[CODE]

2009-02-24,16:08:54

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <DrvMon.exe><; C:\WINDOWS\system32\DrvMon.exe>  [Alcor Micro, Corp.]
    <eMuleAutoStart><; C:\Program Files\eMule\emule.exe -AutoStart>  [File is missing]
    <Explorer><; C:\WINDOWS\system32\drivers\Messages.exe>  []
    <svchest.exe><; C:\WINDOWS\system32\svchest.exe>  [File is missing]
    <WangWang><; "C:\Program Files\Alisoft\WangWang\WangWang.exe">  [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [File is missing]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Component Publisher]
    <LaunchApp><Alaunch>  [N/A]
    <KTPWare><C:\Program Files\Elantech\ktp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [File is missing]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <EPM-DM><c:\acer\epm\epm-dm.exe>  [Acer Inc]
    <ePowerManagement><C:\Acer\ePM\ePM.exe boot>  [File is missing]
    <LManager><C:\PROGRA~1\LAUNCH~1\LManager.exe>  [Dritek System Inc.]
    <eRecoveryService><C:\Program Files\Acer\eRecovery\Monitor.exe>  [acer Inc.]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <dopoolreminder><; C:\Program Files\NuLive\Reminder.exe>  [(Verified)北京闪动科技有限公司]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <AE4D8A><; C:\WINDOWS\system32\D29431\AE4D8A.EXE>  [File is missing]
    <FlashgetMini><; C:\DOCUME~1\戴\LOCALS~1\Temp\emule\setup.exe>  [File is missing]
    <Google IME Autoupdater><; "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <Google Updater><; "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup>  [(Verified)Google Inc]
    <HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <NMGameX_AutoRun><; C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa>  [File is missing]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <UUSEE><; "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe">  [(Verified)"Beijing Shi Yue Network Technology Co., Ltd."]
    <YY><; C:\Program Files\duowan\yy\Start.exe>  [广州多玩信息技术有限公司]
    <搜狐电视机网页版><; C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "c6ccd27526396b114fbd868efa22a262" "1.0.0.10" "">  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <qq1735><C:\Documents and Settings\戴\Local Settings\Temporary Internet Files\Content.IE5\GNFFYSXT\cc2[1].exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll>  [N/A]
    <{815EDE81-767D-4636-80F5-141578667A98}><C:\WINDOWS\fonts\ijjwdedj.dll>  [File is missing]
    <{F01CD512-AE66-45BD-B182-EED2D68E9FA2}><C:\WINDOWS\fonts\ybhlffba.dll>  [File is missing]
    <{DCBC4DF7-09A8-42D0-BCF4-299F72F40EAD}><C:\WINDOWS\fonts\otucmbhc.dll>  [File is missing]
    <{56795385-A36B-4E82-BE6B-AFFAF76B0447}><C:\WINDOWS\fonts\injqdxow.dll>  [File is missing]
    <{E58B05EE-6CA5-42E1-A0CE-82169DDEE42C}><C:\WINDOWS\fonts\ciylucni.dll>  [File is missing]
    <{4EAA8F86-4217-48D0-A976-389247780A14}><C:\WINDOWS\fonts\sslutxbs.dll>  [File is missing]
    <{4B3DA347-ACBB-497B-B62F-957C4D2B46D3}><C:\WINDOWS\Fonts\ikydabhu.dll>  [File is missing]
    <{5AF04671-190D-4D5C-97AF-D8054F831E27}><C:\WINDOWS\fonts\zuttzxwd.dll>  [File is missing]
    <{C85CB78B-8D31-4C27-8533-149683423BF7}><C:\WINDOWS\fonts\soahqtuq.dll>  [File is missing]
    <{EAA62FB4-D874-4B03-AE8F-BE1A162EE771}><C:\WINDOWS\system32\eaamifbk.dll>  [File is missing]
    <{4506AD31-739D-4A88-9084-393F7C3D714F}><4506AD31.dll>  [N/A]
    <{FABE2F0E-7131-4ABE-A833-6B6D3BD4C888}><C:\WINDOWS\system32\fabeifge.dll>  [File is missing]
    <{01C52313-FF03-413E-A148-665C199D3279}><C:\WINDOWS\Fonts\jcjgmfxy.dll>  [File is missing]
    <{3CA7A137-35F8-46CD-B83B-534CD13D5A67}><C:\WINDOWS\Fonts\nupszezy.dll>  [File is missing]
    <{DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6}><C:\WINDOWS\Fonts\kzytjbrd.dll>  [File is missing]
    <{7B473157-ABA4-4222-8505-42F5D34EF824}><C:\WINDOWS\fonts\kgkzezat.dll>  [File is missing]
    <{A272F097-E24C-4A6E-8BCD-8C42839CE8DE}><C:\WINDOWS\Fonts\darvvvhf.dll>  [File is missing]
    <{22F35FAD-87A0-4833-ABFA-B2706D91B328}><C:\WINDOWS\system32\iifjlfad.dll>  [File is missing]
    <{77AC4257-6781-430B-80C1-BCA6D20C950F}><C:\WINDOWS\fonts\auldayis.dll>  [File is missing]
    <{DFEAF1AB-1B26-4ACF-A97A-BEF452ACBB4F}><C:\WINDOWS\fonts\emrpvpst.dll>  [File is missing]
    <{2EEEDBE8-79F4-4CAE-B6D9-2E63A7B680FA}><C:\WINDOWS\Fonts\hcjdfvph.dll>  [File is missing]
    <{0FE2703F-7C86-42BD-8B03-B43C481AD738}><C:\Program Files\Internet Explorer\BoboChen.jsp>  []
    <{8FF71D28-9FC0-4D5D-9FF1-6E24F96DE4B7}><C:\WINDOWS\fonts\rzabbxsv.dll>  [File is missing]
    <{D0A4406E-AAAA-44DC-97AD-6050E9FA0B69}><C:\WINDOWS\fonts\xuwmeqvq.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <C:\WINDOWS\fonts\ijjwdedj.dll><C:\WINDOWS\fonts\ijjwdedj.dll>  [File is missing]
    <C:\WINDOWS\fonts\ybhlffba.dll><C:\WINDOWS\fonts\ybhlffba.dll>  [File is missing]
    <C:\WINDOWS\fonts\otucmbhc.dll><C:\WINDOWS\fonts\otucmbhc.dll>  [File is missing]
    <C:\WINDOWS\fonts\injqdxow.dll><C:\WINDOWS\fonts\injqdxow.dll>  [File is missing]
    <C:\WINDOWS\fonts\ciylucni.dll><C:\WINDOWS\fonts\ciylucni.dll>  [File is missing]
    <C:\WINDOWS\fonts\sslutxbs.dll><C:\WINDOWS\fonts\sslutxbs.dll>  [File is missing]
    <C:\WINDOWS\Fonts\ikydabhu.dll><C:\WINDOWS\Fonts\ikydabhu.dll>  [File is missing]
    <C:\WINDOWS\fonts\zuttzxwd.dll><C:\WINDOWS\fonts\zuttzxwd.dll>  [File is missing]
    <C:\WINDOWS\fonts\soahqtuq.dll><C:\WINDOWS\fonts\soahqtuq.dll>  [File is missing]
    <EAA62FB4><C:\WINDOWS\system32\eaamifbk.dll>  [File is missing]
    <FABE2F0E><C:\WINDOWS\system32\fabeifge.dll>  [File is missing]
    <C:\WINDOWS\Fonts\jcjgmfxy.dll><C:\WINDOWS\Fonts\jcjgmfxy.dll>  [File is missing]
    <C:\WINDOWS\Fonts\nupszezy.dll><C:\WINDOWS\Fonts\nupszezy.dll>  [File is missing]
    <C:\WINDOWS\Fonts\kzytjbrd.dll><C:\WINDOWS\Fonts\kzytjbrd.dll>  [File is missing]
    <C:\WINDOWS\fonts\kgkzezat.dll><C:\WINDOWS\fonts\kgkzezat.dll>  [File is missing]
    <C:\WINDOWS\Fonts\darvvvhf.dll><C:\WINDOWS\Fonts\darvvvhf.dll>  [File is missing]
    <22F35FAD><C:\WINDOWS\system32\iifjlfad.dll>  [File is missing]
    <C:\WINDOWS\fonts\auldayis.dll><C:\WINDOWS\fonts\auldayis.dll>  [File is missing]
    <C:\WINDOWS\fonts\emrpvpst.dll><C:\WINDOWS\fonts\emrpvpst.dll>  [File is missing]
    <C:\WINDOWS\Fonts\hcjdfvph.dll><C:\WINDOWS\Fonts\hcjdfvph.dll>  [File is missing]
    <C:\WINDOWS\fonts\rzabbxsv.dll><C:\WINDOWS\fonts\rzabbxsv.dll>  [File is missing]
    <C:\WINDOWS\fonts\xuwmeqvq.dll><C:\WINDOWS\fonts\xuwmeqvq.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
    <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
    <IFEO[apvxdwin.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
    <IFEO[avengine.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
    <IFEO[avltmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
    <IFEO[avp32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe]
    <IFEO[avtask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
    <IFEO[bdagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe]
    <IFEO[bdwizreg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
    <IFEO[boxmod.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
    <IFEO[ccapp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe]
    <IFEO[ccenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
    <IFEO[ccevtmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe]
    <IFEO[ccregvfy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
    <IFEO[ccsetmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
    <IFEO[ekrn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe]
    <IFEO[extdb.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe]
    <IFEO[frameworkservice.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe]
    <IFEO[frwstub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe]
    <IFEO[guardfield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
    <IFEO[kaccore.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe]
    <IFEO[knownsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe]
    <IFEO[kvfw.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe]
    <IFEO[kvmonxp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
    <IFEO[kvprescan.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
    <IFEO[livesrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\makereport.exe]
    <IFEO[makereport.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
    <IFEO[mcagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe]
    <IFEO[mcdash.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe]
    <IFEO[mcdetect.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
    <IFEO[mcshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
    <IFEO[mctskshd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe]
    <IFEO[mcvsescn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
    <IFEO[mcvsshld.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
    <IFEO[mghtml.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe]
    <IFEO[naprdmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe]
    <IFEO[navw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe]
    <IFEO[oasclnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe]
    <IFEO[pavsrv51.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe]
    <IFEO[psctrls.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe]
    <IFEO[psimreal.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe]
    <IFEO[psimsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe]
    <IFEO[qqdoctormain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
    <IFEO[ras.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe]
    <IFEO[ravmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe]
    <IFEO[ravmond.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe]
    <IFEO[ravstub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe]
    <IFEO[ravtask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
    <IFEO[rfwproxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe]
    <IFEO[rsagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe]
    <IFEO[rsmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
    <IFEO[rsnetsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
    <IFEO[rssafety.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe]
    <IFEO[rstray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe]
    <IFEO[safebank.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
    <IFEO[safeboxtray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe]
    <IFEO[scanfrm.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
    <IFEO[sched.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
    <IFEO[seccenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe]
    <IFEO[secnotifier.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe]
    <IFEO[SetupLD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
    <IFEO[shstat.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe]
    <IFEO[smartup.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe]
    <IFEO[sndsrvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe]
    <IFEO[spbbcsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe]
    <IFEO[tbmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe]
    <IFEO[ulibcfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe]
    <IFEO[updaterui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe]
    <IFEO[vcr32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
    <IFEO[vptray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
    <IFEO[vsserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
    <IFEO[vstskmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe ]
    <IFEO[vstskmgr.exe ]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe]
    <IFEO[webproxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
    <IFEO[xcommsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe]
    <IFEO[xnlscn.exe]><ntsd -d>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[Mozilla Thunderbird]
  <C:\Documents and Settings\戴\「开始」菜单\程序\启动\Mozilla Thunderbird.lnk --> C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE [Mozilla Corporation]><N>

==================================
服务
[Notebook Manager Service / anbmService][Running/Auto Start]
  <C:\Acer\eManager\anbmServ.exe><OSA Technologies Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[ClipBook / ClipSrv][Stopped/Auto Start]
  <C:\WINDOWS\java\classes\ccwinlohgur.exe><Microsoft Corporation>
[Dopool_Schedule / Dopool_Schedule][Running/Auto Start]
  <C:\Program Files\NuLive\schedule.exe><P2P网络电视>
[EvtEng / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Google Software Updater / gusvc][Stopped/Auto Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery 服务 / hpqddsvc][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Security Control / sectolr][Stopped/Auto Start]
  <c:\windows\system32\rundll32.exe dbi121.dll,kutfhjpo><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.1.6.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[Broadcom 802.11网络适配卡驱动程序 / BCM43XX][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[bootsafe / bootsafe][Running/Boot Start]
  <\SystemRoot\system32\Drivers\bootsafe.sys><>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\D:\专杀工具\360compkill[1]\BREGDRV.sys><N/A>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[EMSCR / EMSCR][Running/Manual Start]
  <system32\DRIVERS\EMS7SK.sys><ENE Technology Inc.>
[Acer EPM Power Scheme Driver / EpmPsd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\epm-psd.sys><Acer Value Labs, USA>
[Acer EPM System Hardware Driver / EpmShd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\epm-shd.sys><Acer Value Labs, USA>
[ESDCR / ESDCR][Running/Manual Start]
  <system32\DRIVERS\ESD7SK.sys><ENE Technology Inc.>
[ESMCR / ESMCR][Running/Manual Start]
  <system32\DRIVERS\ESM7SK.sys><ENE Technology Inc.>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[int15.sys / int15.sys][Running/Auto Start]
  <\??\C:\Program Files\Acer\eRecovery\int15.sys><N/A>
[KAVSafe / KAVSafe][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><N/A>
[Elantech Touchpad / Ktp][Running/Manual Start]
  <system32\DRIVERS\Ktp.sys><ELANTECH Devices Corp.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\冒险岛\冒险岛online\npkcrypt.sys><N/A>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
  <system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[osaio / osaio][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\osaio.sys><OSA Technologies, An Avocent Company>
[osanbm / osanbm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\osanbm.sys><Windows (R) 2000 DDK provider>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[WLAN Transport / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[SMSC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMSC>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[VIA SCSI MiniPort / V1ASCSI][Running/Boot Start]
  <\SystemRoot\system32\avxualli.log><N/A>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[RESSDT / RESSDT][Stopped/Manual Start]
  <\??\c:\x1.tmp><N/A>
[Pandrv / Pandrv][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\Pandrv.sys><N/A>
[Dritek General Port I/O / DritekPortIO][Running/Disabled]
  <\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys><Dritek System Inc.>
[rspp / rspp][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Information Technology Co., Ltd.>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[HP Print Enhancer]
  {0347C33E-8762-4905-BF09-768834316C61} <C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll, (Signed) Hewlett-Packard Co.>
[HP Print Clips]
  {053F9267-DC04-4294-A72C-58F732D338C0} <C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll, (Signed) Hewlett-Packard Co.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {0FE2703F-7C86-42BD-8B03-B43C481AD738} <C:\Program Files\Internet Explorer\BoboChen.jsp, N/A>
[IETimber]
  {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\Internet Explorer\IETimber\IETimber.dll, (Signed) 北京世纪乾坤软件>
[]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll, (Signed) Google Inc.>
[FlashGetBHO]
  {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll, (Signed) Google Inc.>
[免费精彩视频超流畅在线观看]
  {022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[ClipBookBtn Class]
  {58ECB495-38F0-49cb-A538-10282ABF65E7} <C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll, (Signed) Hewlett-Packard Co.>
[EnhSelectionBtn Class]
  {700259D7-1666-479a-93B1-3250410481E8} <C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll, (Signed) Hewlett-Packard Co.>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[很快视频搜索]
  {998A88A0-A355-809B-831C-B83A80000991} <http://www.henkuai.com/?from=iebannel, N/A>
[启动UUSee 网络电视]
  {998A88A0-A355-809B-831C-B83A80000992} <C:\Program Files\uusee\UUSeePlayer.exe, (Signed) >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[&Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, (Signed) Sohu.com Inc.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WiFiOCX Control]
  {5EE6BFED-B016-4FE4-9781-789522416391} <C:\WINDOWS\system32\WiFiOCX.ocx, (Signed) TODO: <广东亿迅科技有限公司>>
[tcast control]
  {9CA74596-B5BB-4634-971C-F0224115A15F} <C:\WINDOWS\DOWNLO~1\TPLAYE~1.OCX, Tom Online Inc.>
[photo_uploader Control]
  {AD83AEA9-9D8D-4AEF-87D8-BFCFAF99A126} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, >
[KVFileUpdate Class]
  {CA234A53-E68D-44D5-A07C-481C051D0C7B} <C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <, >
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {022C4009-5283-4365-97BF-144054B40E2E} <, >
[HP Print Enhancer]
  {0347C33E-8762-4905-BF09-768834316C61} <C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll, (Signed) Hewlett-Packard Co.>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[HP Print Clips]
  {053F9267-DC04-4294-A72C-58F732D338C0} <C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll, (Signed) Hewlett-Packard Co.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, (Signed) Sohu.com Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, >
[]
  {0FE2703F-7C86-42BD-8B03-B43C481AD738} <C:\Program Files\Internet Explorer\BoboChen.jsp, N/A>
[IFlashGetNetscapeEx Class]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[ctl4RA Class]
  {27984DB8-C851-439E-B625-81740482BE7C} <C:\WINDOWS\system32\PRINTC~1.DLL, INFOSEC Tech. corp>
[JetCarNetscape Class]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.5712.71.739.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[IETimber]
  {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\Internet Explorer\IETimber\IETimber.dll, (Signed) 北京世纪乾坤软件>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {58ECB495-38F0-49CB-A538-10282ABF65E7} <, >
[]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[]
  {700259D7-1666-479A-93B1-3250410481E8} <, >
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {998A88A0-A355-809B-831C-B83A80000991} <, >
[]
  {998A88A0-A355-809B-831C-B83A80000992} <, >
[RavOnline Class]
  {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\dapctrl.2.1.5801.53.(739).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll, (Signed) Google Inc.>
[FlashGetBHO]
  {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll, (Signed) Google Inc.>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Program Files\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[QvodCtrl Class]
  {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.164.(739).dll, Thunder>
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <, >
[使用UUSee下载]
  <C:\Program Files\uusee\geturltodown.htm, N/A>
[使用UUSee加速播放]
  <C:\Program Files\uusee\geturltoplay.htm, N/A>
[使用WEB迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用快车(Flas&hGet)下载]
  <C:\Program Files\FlashGet Network\Flashget\GetUrl.htm, N/A>
[使用快车(Flash&Get)下载全部链接]
  <C:\Program Files\FlashGet Network\Flashget\GetAllUrl.htm, N/A>
[使用快车(FlashGet)下载该网页FLV]
  <C:\Program Files\FlashGet Network\Flashget\FlvDetector.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到卡巴斯基反广告]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>

==================================
正在运行的进程
[PID: 436 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 836 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 868 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4113]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 928 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1076 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4113]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 1092 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1172 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1276 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1324 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe]  [Intel Corporation, 9, 0, 1, 12]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 1488 / 戴][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4113]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 1548 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe]  [Intel Corporation , 9, 0, 1, 41]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 1560 / 戴][C:\WINDOWS\Explorer.EXE]  [N/A, ]
    [C:\WINDOWS\java\classes\classes.sys]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWSupdate.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 1636 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1744 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1908 / 戴][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 336 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\hpzll5ha.dll]  [Hewlett-Packard Company, 61.071.246.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll]  [Hewlett-Packard Corporation, 61.071.246.00]
[PID: 484 / SYSTEM][C:\Acer\eManager\anbmServ.exe]  [OSA Technologies Inc., 3.0.6.9]
    [C:\Acer\eManager\cpuid_dll.dll]  [ OSA Technologies, Inc., 1, 0, 6, 13]
    [C:\Acer\eManager\SMBIOSAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 6, 7]
    [C:\Acer\eManager\IpmiTrans.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 14]
    [C:\Acer\eManager\SYSAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 15]
    [C:\Acer\eManager\NBAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 1, 2]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 580 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 596 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 8, 15]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
[PID: 1720 / SYSTEM][C:\Program Files\NuLive\schedule.exe]  [P2P网络电视, 1, 0, 0, 6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 168 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 90.0.205.000]
    [c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 90.0.205.000]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 90.0.205.000]
[PID: 520 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe]  [Intel Corporation, 9, 0, 1, 10]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 980 / 戴][C:\WINDOWS\temp\explorer.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\Elantech\ELANDLL.Dll]  [ELANTECH Devices Corp., 5.0.0.0]
    [C:\Program Files\Tencent\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,1,221,0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 75]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 1264 / 戴][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 75]
    [C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_clipbookdb.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_selection.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_resource.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_comparison.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_collection.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_datatranslation.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\HP\Smart Web Printing\hpswp_composition.dll]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [C:\Program Files\Internet Explorer\IETimber\IETimber.dll]  [北京世纪乾坤软件, V02]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll]  [N/A, ]
    [C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll]  [Google Inc., 5, 0, 926, 3450]
    [C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll]  [FlashGet, 2, 4, 0, 1033]
    [C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll]  [Google Inc., 1, 0, 610, 10250]
[PID: 1632 / 戴][C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe]  [Hewlett-Packard Co., 2.15.7.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 1128 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 2208 / 戴][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 2256 / 戴][C:\Program Files\Elantech\ktp.exe]  [ELANTECH Devices Corp., 5, 0, 1, 0]
    [C:\Program Files\Elantech\KtpXPdll.dll]  [ELANTECH Devices Corp., 5, 0, 0, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\Elantech\KtpDll.Dll]  [ELANTECH Devices Corp., 5.0.1.2]
    [C:\Program Files\Elantech\ELANDLL.Dll]  [ELANTECH Devices Corp., 5.0.0.0]
[PID: 2292 / 戴][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5142]
[PID: 2308 / 戴][C:\acer\epm\epm-dm.exe]  [Acer Inc, 2.71]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 2328 / 戴][C:\PROGRA~1\LAUNCH~1\LManager.exe]  [Dritek System Inc., 1, 0, 0, 628]
    [C:\PROGRA~1\LAUNCH~1\ComFnUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\MMDUtl.dll]  [Dritek System Inc., 1, 2, 2, 2822]
    [C:\PROGRA~1\LAUNCH~1\PtIOUTL.dll]  [Dritek System Inc., 12, 1, 0, 2004]
    [C:\PROGRA~1\LAUNCH~1\SzUPFUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\OSDUtl.dll]  [Dritek System Inc., 1, 0, 1, 605]
    [C:\PROGRA~1\LAUNCH~1\RgnMaker.dll]  [Dritek System Inc., 12.07.1999 ( VC60 )]
    [C:\PROGRA~1\LAUNCH~1\CDRomUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\MixerUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\Wnd2File.dll]  [Dritek System Inc., 3.00]
    [C:\PROGRA~1\LAUNCH~1\SzPtcUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\PowerUtl.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\PROGRA~1\LAUNCH~1\LgKCUtl.Dll]  [Dritek System Inc., 2, 0, 1, 1]
    [C:\PROGRA~1\LAUNCH~1\DialCnt.Dll]  [Dritek System Inc., 1.10]
[PID: 2348 / 戴][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 59]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 2360 / 戴][C:\Program Files\NuLive\reminder.exe]  [NuLive P2P网络视频, 1.5.213.1]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\NuLive\NbaGameNotifier.dll]  [NuLive P2P网络视频, 1.5.219.1]
[PID: 2384 / 戴][C:\Program Files\Acer\eRecovery\Monitor.exe]  [acer Inc., 1, 2, 11, 1]
    [C:\Program Files\Acer\eRecovery\Data32.dll]  [NewTech Infosystems, Inc., 2, 0, 0, 49]
    [C:\Program Files\Acer\eRecovery\Cdrw32.dll]  [NewTech Infosystems, Inc., 3, 1, 0, 61]
    [C:\Program Files\Acer\eRecovery\CdrMmc32.dll]  [NewTech Infosystems, Inc., 3, 1, 0, 146]
    [C:\Program Files\Acer\eRecovery\CdrwEx32.dll]  [NewTech Infosystems, Inc., 3, 1, 0, 78]
    [C:\Program Files\Acer\eRecovery\ImagFile.dll]  [NewTech Infosystems, Inc., 1, 0, 0, 4]
    [C:\Program Files\Acer\eRecovery\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Acer\eRecovery\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Acer\eRecovery\NtiAspi.dll]  [NewTech Infosystems, Inc., 2, 5, 0, 2]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\Acer\eRecovery\extResource.dll]  [acer, 1, 1, 7, 0]
    [C:\Program Files\Acer\eRecovery\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 2432 / 戴][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 2508 / 戴][C:\DOCUME~1\戴\LOCALS~1\Temp\RtkBtMnt.EXE]  [Realtek Semiconductor Corp., 1.0.0.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
[PID: 2936 / 戴][D:\专杀工具\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 2948 / 戴][D:\专杀工具\sreng2\SREb421001a.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\Elantech\ELANDLL.Dll]  [ELANTECH Devices Corp., 5.0.0.0]
    [D:\专杀工具\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 3308 / 戴][C:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 5, 1250]
    [C:\Program Files\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 250]
    [C:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 414]
    [C:\Program Files\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4106]
    [C:\Program Files\Maxthon2\MxExt.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 9]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Internet Explorer\BoboChen.jsp]  [N/A, ]
    [C:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 302]
    [C:\Program Files\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\Program Files\Elantech\ELANDLL.Dll]  [ELANTECH Devices Corp., 5.0.0.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.60]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\Program Files\Elantech\KtpDll.Dll]  [ELANTECH Devices Corp., 5.0.1.2]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Adobe Systems, Inc., 10.2r22]

==================================
文件关联
.TXT  OK. [%systemroot%\system32\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       v.onondown.com.cn
127.0.0.2       ymsdasdw1.cn
127.0.0.3       h96b.info
127.0.0.0       fuck.zttwp.cn
127.0.0.0       www.hackerbf.cn
127.0.0.0       geekbyfeng.cn
127.0.0.0       121.14.101.68
127.0.0.0       ppp.etimes888.com
127.0.0.0       www.bypk.com
127.0.0.0       CSC3-2004-crl.verisign.com
127.0.0.1       va9sdhun23.cn
127.0.0.0       udp.hjob123.com
127.0.0.2       bnasnd83nd.cn
127.0.0.0       www.gamehacker.com.cn
127.0.0.0       gamehacker.com.cn
127.0.0.3       adlaji.cn
127.0.0.1       858656.com
127.1.1.1       bnasnd83nd.cn
127.0.0.1       my123.com
127.0.0.0       user1.12-27.net
127.0.0.1       8749.com
127.0.0.0       fengent.cn
127.0.0.1       4199.com
127.0.0.1       user1.16-22.net
127.0.0.1       7379.com
127.0.0.1       2be37c5f.3f6e2cc5f0b.com
127.0.0.1       7255.com
127.0.0.1       user1.23-12.net
127.0.0.1       3448.com
127.0.0.1       www.guccia.net
127.0.0.1       7939.com
127.0.0.1       a.o1o1o1.nEt
127.0.0.1       8009.com
127.0.0.1       user1.12-73.cn
127.0.0.1       piaoxue.com
127.0.0.1       3n8nlasd.cn
127.0.0.1       kzdh.com
127.0.0.0       www.sony888.cn
127.0.0.1       about.blank.la
127.0.0.0       user1.asp-33.cn
127.0.0.1       6781.com
127.0.0.0       www.netkwek.cn
127.0.0.1       7322.com
127.0.0.0       ymsdkad6.cn
127.0.0.1       localhost
127.0.0.0       www.lkwueir.cn
127.0.0.1       06.jacai.com
127.0.1.1       user1.23-17.net
127.0.0.1       1.jopenkk.com
127.0.0.0       upa.luzhiai.net
127.0.0.1       1.jopenqc.com
127.0.0.0       www.guccia.net
127.0.0.1       1.joppnqq.com
127.0.0.0       4m9mnlmi.cn
127.0.0.1       1.xqhgm.com
127.0.0.0       mm119mkssd.cn
127.0.0.1       100.332233.com
127.0.0.0       61.128.171.115:8080
127.0.0.1       121.11.90.79
127.0.0.0       www.1119111.com
127.0.0.1       121565.net
127.0.0.0       win.nihao69.cn
127.0.0.1       125.90.88.38
127.0.0.1       16888.6to23.com
127.0.0.1       2.joppnqq.com
127.0.0.0       puc.lianxiac.net
127.0.0.1       204.177.92.68
127.0.0.0       pud.lianxiac.net
127.0.0.1       210.74.145.236
127.0.0.0       210.76.0.133
127.0.0.1       219.129.239.220
127.0.0.0       61.166.32.2
127.0.0.1       219.153.40.221
127.0.0.0       218.92.186.27
127.0.0.1       219.153.46.27
127.0.0.0       www.fsfsfag.cn
127.0.0.1       219.153.52.123
127.0.0.0       ovo.ovovov.cn
127.0.0.1       221.195.42.71
127.0.0.0       dw.com.com
127.0.0.1       222.73.218.115
127.0.0.1       203.110.168.233:80
127.0.0.1       3.joppnqq.com
127.0.0.1       203.110.168.221:80
127.0.0.1       363xx.com
127.0.0.1       www1.ip10086.com.cm
127.0.0.1       4199.com
127.0.0.1       blog.ip10086.com.cn
127.0.0.1       43242.com
127.0.0.1       www.ccji68.cn
127.0.0.1       5.xqhgm.com
127.0.0.0       t.myblank.cn
127.0.0.1       520.mm5208.com
127.0.0.0       x.myblank.cn
127.0.0.1       59.34.131.54
127.0.0.1       210.51.45.5
127.0.0.1       59.34.198.228
127.0.0.1       www.ew1q.cn
127.0.0.1       59.34.198.88
127.0.0.1       59.34.198.97
127.0.0.1       60.190.114.101
127.0.0.1       60.190.218.34
127.0.0.0       qq-xing.com.cn
127.0.0.1       60.191.124.252
127.0.0.1       61.145.117.212
127.0.0.1       61.157.109.222
127.0.0.1       75.126.3.216
127.0.0.1       75.126.3.217
127.0.0.1       75.126.3.218
127.0.0.0       59.125.231.177:17777
127.0.0.1       75.126.3.220
127.0.0.1       75.126.3.221
127.0.0.1       75.126.3.222
127.0.0.1       772630.com
127.0.0.1       832823.cn
127.0.0.1       8749.com
127.0.0.1       888.jopenqc.com
127.0.0.1       89382.cn
127.0.0.1       8v8.biz
127.0.0.1       97725.com
127.0.0.1       9gg.biz
127.0.0.1       www.9000music.com
127.0.0.1       test.591jx.com
127.0.0.1       a.topxxxx.cn
127.0.0.1       picon.chinaren.com
127.0.0.1       www.5566.net
127.0.0.1       p.qqkx.com
127.0.0.1       news.netandtv.com
127.0.0.1       z.neter888.cn
127.0.0.1       b.myblank.cn
127.0.0.1       wvw.wokutu.com
127.0.0.1       unionch.qyule.com
127.0.0.1       www.qyule.com
127.0.0.1       it.itjc.cn
127.0.0.1       www.linkwww.com
127.0.0.1       vod.kaicn.com
127.0.0.1       www.tx8688.com
127.0.0.1       b.neter888.cn
127.0.0.1       promote.huanqiu.com
127.0.0.1       www.huanqiu.com
127.0.0.1       www.haokanla.com
127.0.0.1       play.unionsky.cn
127.0.0.1       www.52v.com
127.0.0.1       www.gghka.cn
127.0.0.1       icon.ajiang.net
127.0.0.1       new.ete.cn
127.0.0.1       www.stiae.cn
127.0.0.1       o.neter888.cn
127.0.0.1       comm.jinti.com
127.0.0.1       www.google-analytics.com
127.0.0.1       hz.mmstat.com
127.0.0.1       www.game175.cn
127.0.0.1       x.neter888.cn
127.0.0.1       z.neter888.cn
127.0.0.1       p.etimes888.com
127.0.0.1       hx.etimes888.com
127.0.0.1       abc.qqkx.com
127.0.0.1       dm.popdm.cn
127.0.0.1       www.yl9999.com
127.0.0.1       www.dajiadoushe.cn
127.0.0.1       v.onondown.com.cn
127.0.0.1       www.interoo.net
127.0.0.1       bally1.bally-bally.net
127.0.0.1       www.bao5605509.cn
127.0.0.1       www.rty456.cn
127.0.0.1       www.werqwer.cn
127.0.0.1       1.360-1.cn
127.0.0.1       user1.23-16.net
127.0.0.1       www.guccia.net
127.0.0.1       www.interoo.net
127.0.0.1       upa.netsool.net
127.0.0.1       js.users.51.la
127.0.0.1       vip2.51.la
127.0.0.1       web.51.la
127.0.0.1       qq.gong2008.com
127.0.0.1       2008tl.copyip.com
127.0.0.1       tla.laozihuolaile.cn
127.0.0.1       www.tx6868.cn
127.0.0.1       p001.tiloaiai.com
127.0.0.1       s1.tl8tl.com
127.0.0.1       s1.gong2008.com
127.0.0.1       4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1       2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 980, C:\WINDOWS\TEMP\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2292, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2308, C:\ACER\EPM\EPM-DM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2328, C:\PROGRA~1\LAUNCH~1\LMANAGER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2348, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2384, C:\PROGRAM FILES\ACER\ERECOVERY\MONITOR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2508, C:\DOCUME~1\戴\LOCALS~1\TEMP\RTKBTMNT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2936, D:\专杀工具\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] Google Software Updater.job
        C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]