[CODE]

2008-11-17,16:34:52

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3, v.3300 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Component Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [Intel Corporation]
    <HP Software Update><"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe">  [Hewlett-Packard Company]
    <egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)"ESET, spol. s r.o."]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><f:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Antiarp><F:\Program Files\360safe\antiarp\AntiArp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><acdess.dll,xsisco.dll kandawf.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.exe]
    <IFEO[ACKWIN32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.exe]
    <IFEO[ANTI-TROJAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti.exe]
    <IFEO[anti.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivir.exe]
    <IFEO[antivir.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.exe]
    <IFEO[APVXDWIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atrack.exe]
    <IFEO[atrack.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe]
    <IFEO[AVCONSOL.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.exe]
    <IFEO[AVE32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.exe]
    <IFEO[AVGCTRL.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avk.exe]
    <IFEO[avk.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.exe]
    <IFEO[AVKSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
    <IFEO[avp32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.exe]
    <IFEO[AVPCC.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe]
    <IFEO[avpdos32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.exe]
    <IFEO[AVPM.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPMON.exe]
    <IFEO[AVPMON.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPNT.exe]
    <IFEO[AVPNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.exe]
    <IFEO[AVPTC32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.exe]
    <IFEO[AVPUPD.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.exe]
    <IFEO[AVSCHED32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe]
    <IFEO[avsynmgr.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.exe]
    <IFEO[AVWIN95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxonsol.exe]
    <IFEO[avxonsol.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
    <IFEO[bdagent.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.exe]
    <IFEO[BLACKD.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.exe]
    <IFEO[BLACKICE.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.exe]
    <IFEO[CFIADMIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.exe]
    <IFEO[CFIAUDIT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIND.exe]
    <IFEO[CFIND.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe]
    <IFEO[cfinet.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe]
    <IFEO[cfinet32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.exe]
    <IFEO[CLAW95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CT.exe]
    <IFEO[CLAW95CT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.exe]
    <IFEO[CLEANER.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.exe]
    <IFEO[CLEANER3.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DAVPFW.exe]
    <IFEO[DAVPFW.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\debu.exe]
    <IFEO[debu.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95.exe]
    <IFEO[DV95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DV95_O.exe]
    <IFEO[DV95_O.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.exe]
    <IFEO[DVP95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.exe]
    <IFEO[ECENGINE.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFINET32.exe]
    <IFEO[EFINET32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.exe]
    <IFEO[ESAFE.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESPWATCH.exe]
    <IFEO[ESPWATCH.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorewclass.exe]
    <IFEO[explorewclass.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.exe]
    <IFEO[F-AGNT95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.exe]
    <IFEO[F-PROT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe]
    <IFEO[f-prot95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.exe]
    <IFEO[F-STOPW.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.exe]
    <IFEO[FINDVIRU.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fir.exe]
    <IFEO[fir.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe]
    <IFEO[fp-win.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.exe]
    <IFEO[IAMAPP.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.exe]
    <IFEO[IAMSERV.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.exe]
    <IFEO[IBMASN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.exe]
    <IFEO[IBMAVSP.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ice.exe]
    <IFEO[ice.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.exe]
    <IFEO[ICLOAD95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.exe]
    <IFEO[ICLOADNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMOON.exe]
    <IFEO[ICMOON.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSSUPPNT.exe]
    <IFEO[ICSSUPPNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iom.exe]
    <IFEO[iom.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe]
    <IFEO[iomon98.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JED.exe]
    <IFEO[JED.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kabackreport.exe]
    <IFEO[Kabackreport.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kasmain.exe]
    <IFEO[Kasmain.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
    <IFEO[kav32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
    <IFEO[kpfwsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
    <IFEO[KPPMain.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRF.exe]
    <IFEO[KRF.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVPreScan.exe]
    <IFEO[KVPreScan.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
    <IFEO[kwatch.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lamapp.exe]
    <IFEO[lamapp.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe]
    <IFEO[lockdown2000.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.exe]
    <IFEO[LOOKOUT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe]
    <IFEO[luall.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUCOMSERVER.exe]
    <IFEO[LUCOMSERVER.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcafee.exe]
    <IFEO[mcafee.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mon.exe]
    <IFEO[mon.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moniker.exe]
    <IFEO[moniker.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.exe]
    <IFEO[MOOLIVE.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.exe]
    <IFEO[MPFTRAY.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32ACAN.exe]
    <IFEO[N32ACAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
    <IFEO[navapsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
    <IFEO[navapw32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.exe]
    <IFEO[NAVLU32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe]
    <IFEO[NAVNT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe]
    <IFEO[navrunr.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSCHED.exe]
    <IFEO[NAVSCHED.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW.exe]
    <IFEO[NAVW.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.exe]
    <IFEO[NAVW32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe]
    <IFEO[navwnt.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe]
    <IFEO[nisserv.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe]
    <IFEO[nisum.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMAIN.exe]
    <IFEO[NMAIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.exe]
    <IFEO[NORMIST.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton.exe]
    <IFEO[norton.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.exe]
    <IFEO[NUPGRADE.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.exe]
    <IFEO[NVC95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\office.exe]
    <IFEO[office.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTPOST.exe]
    <IFEO[OUTPOST.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PADMIN.exe]
    <IFEO[PADMIN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.exe]
    <IFEO[PAVCL.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc.exe]
    <IFEO[pcc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCClient.exe]
    <IFEO[PCCClient.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe]
    <IFEO[pccguide.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe]
    <IFEO[pcciomon.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe]
    <IFEO[pccmain.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe]
    <IFEO[pccwin98.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.exe]
    <IFEO[PCFWALLICON.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.exe]
    <IFEO[PERSFW.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe]
    <IFEO[pop3trap.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PpPpWallRun.exe]
    <IFEO[PpPpWallRun.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\program.exe]
    <IFEO[program.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prot.exe]
    <IFEO[prot.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe]
    <IFEO[pview95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
    <IFEO[ras.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.exe]
    <IFEO[RAV7.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe]
    <IFEO[rav7win.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe]
    <IFEO[rescue32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfw.exe]
    <IFEO[Rfw.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rn.exe]
    <IFEO[rn.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe]
    <IFEO[safeweb.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe]
    <IFEO[scam32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan.exe]
    <IFEO[scan.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe]
    <IFEO[SCAN32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.exe]
    <IFEO[SCANPM.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scon.exe]
    <IFEO[scon.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.exe]
    <IFEO[SCRSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
    <IFEO[seccenter.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secu.exe]
    <IFEO[secu.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.exe]
    <IFEO[SERV95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sirc32.exe]
    <IFEO[sirc32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.exe]
    <IFEO[SMC.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smtpsvc.exe]
    <IFEO[smtpsvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.exe]
    <IFEO[SPHINX.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spy.exe]
    <IFEO[spy.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.exe]
    <IFEO[SWEEP95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe]
    <IFEO[symproxysvc.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.exe]
    <IFEO[TBSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.exe]
    <IFEO[TCA.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.exe]
    <IFEO[TDS2-98.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.exe]
    <IFEO[TDS2-NT.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tmntsrv.exe]
    <IFEO[Tmntsrv.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMOAgent.exe]
    <IFEO[TMOAgent.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmproxy.exe]
    <IFEO[tmproxy.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmupdito.exe]
    <IFEO[tmupdito.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe]
    <IFEO[TSC.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UlibCfg.exe]
    <IFEO[UlibCfg.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vavrunr.exe]
    <IFEO[vavrunr.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.exe]
    <IFEO[VET95.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.exe]
    <IFEO[VETTRAY.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir.exe]
    <IFEO[vir.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe]
    <IFEO[VPC32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.exe]
    <IFEO[VSECOMR.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe]
    <IFEO[vshwin32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSCAN40]
    <IFEO[VSSCAN40]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <IFEO[vsstat.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCAN.exe]
    <IFEO[WEBSCAN.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.exe]
    <IFEO[WEBSCANX.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe]
    <IFEO[webtrap.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.exe]
    <IFEO[WFINDV32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows优化大师.exe]
    <IFEO[windows优化大师.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe]
    <IFEO[wink.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe]
    <IFEO[zonealarm.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.exe]
    <IFEO[_AVP32.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.exe]
    <IFEO[_AVPCC.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.exe]
    <IFEO[_AVPM.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[HP Image Zone 快速启动 ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Image Zone 快速启动 .lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Disabled]
  <C:\WINDOWS\System32\3wareSrv.exe><N/A>
[Application Management / AppMgmt][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
  <C:\Program Files\Storm\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Stopped/Auto Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Human Interface Device Access / HidServ][Stopped/Boot Start]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><Microsoft Corporation>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Task Scheduler / Schedule][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll><N/A>
[Security Control / seiuctol][Stopped/Auto Start]
  <c:\windows\system32\rundll32.exe vcript32.dll,test><Microsoft Corporation>
[System Restore Service / srservice][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll><N/A>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%systemroot%\system32\winsysdwn.dll><N/A>
[System Audio / System Audio][Stopped/Auto Start]
  <C:\Program Files\Outlook Express\audio.exe><Twain Working Group>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\2310_00.sys><HighPoint Technologies, Inc.>
[360AntiArp / 360AntiArp][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[3wareDrv / 3wareDrv][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\3wareDrv.sys><N/A>
[3waregsm / 3waregsm][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\3waregsm.sys><N/A>
[a320raid / a320raid][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[aaatimeo / aaatimeo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[Adaptec RAID Miniport Driver / aac][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aac.sys><Adaptec, Inc.>
[Adaptec SAS/SATA-II RAID Miniport Driver / aacsas][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aacsas.sys><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[aec6290 / aec6290][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[aec67160 / aec67160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec67160.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\AEC6880.sys><ACARD Technology Corp.>
[aec6897 / aec6897][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec6897.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[AFAMgt / AFAMgt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[Intel AGP Bus Filter / agp440][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\agp440.sys><Microsoft Corporation>
[Compaq AGP Bus Filter / agpCPQ][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\agpCPQ.sys><Microsoft Corporation>
[ahcix86 / ahcix86][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><ALi Corporation>
[ALI AGP Bus Filter / alim1541][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\alim1541.sys><Microsoft Corporation>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdbusdr / amdbusdr][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[arcm_x86 / arcm_x86][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\arcm_x86.sys><ARECA Technology Corporation>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[SiI-3112 SATALink  Controller / ASH1205][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ASH1205.sys><Silicon Image, Inc.>
[ata1200a / ata1200a][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ata1200a.sys><Adaptec, Inc.>
[atiide / atiide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[cda1000 / cda1000][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\cda1000.sys><Adaptec, Inc.>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Cpq32fs2 / Cpq32fs2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[cpqarry2 / cpqarry2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cpqarry2.sys><Compaq Computer Corporation>
[cpqcissm / cpqcissm][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dac960nt / dac960nt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac960nt.sys><Mylex Corporation>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Promise Removable Disk Control Driver / dontgo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Adaptec, Inc.>
[Intel(R) PRO Network Connection Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[eamon / eamon][Stopped/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Stopped/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Stopped/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[FastSx / FastSx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\FastSx.sys><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fttxr52P / fttxr52P][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[HpCISSm2 / HpCISSm2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\HpCISSm2.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[hpt374 / hpt374][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[i2omp / i2omp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\i2omp.sys><Microsoft Corporation>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel RAID Controller / iaStor][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Intel  RAID Controller / iaStor55][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor55.sys><Intel Corporation>
[Intel RAID  Controller / iaStor70][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor70.sys><Intel Corporation>
[IBM ServeRAID Device Driver / ipsraidn][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ipsraidn.sys><IBM Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[KAVBootC / KAVBootC][Stopped/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[Keyboard HID Driver / kbdhid][Stopped/Manual Start]
  <system32\DRIVERS\kbdhid.sys><Microsoft Corporation>
[m5228 / m5228][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MegaIDE / MegaIDE][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Microsoft System Management BIOS Driver / mssmbios][Running/Manual Start]
  <system32\DRIVERS\mssmbios.sys><Microsoft Corporation>
[mv614x / mv614x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv614x.sys><N/A>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[mvSata / mvSata][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mvsata.sys><Marvell Semiconductors Inc.>
[IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nfrd960.sys><IBM Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[NsReSDev1 / NsReSDev1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Nskhelper2.sys><N/A>
[nvatabus / nvatabus][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[DDK PACKET Protocol / Packet][Stopped/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[CMD IDE Raid Controller / Pnp649r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\pnp649r.sys><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[ql2100 / ql2100][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver (w32 IP) / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2300.sys><QLogic Corporation>
[raidsrc / raidsrc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\raidsrc.sys><Intel>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr232x / rr232x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr232x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[S150sx8 / S150sx8][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\S150sx8.sys><Promise Technology, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Stopped/Manual Start]
  <system32\drivers\senfilt.sys><Creative Technology Ltd.>
[SiI-3512 SATALink Controller / SI3112][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3114 SoftRaid 5 Controller / Si3114r5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SiI-3124 SoftRaid 5 Controller / Si3124r5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Si3124r5.sys><Silicon Image, Inc>
[SiI-3132 SATALink Controller / SI3132][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3132.sys><Silicon Image, Inc.>
[SiI-3132 SoftRaid 5 Controller / Si3132r5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Si3132r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[sisraidx / sisraidx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisraidx.sys><Silicon Integrated Systems Corp.>
[smwdm / smwdm][Stopped/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[Software Bus Driver / swenum][Running/Manual Start]
  <system32\DRIVERS\swenum.sys><Microsoft Corporation>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[Symmpi / Symmpi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Stopped/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ulsata2.sys><Promise Technology, Inc.>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Microsoft USB Open Host Controller Miniport Driver / usbohci][Stopped/Manual Start]
  <system32\DRIVERS\usbohci.sys><Microsoft Corporation>
[VIA AGP Bus Filter / viaagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viaagp.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[ViBus / ViBus][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[VMscsi / VMscsi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\vmscsi.sys><VMware, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <f:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com>
[]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <f:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\QQ\QzoneMusic.dll, N/A>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <, >
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
[PID: 208][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
[PID: 232][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2034)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
[PID: 276][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
[PID: 288][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2034)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
[PID: 436][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
[PID: 480][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
[PID: 772][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.6.0.1653]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll]  [ESET, 3.0.644 ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1116][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
[PID: 1336][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1420][F:\ws\工具\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 1428][F:\ws\工具\sreng2\SREb37edc31.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.3300 (xpsp.080125-2028)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.3300 (xpsp.080125-2028)]
    [F:\ws\工具\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 union.daqi.com
127.0.0.1 121.15.247.22
127.0.0.1 61.155.140.4
127.0.0.1 219.129.239.251
127.0.0.1 61.164.118.208
127.0.0.1 www.zmjjjyy.cn
127.0.0.1 user9.78-10.net
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1420, F:\WS\工具\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]