[CODE]

2008-05-02,23:22:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <WangWang><; "d:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [淘宝（中国）软件有限公司]
    <SunJavaUpdateSched><; C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe>  []
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)>  [N/A]
    <DAEMON Tools-1033><; "D:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock>  [DAEMON'S HOME]
    <PPHIDPAD><D:\Program Files\WINPENJR\Win32\pphidpad.exe>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><"d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
    <fiosectc><C:\WINDOWS\fiosectc.exe>  []
    <anistio><C:\WINDOWS\anistio.exE>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360safeKill><"E:\Download\killer_rodog.exe" -runonce>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosmhfp00.dll SysWoWa8.dll,msosdohs00.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll>  []
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll>  []
    <{6BBAA1E6-CF54-4139-AB9C-8491A9F909D7}><C:\WINDOWS\system32\wfrdvq.dll>  []
    <{5fd0c12b-da0b-4446-82fd-b8041a46492b}><C:\WINDOWS\system32\ttDXYDXY1014.dll>  []
    <{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><C:\WINDOWS\system32\zgxfdx.dll>  []
    <{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:\WINDOWS\TEMP\datB.tmp>  []
    <{3cc67dc4-e953-4b2f-ae22-fcb4dcc3903a}><C:\WINDOWS\system32\ttNNBNNB1056.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zjydcx.dll>  []
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>  []
    <{a580305f-b902-4723-ac26-06e4cb4279a5}><C:\WINDOWS\system32\ttHADHAD1071.dll>  []
    <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll>  []
    <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll>  []
    <{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><C:\WINDOWS\system32\hfrdzx.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[jyfepvm / cprsdmh][Stopped/Auto Start]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[E01FA41F / E01FA41F][Stopped/Auto Start]
  <C:\WINDOWS\system32\8A4CD76B.EXE -d><>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aacsas.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aarsi3x.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[arc / arc][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ARC.SYS><N/A>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\bchtsw32.sys><Broadcom Corporation>
[BCRAID / BCRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\BCRAID.sys><Broadcom Corporation>
[RAS Asynchronous Media Driver / CCDECODE][Stopped/Auto Start]
  <system32\DRIVERS\msconkt.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cpqarry2.sys><Hewlett-Packard Company>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\csb6ide.sys><ServerWorks Corporation>
[d343bus / d343bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d343bus.sys><>
[d343port / d343port][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d343port.sys><>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FASTSX / FASTSX][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FT8300 / FT8300][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\gd31244.sys><Intel Corporation>
[HpCISSs / HpCISSs][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / IASTOR][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\JRAID.SYS><JMicron Technology Corp.>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[M5281 / M5281][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[mraid2k / mraid2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / NVRAID][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[ppmoucls / ppmoucls][Running/System Start]
  <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
  <System32\DRIVERS\pptchpd5.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rr232x.sys><HighPoint Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Si3132r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid4.sys><Silicon Integrated Systems>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPTRAK / SPTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\trm3x5.sys><Tekram Technology Co., Ltd.>
[TwoTrack Compatible Device / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ULSATA / ULSATA][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vmscsi.sys><VMware, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wd7296a.sys><Western Digital Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[RodogKiller / RodogKiller][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp9.tmp><N/A>
[ping / ping][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp10.tmp><N/A>

==================================
浏览器加载项
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[雨林木风]
  {6D3CAD3C-8A34-4D07-908A-28C0310C19FA} <http://www.ylmf.com, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Java Plug-in 1.4.2_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll, JavaSoft / Sun Microsystems, Inc.>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Java Plug-in 1.4.2_05]
  {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WaVodIp Control]
  {2D63E06B-AD06-46FD-8C00-03EF45E9219D} <C:\PROGRA~1\WaVideo\WaVodIp\WaVodIp.ocx, 浙江沸蓝信息技术有限公司>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <d:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.4.2_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll, JavaSoft / Sun Microsystems, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[WebVGPlayer Class]
  {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\PROGRA~1\WaVideo\MyPlayer.dll, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[ExamSaver Control]
  {D0FC51B8-8FD0-4A66-A68E-DA68F2233505} <C:\PROGRA~1\EXAMSA~1\EXAMSA~1.OCX, oztime>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[BaiDuHook.Class]
  {E2817692-4EBC-4C70-A720-DB97A235320A} <C:\WINDOWS\system32\cqggoq.dll, N/A>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[safeInput Class]
  {ECCBA956-80E5-11D3-9285-0080ADB811C9} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用比特精灵下载(&B)]
  <D:\备份\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\datB.tmp]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 612 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdfview.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 996 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 1068 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 1212 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 1360 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
[PID: 1440 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\fiosectc.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysWoWa8.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\datB.tmp]  [, 1, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttDXYDXY1014.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttNNBNNB1056.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttHADHAD1071.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
[PID: 1668 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 344 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 296 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 532 / Administrator][D:\Program Files\WINPENJR\Win32\pphidpad.exe]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 328 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 588 / Administrator][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [D:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysWoWa8.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttDXYDXY1014.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\datB.tmp]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ttNNBNNB1056.dll]  [N/A, ]
    [C:\WINDOWS\system32\ttHADHAD1071.dll]  [N/A, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\fiosectc.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
[PID: 904 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
[PID: 2636 / Administrator][D:\Program Files\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SysWoWa8.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wyrsdj.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhfrxz.dll]  [N/A, ]
    [C:\WINDOWS\system32\zjydcx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhrdxd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zgxfdx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wfrdvq.dll]  [N/A, ]
    [C:\WINDOWS\system32\sgrefg.dll]  [N/A, ]
    [C:\WINDOWS\system32\tdffdl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfdesy.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\fiosectc.dll]  [N/A, ]
    [D:\Program Files\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\94879A32.DLL]  [, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 532, D:\PROGRAM FILES\WINPENJR\WIN32\PPHIDPAD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]