649r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\pnp649r.sys><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql12160 / ql12160][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql2100 / ql2100][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[raidsrc / raidsrc][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\raidsrc.sys><Intel>
[rr232x / rr232x][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\rr232x.sys><HighPoint Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><N/A>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150sx8 / S150sx8][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\S150sx8.sys><Promise Technology, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiI-3512 SATALink Controller / SI3112][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3114 SoftRaid 5 Controller / Si3114r5][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SiI-3124 SoftRaid 5 Controller / Si3124r5][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\Si3124r5.sys><Silicon Image, Inc>
[SiI-3132 SATALink Controller / SI3132][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SI3132.sys><Silicon Image, Inc.>
[SiI-3132 SoftRaid 5 Controller / Si3132r5][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\Si3132r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[snpshot / snpshot][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23.tmp><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sptrak / sptrak][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[Symmpi / Symmpi][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\symmpi.sys><LSI Logic>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ulsata2.sys><Promise Technology, Inc.>
[ultra / ultra][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[viamraid / viamraid][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[videX32 / videX32][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[zftp / zftp][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1E.tmp><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{02496EBC-8455-48DB-B3C7-5DAC97D9F5A7} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[BdSearchHook Class]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
[]
{170165F1-9F65-569F-F895-F14F58F41071} <C:\WINDOWS\system32\lofsajbo.dll, N/A>
[]
{17A924AF-1A5F-CF21-AB1D-1D5CF82A8A71} <C:\WINDOWS\system32\zywlaime.dll, N/A>
[]
{1AB1F65A-964F-4AE7-B254-05146A0E602E} <C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys, N/A>
[]
{328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
{3319A1F1-9410-9654-3201-345FFA349133} <C:\WINDOWS\system32\zywmcime.dll, N/A>
[]
{37FD640A-158F-48AC-FD14-1597F14A9773} <C:\WINDOWS\system32\mndscsrv.dll, N/A>
[]
{3C648541-1025-9650-9057-6541258720C3} <C:\WINDOWS\system32\mndhcdwd.dll, N/A>
[]
{40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
{40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
{428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
{4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
{4629FF4F-ACDB-5C90-A098-FACB3456A264} <C:\WINDOWS\system32\mpmydapi.dll, N/A>
[]
{4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
{5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
{5A59145F-315D-BC23-AC1F-145DF81A34A5} <C:\WINDOWS\system32\zyzxeime.dll, N/A>
[]
{6490415F-65F8-B5C5-D8BA-9405FB120546} <C:\WINDOWS\system32\yzztfmsn.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=wzjujumao_dg, N/A>
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{02496EBC-8455-48DB-B3C7-5DAC97D9F5A7} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
[]
{170165F1-9F65-569F-F895-F14F58F41071} <C:\WINDOWS\system32\lofsajbo.dll, N/A>
[]
{17A924AF-1A5F-CF21-AB1D-1D5CF82A8A71} <C:\WINDOWS\system32\zywlaime.dll, N/A>
[]
{1AB1F65A-964F-4AE7-B254-05146A0E602E} <C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[]
{328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
{3319A1F1-9410-9654-3201-345FFA349133} <C:\WINDOWS\system32\zywmcime.dll, N/A>
[]
{37FD640A-158F-48AC-FD14-1597F14A9773} <C:\WINDOWS\system32\mndscsrv.dll, N/A>
[]
{3C648541-1025-9650-9057-6541258720C3} <C:\WINDOWS\system32\mndhcdwd.dll, N/A>
[]
{40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
{40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
{428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
{4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
{4629FF4F-ACDB-5C90-A098-FACB3456A264} <C:\WINDOWS\system32\mpmydapi.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[]
{4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
{5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
{5A59145F-315D-BC23-AC1F-145DF81A34A5} <C:\WINDOWS\system32\zyzxeime.dll, N/A>
[PP Control]
{616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <f:\wbdgp\ppc.ocx, Budaozh Studio (http://www.budaozh.cn)>
[]
{6490415F-65F8-B5C5-D8BA-9405FB120546} <C:\WINDOWS\system32\yzztfmsn.dll, N/A>
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, Biejing Baofeng Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[]
{91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度工具栏]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[CCpPasswd Object]
{B5F5E4F9-23EA-4259-9D16-510C001BD727} <f:\wbdgp\getpass14.dll, TODO: <公司名>>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[.保存该网址至网站]
<http://www.jiagoo.com/addurl.htm, N/A>
[使用iTudou下载节目]
<F:\Program Files\Tudou\iTudou\iTudou_Link.HTM, N/A>

BBAttt - 2008-5-17 11:04:00

[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4175]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4176]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2512]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2522]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 884 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1016 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1072 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1112 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4176]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2512]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2522]
[C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4175]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1248 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1512 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\ttNNBNNB1047.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\MMWLVAHB1017.dll] [N/A, ]
[C:\WINDOWS\system32\ttVUFVUF1011.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\ttQACQAC1038.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\system32\MMFKKLJK1075.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\MMSADZFB1050.dll] [N/A, ]
[C:\WINDOWS\system32\ptjhdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\xowmxqtf.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\ticisms.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1636 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1936 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1160 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[PID: 1488 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 59]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 1352 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 1588 / Administrator][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.03.0.0]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.0.6.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.12.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.11.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 2356 / Administrator][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 2428 / Administrator][F:\kakazhushou\runiep.exe] [Beijing Rising Technology Co., Ltd., 5.0.0.16]
[F:\kakazhushou\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[F:\kakazhushou\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\ttNNBNNB1047.dll] [N/A, ]
[C:\WINDOWS\system32\MMWLVAHB1017.dll] [N/A, ]
[C:\WINDOWS\system32\ttVUFVUF1011.dll] [N/A, ]
[C:\WINDOWS\system32\ttQACQAC1038.dll] [N/A, ]
[C:\WINDOWS\system32\MMFKKLJK1075.dll] [N/A, ]
[C:\WINDOWS\system32\MMSADZFB1050.dll] [N/A, ]
[C:\WINDOWS\system32\ptjhdhlp.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 2932 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 3204 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 3264 / Administrator][E:\QQ2008\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 360 / Administrator][E:\QQ2008\QQ.exe] [TENCENT, 8,0,714,1791]
[E:\QQ2008\QQBaseClassInDll.dll] [TENCENT, 8,0,714,1791]
[E:\QQ2008\QQHelperDll.dll] [TENCENT, 8,0,714,1791]
[E:\QQ2008\BasicCtrlDll.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[E:\QQ2008\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\QQ2008\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\QQ2008\QQAPI.dll] [TENCENT, 8,0,713,1791]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]

BBAttt - 2008-5-17 11:04:00

[E:\QQ2008\LoginCtrl.dll] [TENCENT, 8,0,714,1791]
[E:\QQ2008\LoginCtrlRes.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQRes.dll] [TENCENT, 8,0,714,1791]
[E:\QQ2008\QQMainFrame.dll] [N/A, ]
[E:\QQ2008\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\QQ2008\QQPlugin.dll] [N/A, ]
[E:\QQ2008\UnReadMsgMgr.dll] [N/A, ]
[E:\QQ2008\CQQApplication.dll] [N/A, ]
[E:\QQ2008\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\QQ2008\NewSkin.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\MailSummary.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQSpace.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\ptjhdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\QQ2008\QQKnowledgeSearch.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\OEMApplication.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQGroupMng.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQAvatar.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\QQ2008\QQAllInOne.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[E:\QQ2008\CameraDll.dll] [TENCENT, 8,0,713,1791]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[E:\QQ2008\QQPet.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQSysMsgMng.dll] [N/A, ]
[E:\QQ2008\QRingMng.dll] [N/A, ]
[E:\QQ2008\UserDefinedHead.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQConfigPlugin.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQCustomFace.dll] [N/A, ]
[E:\QQ2008\LongConnection.dll] [TENCENT, 8,0,713,1791]
[C:\WINDOWS\system32\ttNNBNNB1047.dll] [N/A, ]
[C:\WINDOWS\system32\MMWLVAHB1017.dll] [N/A, ]
[C:\WINDOWS\system32\ttVUFVUF1011.dll] [N/A, ]
[C:\WINDOWS\system32\ttQACQAC1038.dll] [N/A, ]
[C:\WINDOWS\system32\MMFKKLJK1075.dll] [N/A, ]
[C:\WINDOWS\system32\MMSADZFB1050.dll] [N/A, ]
[E:\QQ2008\PhoneAPI.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\QQ2008\ImageOle.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQLiveQMng.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\QQ2008\GroupConnection.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\BQQApplication.dll] [N/A, ]
[E:\QQ2008\QQSceneMng.dll] [N/A, ]
[E:\QQ2008\QQMagicFace.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 2, 1, 15]
[E:\QQ2008\CommercesMng.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\PersonalDesktop.dll] [TENCENT, 8,0,713,1791]
[E:\QQ2008\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[PID: 3412 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[PID: 2804 / Administrator][F:\反黑专用\sreng2(1)\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\fdght.dll] [N/A, ]
[C:\WINDOWS\Fonts\49a8ed2fd0169fe719f260cacc25b81b\system\inudhya.dll] [N/A, ]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys16.Sys] [N/A, ]
[C:\WINDOWS\system32\zxmsbwin.dll] [N/A, ]
[C:\WINDOWS\system32\mpmydapi.dll] [N/A, ]
[C:\WINDOWS\system32\yzztfmsn.dll] [N/A, ]
[C:\WINDOWS\system32\zxptejpg.dll] [N/A, ]
[C:\WINDOWS\system32\zptlbsys.dll] [N/A, ]
[C:\WINDOWS\system32\mndhcdwd.dll] [N/A, ]
[C:\WINDOWS\system32\zywlaime.dll] [N/A, ]
[C:\WINDOWS\system32\ypcqdhlp.dll] [N/A, ]
[C:\WINDOWS\system32\mndscsrv.dll] [N/A, ]
[C:\WINDOWS\system32\lofsajbo.dll] [N/A, ]
[C:\WINDOWS\system32\zywmdime.dll] [N/A, ]
[C:\WINDOWS\system32\zyzxeime.dll] [N/A, ]
[F:\反黑专用\sreng2(1)\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\ptjhdhlp.dll] [N/A, ]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
124.238.254.113 www.10280011.com
124.238.254.113 10280011.com
124.238.254.113 www.10289900.com
124.238.254.113 10289900.com
124.238.254.113 www.78877788.com
124.238.254.113 78877788.com
124.238.254.113 www.11051122.com
124.238.254.113 11051122.com
124.238.254.113 1.ehai01.com
124.238.254.113 da.ehai01.com
124.238.254.113 ehai01.com
124.238.254.113 2008.sekart.cn
124.238.254.113 www.sekart.cn
124.238.254.113 sekart.cn
124.238.254.113 www.11309988.com
124.238.254.113 www.12100088.com
124.238.254.113 www.12108899.com
124.238.254.113 d2.llsging.com
124.238.254.113 llsging.com
124.238.254.113 dd.749571.com
124.238.254.113 749571.com
124.238.254.113 pr.749571.com
124.238.254.113 txwm1204.com
124.238.254.113 www.txwm1204.com

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1352, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1352, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1352, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2428, F:\KAKAZHUSHOU\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2428, F:\KAKAZHUSHOU\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2428, F:\KAKAZHUSHOU\RUNIEP.EXE]

==================================
API HOOK
入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
N/A

==================================

瑞星卡卡安全论坛