[CODE]

2008-06-20,19:04:15

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><"F:\Microsoft Office Excel 2003 简体中文绿色\EXCEL2003\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <runeip><"F:\卡卡上网安全助手\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><F:\卡卡上网安全助手\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <F:\播放器\暴风影音3\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bootdrv / bootdrv][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cpuz / cpuz][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cpuz.sys><N/A>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[FTCProtect / FTCProtect][Stopped/Manual Start]
  <System32\Drivers\FTCProtect.sys><N/A>
[FTCProTime / FTCProTime][Stopped/Manual Start]
  <System32\Drivers\FTCProTime.sys><N/A>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Sony Ericsson W700 Driver driver (WDM) / W700bus][Stopped/Manual Start]
  <system32\DRIVERS\W700bus.sys><MCCI>
[Sony Ericsson W700 USB WMC Modem Filter / W700mdfl][Stopped/Manual Start]
  <system32\DRIVERS\W700mdfl.sys><MCCI>
[Sony Ericsson W700 USB WMC Modem Driver / W700mdm][Stopped/Manual Start]
  <system32\DRIVERS\W700mdm.sys><MCCI>
[Sony Ericsson W700 USB WMC Device Management Drivers (WDM) / W700mgmt][Stopped/Manual Start]
  <system32\DRIVERS\W700mgmt.sys><MCCI>
[Sony Ericsson W700 USB WMC OBEX Interface / W700obex][Stopped/Manual Start]
  <system32\DRIVERS\W700obex.sys><MCCI>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <F:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <F:\播放器\realplayer\rpbrowserrecordplugin.dll, RealPlayer>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[宏杰加密辅助程序]
  {BE5EAD7D-1C3A-4DDE-9A8D-5AE1B426E88F} <C:\WINDOWS\system32\hjjm.dll, 宏杰软件开发有限公司>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <F:\金山清理专家\KASBrowserShield.DLL, Kingsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <F:\金山清理专家\IEBuddyExt.DLL, Kingsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <F:\PPS网~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\Program Files\KOS\UpdateOcx2.dll, Kingsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <F:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <F:\迅雷5\Components\InMedia\peerid.dll, >
[NetPlayer Class]
  {1051BC6C-02E5-44F9-91B7-463FCB96C6D2} <F:\播放器\vodplayer\VodHelper.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <F:\播放器\realplayer\rpbrowserrecordplugin.dll, RealPlayer>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <F:\金山清理专家\IEBuddyExt.DLL, Kingsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <F:\迅雷5\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[KLeakScan Class]
  {4BB7444F-E4DA-4E02-AAAD-505A0E9855D4} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <F:\PPS网~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[BlogMusicControl Class]
  {63F61B19-14AD-40EB-A2D5-5CD4A50888A8} <C:\Program Files\Thunder Network\Thunder\Components\Community\BlogMusicCtl.dll, 深圳市迅雷网络技术有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <F:\播放器\暴风影音3\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\迅雷5\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <F:\Microsoft Office Excel 2003 简体中文绿色\EXCEL2003\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(72).dll, ShenZhen Thunder Networking Technologies Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[宏杰加密辅助程序]
  {BE5EAD7D-1C3A-4DDE-9A8D-5AE1B426E88F} <C:\WINDOWS\system32\hjjm.dll, 宏杰软件开发有限公司>
[ActiveX Class]
  {C3D8F2C7-A508-4724-BC3A-C247058D17EB} <F:\播放器\vodplayer\VODPlayer.dll, PowerCOM>
[KScanSpyWare Class]
  {C847FDE7-B612-47ED-B32C-4000C9DD26B6} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\Program Files\KOS\UpdateOcx2.dll, Kingsoft Corporation>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <F:\金山清理专家\KASBrowserShield.DLL, Kingsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[KVirusScan Class]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC7} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[KAccountManager Class]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC9} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[RevealTrans]
  {E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <F:\迅雷5\Components\DownAndPlay\DapPlayer3.0.5712.71.72.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <F:\Microsoft Office Excel 2003 简体中文绿色\EXCEL2003\Thunder Network\KanKan\PPlayer.2.0.0.166.(72).dll, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <F:\播放器\realplayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[使用迅雷下载]
  <F:\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <F:\迅雷5\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 600 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1572 / SYSTEM][F:\播放器\暴风影音3\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [F:\播放器\暴风影音3\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8195]
[PID: 1712 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500 / user][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8195]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8195]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [F:\WINRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\迅雷5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [F:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [F:\迅雷5\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [F:\迅雷5\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\hjjm.dll]  [宏杰软件开发有限公司, 1, 0, 9, 8]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll]  [Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll]  [Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
[PID: 280 / user][F:\Microsoft Office Excel 2003 简体中文绿色\EXCEL2003\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.45]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
[PID: 400 / user][F:\卡卡上网安全助手\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [F:\卡卡上网安全助手\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\卡卡上网安全助手\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 536 / user][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
[PID: 2496 / user][F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 2312 / user][F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQ.exe]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQBaseClassInDll.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQHelperDll.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\BasicCtrlDll.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\MSIMG32.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\FinePlus.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\fphelper.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQAPI.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\LoginCtrl.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\LoginCtrlRes.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQRes.dll]  [TENCENT, 8,0,776,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\WizardCtrl.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQMainFrame.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQPlugin.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\UnReadMsgMgr.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\CQQApplication.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\NewSkin.dll]  [TENCENT, 8,0,775,1803]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\MailSummary.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\vbscript.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\encode.dll]  [Microsoft Corporation, 5.6.0.8825]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\OEMApplication.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQKnowledgeSearch.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQGroupMng.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQAvatar.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQAllInOne.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\CameraDll.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQPet.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQSpace.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QRingMng.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQSysMsgMng.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\UserDefinedHead.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQConfigPlugin.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQCustomFace.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\LongConnection.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\PhoneAPI.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\PersonalDesktop.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQFileTransfer.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\BQQApplication.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\CommercesMng.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQSceneMng.dll]  [N/A, ]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQLiveQMng.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\ImageOle.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\QQMagicFace.dll]  [TENCENT, 8,0,777,1805]
    [F:\讯QQ2008Beta1传美祈福版V3.1.1\qq\GroupConnection.dll]  [TENCENT, 8,0,777,1805]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2616 / user][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
    [F:\迅雷5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [F:\播放器\realplayer\rpbrowserrecordplugin.dll]  [RealPlayer, 1.0.1.45]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\播放器\realplayer\lang\rpbrp_cn.dll]  [RealNetworks, Inc., 6.0.14.0]
    [F:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [F:\迅雷5\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [F:\迅雷5\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\hjjm.dll]  [宏杰软件开发有限公司, 1, 0, 9, 8]
    [F:\金山清理专家\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,04,15,2]
    [F:\金山清理专家\IEBuddy.dll]  [Kingsoft Corporation, 2008,04,15,2]
    [F:\金山清理专家\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,05,26,109]
    [F:\金山清理专家\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山清理专家\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山清理专家\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山清理专家\kis.dll]  [Kingsoft Corporation, 2008,04,21,362]
    [F:\金山清理专家\dump.dll]  [Kingsoft Corporation, 2006, 2, 16, 8]
    [F:\金山清理专家\KANTray.dll]  [Kingsoft Corporation, 2008,04,15,2]
    [F:\金山清理专家\KAVAFish.DLL]  [Kingsoft Corporation, 2008,05,26,109]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 1640 / user][F:\病毒专杀\SREng\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\JJ.IME]  [加加工作组, 5, 0, 1, 0]
    [F:\病毒专杀\SREng\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [F:\病毒专杀\SREng\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]
    [F:\病毒专杀\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
    [F:\病毒专杀\SREng\Plugins\FILEDSV.SRE]  [Smallfrogs Studio, 1, 1, 0, 20]
    [F:\病毒专杀\SREng\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 400, F:\卡卡上网安全助手\RUNIEP.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]