[CODE]

2009-07-08,21:51:43

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <MPKrnl><rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc>  [File is missing]
    <Anti-Spy Tools><C:\Program Files\ast\ast.exe -min>  [(Verified)"ShenZhen DaChengTianXia Information Technology Co., Ltd."]
    <SecNotifier><C:\Program Files\Sucop\SecPlugin\SecNotifier.exe>  [(Verified)"ShenZhen DaChengTianXia Information Technology Co., Ltd."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [Microsoft Corporation]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[Mozhe ActMon Filter Driver / ActMon][Stopped/System Start]
  <\??\C:\Program Files\Mozhe\AnanClient\ActMon.sys><N/A>
[ASTTools / ASTTools][Stopped/Manual Start]
  <\??\C:\Program Files\ast\ASTTools.sys><DSW Lab>
[BFSDRV / BFSDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[ASTDriver / ASTDriver][Running/Manual Start]
  <\??\C:\Program Files\ast\ASTDriver.sys><Windows (R) Server 2003 DDK provider>

==================================
浏览器加载项
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SecAddons Class]
  {AF69627B-8489-41C2-971A-B927DF7A5B0F} <C:\Program Files\ast\SecAddons.dll, 超级巡警>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[畅游巡警]
  {C2EB616C-BFB0-4361-A02C-588F869A0E97} <C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, (Signed) 超级巡警>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[畅游巡警]
  {B057BF9C-55B4-4AA4-938A-FE78617866B8} <C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, (Signed) 超级巡警>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SecAddons Class]
  {AF69627B-8489-41C2-971A-B927DF7A5B0F} <C:\Program Files\ast\SecAddons.dll, 超级巡警>
[畅游巡警]
  {C2EB616C-BFB0-4361-A02C-588F869A0E97} <C:\Program Files\Sucop\SecPlugin\SecPlugin.dll, (Signed) 超级巡警>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, (Signed) Adobe Systems, Inc.>
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>

==================================
正在运行的进程
[PID: 448 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 860 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\qt-dx3.dll]  [N/A, ]
[PID: 924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 996 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 1080 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\qt-dx3.dll]  [N/A, ]
[PID: 1784 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\stobject.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ast\AST.dll]  [超级巡警, 1.0.2.10]
[PID: 1796 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1888 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.43]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 1948 / Administrator][C:\Program Files\ast\ast.exe]  [超级巡警, 1, 8, 6, 119]
    [C:\Program Files\ast\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\common.dll]  [超级巡警, 1, 4, 2, 32]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ast\EngineSDK.dll]  [超级巡警, 2, 2, 2, 61]
    [C:\Program Files\ast\aScanCom.dll]  [超级巡警, 2, 1, 2, 58]
    [C:\Program Files\ast\AST.dll]  [超级巡警, 1.0.2.10]
    [C:\Program Files\ast\AutoRun.dll]  [超级巡警, 2, 2, 2, 26]
    [C:\Program Files\ast\FileAnalyser.dll]  [超级巡警, 1.0.1.11]
    [C:\Program Files\ast\FileForceKiller.dll]  [DSW Lab, 1, 0, 0, 1]
    [C:\Program Files\ast\ManagerProcess.dll]  [超级巡警, 1.3.4.13]
    [C:\Program Files\ast\ManagerService.dll]  [超级巡警, 1.0.6.4]
    [C:\Program Files\ast\Monitor.dll]  [超级巡警, 1, 7, 9, 42]
    [C:\Program Files\ast\PortAssociate.dll]  [超级巡警, 1.0.3.7]
    [C:\Program Files\ast\ssdt.dll]  [超级巡警, 1.0.2.4]
    [C:\Program Files\ast\StateViewer.dll]  [超级巡警, 1, 0, 10, 18]
    [C:\Program Files\ast\tIERepair.dll]  [超级巡警, 1, 2, 2, 21]
    [C:\Program Files\ast\tRubbishClear.dll]  [超级巡警, 1, 5, 2, 25]
    [C:\Program Files\ast\tSecurityOptimize.dll]  [超级巡警, 1, 1, 2, 9]
    [C:\Program Files\ast\zDiagnosticTool.dll]  [超级巡警, 1.2.1.3]
    [C:\Program Files\ast\KillModule.dll]  [超级巡警, 1, 2, 2, 30]
    [C:\Program Files\ast\MScaner.dll]  [超级巡警, 1.0.0.26]
    [C:\Program Files\ast\ScanAd.dll]  [Secward Technologies, Inc., 1.0.1.2]
    [C:\Program Files\ast\SKEngine.dll]  [超级巡警, 1.6.5.12]
    [C:\Program Files\ast\smart.dll]  [超级巡警, 1.0.0.31]
    [C:\Program Files\ast\unarc.dll]  [超级巡警, 1.2.5]
    [C:\Program Files\ast\SScanner.dll]  [超级巡警, 1, 0, 6, 25]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
[PID: 1960 / Administrator][C:\Program Files\Sucop\SecPlugin\SecNotifier.exe]  [超级巡警, 1, 0, 0, 10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / Administrator][C:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 5, 2, 7058]
    [C:\Program Files\Maxthon2\MxPp.dll]  [Maxthon International ltd., 1, 0, 0, 295]
    [C:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 475]
    [C:\Program Files\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4250]
    [C:\Program Files\Maxthon2\MxUI.dll]  [Maxthon International Ltd., 3, 3, 1, 8]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ast\AST.dll]  [超级巡警, 1.0.2.10]
    [C:\Program Files\Maxthon2\mxtool2.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1269]
    [C:\Program Files\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\Program Files\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 302]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll]  [Maxthon International ltd., 1,0,0,1892]
    [C:\Program Files\Maxthon2\MxFav.dll]  [Maxthon International ltd., 2, 0, 0, 98]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 3848 / Administrator][E:\杀毒工具\SREngLdr.EXE\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3572 / Administrator][E:\杀毒工具\SREngLdr.EXE\SRE5ffb2f29.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ast\AST.dll]  [超级巡警, 1.0.2.10]
    [E:\杀毒工具\SREngLdr.EXE\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qt-dx3.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F8A5F8A-B3D8-4E87-A3BF-F45D30922751}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F8A5F8A-B3D8-4E87-A3BF-F45D30922751}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C90A85F-8EB3-401F-86CD-6E3EE306F17A}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C90A85F-8EB3-401F-86CD-6E3EE306F17A}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F4140C7-1AD3-47B5-B2DA-513B087C2166}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F4140C7-1AD3-47B5-B2DA-513B087C2166}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{12B96DB6-4F72-4BA1-8243-63A3E9176EF2}] SEQPACKET 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{12B96DB6-4F72-4BA1-8243-63A3E9176EF2}] DATAGRAM 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5477684-D8AA-41B2-9FAA-A5E38B4065A2}] SEQPACKET 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5477684-D8AA-41B2-9FAA-A5E38B4065A2}] DATAGRAM 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1	www.tgxzs.com
127.0.0.1	89382.cn
127.0.0.1	97725.com
127.0.0.1	43242.com
127.0.0.1	gualeifafksajof.43242.com
127.0.0.1	jiaofei123.140.tofor.com
127.0.0.1	ben666888.www1.910idc.com
127.0.0.1	pchorne.com
127.0.0.1	www.ctv163.com
127.0.0.1	www.aiaiso.com
127.0.0.1	cool.47555.com
127.0.0.1	guajfskajiw.43242.com
127.0.0.1	www.3448.com
127.0.0.1	pkdown.3322.org
127.0.0.1	ddos2.sz45.com
127.0.0.1	www.113678.com
127.0.0.1	www.1861.sh
127.0.0.1	www.x44.cn
127.0.0.1	www.799789.com
127.0.0.1	www.zhengdian.com
127.0.0.1	www.9000music.com
127.0.0.1	girlchinese.com
127.0.0.1	www.yibinren.com
127.0.0.1	www.mtv51.com
127.0.0.1	www.37021.com
127.0.0.1	www.cnqb.net
127.0.0.1	www.qq3344.com
127.0.0.1	www.qq3344.net
127.0.0.1	youlove.3322.net
127.0.0.1	www.58589.com
127.0.0.1	tty.yyun.net
127.0.0.1	www.ftlink.net
127.0.0.1	home.kimo.com.tw
127.0.0.1	www.pixpox.com
127.0.0.1	www.k163.com
127.0.0.1	www.qq3344.com
127.0.0.1	www.dj3344.com
127.0.0.1	www.qq3344.com
127.0.0.1	www.yysky.net
127.0.0.1	www.cnqb.net
127.0.0.1	61.145.117.212
127.0.0.1	ResponseMedia-ad.flycast.com
127.0.0.1	Suissa-ad.flycast.com
127.0.0.1	UGO.eu-adcenter.net
127.0.0.1	VNU.eu-adcenter.net
127.0.0.1	a32.g.a.yimg.com
127.0.0.1	ad-adex3.flycast.com
127.0.0.1	ad.adsmart.net
127.0.0.1	ad.ca.doubleclick.net
127.0.0.1	ad.de.doubleclick.net
127.0.0.1	ad.doubleclick.net
127.0.0.1	ad.fr.doubleclick.net
127.0.0.1	ad.jp.doubleclick.net
127.0.0.1	ad.linkexchange.com
127.0.0.1	ad.linksynergy.com
127.0.0.1	ad.nl.doubleclick.net
127.0.0.1	ad.no.doubleclick.net
127.0.0.1	ad.preferences.com
127.0.0.1	ad.sma.punto.net
127.0.0.1	ad.uk.doubleclick.net
127.0.0.1	ad.webprovider.com
127.0.0.1	ad08.focalink.com
127.0.0.1	adcontroller.unicast.com
127.0.0.1	adcreatives.imaginemedia.com
127.0.0.1	adex3.flycast.com
127.0.0.1	adforce.ads.imgis.com
127.0.0.1	adforce.imgis.com
127.0.0.1	adfu.blockstackers.com
127.0.0.1	adimage.blm.net
127.0.0.1	adimages.earthweb.com
127.0.0.1	adimg.egroups.com
127.0.0.1	admedia.xoom.com
127.0.0.1	adpick.switchboard.com
127.0.0.1	adremote.pathfinder.com
127.0.0.1	ads.admaximize.com
127.0.0.1	ads.bfast.com
127.0.0.1	ads.clickhouse.com
127.0.0.1	ads.enliven.com
127.0.0.1	ads.fairfax.com.au
127.0.0.1	ads.fool.com
127.0.0.1	ads.freshmeat.net
127.0.0.1	ads.hollywood.com
127.0.0.1	ads.i33.com
127.0.0.1	ads.infi.net
127.0.0.1	ads.jwtt3.com
127.0.0.1	ads.link4ads.com
127.0.0.1	ads.lycos.com
127.0.0.1	ads.madison.com
127.0.0.1	ads.mediaodyssey.com
127.0.0.1	ads.msn.com
127.0.0.1	ads.ninemsn.com.au
127.0.0.1	ads.seattletimes.com
127.0.0.1	ads.smartclicks.com
127.0.0.1	ads.smartclicks.net
127.0.0.1	ads.sptimes.com
127.0.0.1	ads.tripod.com
127.0.0.1	ads.web.aol.com
127.0.0.1	ads.x10.com
127.0.0.1	ads.xtra.co.nz
127.0.0.1	ads.zdnet.com
127.0.0.1	ads01.focalink.com
127.0.0.1	ads02.focalink.com
127.0.0.1	ads03.focalink.com
127.0.0.1	ads04.focalink.com
127.0.0.1	ads05.focalink.com
127.0.0.1	ads06.focalink.com
127.0.0.1	ads08.focalink.com
127.0.0.1	ads09.focalink.com
127.0.0.1	ads1.activeagent.at
127.0.0.1	ads10.focalink.com
127.0.0.1	ads11.focalink.com
127.0.0.1	ads12.focalink.com
127.0.0.1	ads14.focalink.com
127.0.0.1	ads16.focalink.com
127.0.0.1	ads17.focalink.com
127.0.0.1	ads18.focalink.com
127.0.0.1	ads19.focalink.com
127.0.0.1	ads2.zdnet.com
127.0.0.1	ads20.focalink.com
127.0.0.1	ads21.focalink.com
127.0.0.1	ads22.focalink.com
127.0.0.1	ads23.focalink.com
127.0.0.1	ads24.focalink.com
127.0.0.1	ads25.focalink.com
127.0.0.1	ads3.zdnet.com
127.0.0.1	ads5.gamecity.net
127.0.0.1	adserv.iafrica.com
127.0.0.1	adserv.quality-channel.de
127.0.0.1	adserver.dbusiness.com
127.0.0.1	adserver.garden.com
127.0.0.1	adserver.janes.com
127.0.0.1	adserver.merc.com
127.0.0.1	adserver.monster.com
127.0.0.1	adserver.track-star.com
127.0.0.1	adserver1.ogilvy-interactive.de
127.0.0.1	adtegrity.spinbox.net
127.0.0.1	antfarm-ad.flycast.com
127.0.0.1	au.ads.link4ads.com
127.0.0.1	banner.media-system.de
127.0.0.1	banner.orb.net
127.0.0.1	banner.relcom.ru
127.0.0.1	banners.easydns.com
127.0.0.1	banners.looksmart.com
127.0.0.1	banners.wunderground.com
127.0.0.1	barnesandnoble.bfast.com
127.0.0.1	beseenad.looksmart.com
127.0.0.1	bizad.nikkeibp.co.jp
127.0.0.1	bn.bfast.com
127.0.0.1	c3.xxxcounter.com
127.0.0.1	califia.imaginemedia.com
127.0.0.1	cds.mediaplex.com
127.0.0.1	click.avenuea.com
127.0.0.1	click.go2net.com
127.0.0.1	click.linksynergy.com
127.0.0.1	cookies.cmpnet.com
127.0.0.1	cornflakes.pathfinder.com
127.0.0.1	counter.hitbox.com
127.0.0.1	crux.songline.com
127.0.0.1	erie.smartage.com
127.0.0.1	etad.telegraph.co.uk
127.0.0.1	fp.valueclick.com
127.0.0.1	gadgeteer.pdamart.com
127.0.0.1	gm.preferences.com
127.0.0.1	gp.dejanews.com
127.0.0.1	hg1.hitbox.com
127.0.0.1	image.click2net.com
127.0.0.1	image.eimg.com
127.0.0.1	images2.nytimes.com
127.0.0.1	jobkeys.ngadcenter.net
127.0.0.1	kansas.valueclick.com
127.0.0.1	leader.linkexchange.com
127.0.0.1	liquidad.narrowcastmedia.com
127.0.0.1	ln.doubleclick.net
127.0.0.1	m.doubleclick.net
127.0.0.1	macaddictads.snv.futurenet.com
127.0.0.1	maximumpcads.imaginemedia.com
127.0.0.1	media.preferences.com
127.0.0.1	mercury.rmuk.co.uk
127.0.0.1	mojofarm.sjc.mediaplex.com
127.0.0.1	nbc.adbureau.net
127.0.0.1	newads.cmpnet.com
127.0.0.1	ng3.ads.warnerbros.com
127.0.0.1	ngads.smartage.com
127.0.0.1	nsads.hotwired.com
127.0.0.1	ntbanner.digitalriver.com
127.0.0.1	ph-ad05.focalink.com
127.0.0.1	ph-ad07.focalink.com
127.0.0.1	ph-ad16.focalink.com
127.0.0.1	ph-ad17.focalink.com
127.0.0.1	ph-ad18.focalink.com
127.0.0.1	realads.realmedia.com
127.0.0.1	redherring.ngadcenter.net
127.0.0.1	redirect.click2net.com
127.0.0.1	regio.adlink.de
127.0.0.1	retaildirect.realmedia.com
127.0.0.1	s2.focalink.com
127.0.0.1	sh4sure-images.adbureau.net
127.0.0.1	spin.spinbox.net
127.0.0.1	static.admaximize.com
127.0.0.1	stats.superstats.com
127.0.0.1	sview.avenuea.com
127.0.0.1	thinknyc.eu-adcenter.net
127.0.0.1	tracker.clicktrade.com
127.0.0.1	tsms-ad.tsms.com
127.0.0.1	v0.extreme-dm.com
127.0.0.1	v1.extreme-dm.com
127.0.0.1	van.ads.link4ads.com
127.0.0.1	view.accendo.com
127.0.0.1	view.avenuea.com
127.0.0.1	w113.hitbox.com
127.0.0.1	w25.hitbox.com
127.0.0.1	web2.deja.com
127.0.0.1	webads.bizservers.com
127.0.0.1	www.PostMasterBannerNet.com
127.0.0.1	www.ad-up.com
127.0.0.1	www.admex.com
127.0.0.1	www.alladvantage.com
127.0.0.1	www.burstnet.com
127.0.0.1	www.commission-junction.com
127.0.0.1	www.eads.com
127.0.0.1	www.freestats.com
127.0.0.1	www.imaginemedia.com
127.0.0.1	www.netdirect.nl
127.0.0.1	www.oneandonlynetwork.com
127.0.0.1	www.targetshop.com
127.0.0.1	www.teknosurf2.com
127.0.0.1	www.teknosurf3.com
127.0.0.1	www.valueclick.com
127.0.0.1	www.websitefinancing.com
127.0.0.1	www2.burstnet.com
127.0.0.1	www4.trix.net
127.0.0.1	www80.valueclick.com
127.0.0.1	z.extreme-dm.com
127.0.0.1	z0.extreme-dm.com
127.0.0.1	z1.extreme-dm.com
127.0.0.1	ads.rediff.com
127.0.0.1	ads.indya.com
127.0.0.1	ads.adflight.com
127.0.0.1	ads.beguide.net
127.0.0.1	ads.mediaturf.net
127.0.0.1	ad1.adcept.net
127.0.0.1	ad2.adcept.net
127.0.0.1	ad3.adcept.net
127.0.0.1	ads.fortunecity.com
127.0.0.1	www.139cn.com
127.0.0.1	www.7liao.com
127.0.0.1	chat.51liao.net
127.0.0.1	www.51liao.net
127.0.0.1	www.7liao.net
127.0.0.1	www.6see.com
127.0.0.1	bliao.com
127.0.0.1	www.bliao.com
127.0.0.1	www.v111.com
127.0.0.1	music.v111.com
127.0.0.1	www.qq165.com
127.0.0.1	www.xicu.com
127.0.0.1	www.haodx.com
127.0.0.1	www.haohz.com
127.0.0.1	www.dj99.com
127.0.0.1	www.dj99.net
127.0.0.1	www.yqdj.com
127.0.0.1	www.qq530.com
127.0.0.1	www.tt67.com
127.0.0.1	ad.t2t2.com
127.0.0.1	www.yexr.com
127.0.0.1	chat.9see.com
127.0.0.1	www.ok816.com
127.0.0.1	www.3399.net
127.0.0.1	www.ads8.com
127.0.0.1	www.5566.net
127.0.0.1	www.t2t2.com
127.0.0.1	popad.qq.com
127.0.0.1	v.jsdownload.com
127.0.0.1	www.linktoad.com
127.0.0.1	club.homeway.com.cn
127.0.0.1	sms1.ctn.com.cn
127.0.0.1	sms2.ctn.com.cn
127.0.0.1	sms3.ctn.com.cn
127.0.0.1	www.331122.com
127.0.0.1	mmpic.uni.cc
127.0.0.1	www.love34.com
127.0.0.1	www.free-movie.org
127.0.0.1	www.skyhits.com
127.0.0.1	www.rd18.com
127.0.0.1	tadsweb.tencent.com
127.0.0.1	www.vlike.com
127.0.0.1	www.chinasee.net
127.0.0.1	www.japansky.net
127.0.0.1	www.225.com.cn
127.0.0.1	ads.china.com
127.0.0.1	www.yes521.com
127.0.0.1	www.today6.com
127.0.0.1	www.h2004.com
127.0.0.1	www.movie4.com
127.0.0.1	www.rm88.com
127.0.0.1	www.qq300.com
127.0.0.1	www.qq500.com
127.0.0.1	www.av126.com
127.0.0.1	www.kissmm.com
127.0.0.1	www.cn808.net
127.0.0.1	www.hao168.com
127.0.0.1	www.mm91.com
127.0.0.1	www.huole.com
127.0.0.1	www.kan69.com
127.0.0.1	ulinkdir.tom.com
127.0.0.1	cpc.sohu.com
127.0.0.1	images.sohu.com
127.0.0.1	adv.pconline.com.cn
127.0.0.1	goto.sohu.com
127.0.0.1	images2.sohu.com
127.0.0.1	www.sexy-books.com
127.0.0.1	www.xxbooks.com
127.0.0.1	www.18it.com
127.0.0.1	www.cnxxx.com
127.0.0.1	www.18-girl.net
127.0.0.1	ad.tom.com
127.0.0.1	ad4.sina.com.cn
127.0.0.1	sina.allyes.com
127.0.0.1	adtaobao.allyes.com
127.0.0.1	smarttrade.allyes.com
127.0.0.1	tom.allyes.com
127.0.0.1	szwindow.allyes.com
127.0.0.1	eachnetmember.allyes.com
127.0.0.1	iplus.allyes.com
127.0.0.1	sinatest.allyes.com
127.0.0.1	casting9.allyes.com
127.0.0.1	yinsha.allyes.com
127.0.0.1	stockstar.allyes.com
127.0.0.1	www.001x.com
127.0.0.1	www.hksexweb.com
127.0.0.1	www.99adultx.com
127.0.0.1	www2.xfreehosting.com
127.0.0.1	www1.xfreehosting.com
127.0.0.1	www.w555.net
127.0.0.1	www.excitecity.com
127.0.0.1	www.0xing.com
127.0.0.1	sba.3322.net
127.0.0.1	www.zgxl.net
127.0.0.1	www.qqpic.com
127.0.0.1	webspacecn.com
127.0.0.1	www.yeapple.com
127.0.0.1	manage.link8.com
127.0.0.1	www.web888.org
127.0.0.1	www.432.cn
127.0.0.1	www.kan123.com
127.0.0.1	www.3tom.com
127.0.0.1	www.sotop.com
127.0.0.1	www3.7789.com
127.0.0.1	www.66036.com
127.0.0.1	www1.66036.com
127.0.0.1	www2.66036.com
127.0.0.1	www3.66036.com
127.0.0.1	www4.66036.com
127.0.0.1	www5.66036.com
127.0.0.1	www6.66036.com
127.0.0.1	www7.66036.com
127.0.0.1	www8.66036.com
127.0.0.1	www9.66036.com
127.0.0.1	www10.66036.com
127.0.0.1	tj4.7789.com
127.0.0.1	tj5.7789.com
127.0.0.1	tj6.7789.com
127.0.0.1	tj7.7789.com
127.0.0.1	www.7789.com
127.0.0.1	count.zhao123.com
127.0.0.1	count1.zhao123.com
127.0.0.1	count2.zhao123.com
127.0.0.1	count3.zhao123.com
127.0.0.1	count4.zhaocount.com
127.0.0.1	count5.zhaocount.com
127.0.0.1	count6.zhaocount.com
127.0.0.1	count7.zhaocount.com
127.0.0.1	count8.zhaocount.com
127.0.0.1	count9.zhaocount.com
127.0.0.1	count10.zhaocount.com
127.0.0.1	count11.zhaocount.com
127.0.0.1	tj1.mytongji.com
127.0.0.1	count1.99count.com
127.0.0.1	www.99count.com
127.0.0.1	www2.7789.com
127.0.0.1	www.guang.org
127.0.0.1	www.dlmovie.com
127.0.0.1	www.91look.com
127.0.0.1	www.kan51.com
127.0.0.1	www.mewo.com
127.0.0.1	coolsite21.com
127.0.0.1	www.t3j4.com
127.0.0.1	www.yun8.com
127.0.0.1	film.yun8.com
127.0.0.1	www.wo123.com
127.0.0.1	www.da123.com
127.0.0.1	www.huole.com
127.0.0.1	www.1ya.cn
127.0.0.1	www.sleazydream.com
127.0.0.1	www.easypic2.com
127.0.0.1	serv.sexushost.com
127.0.0.1	www.xfreehosting.com
127.0.0.1	www.888txt.com
127.0.0.1	asiafriendfinder.com
127.0.0.1	www3.cool168.com
127.0.0.1	www2.cool168.com
127.0.0.1	www1.cool168.com
127.0.0.1	www.happy8.cn
127.0.0.1	www.topsex2k.com
127.0.0.1	topxxx.sexushost.com
127.0.0.1	www.cool168.com
127.0.0.1	www.s6.cn
127.0.0.1	popme.163.com
127.0.0.1	adclient.163.com
127.0.0.1	fadama.com
127.0.0.1	www.66vv.com
127.0.0.1	www.qqee.com
127.0.0.1	www.sohu123.com
127.0.0.1	www.xgmm.com
127.0.0.1	www.7t7t.com
127.0.0.1	www.cnimg.com
127.0.0.1	www.love34.com
127.0.0.1	cdn2.cnnic.cn
127.0.0.1	cool.vv66.com
127.0.0.1	www.vv66.com
127.0.0.1	www.freepicturepage.com
127.0.0.1	www.snasty.com
127.0.0.1	www.yourcage.com
127.0.0.1	www.shagadelic.com
127.0.0.1	hualiao.net
127.0.0.1	www.qq163.com
127.0.0.1	www.qq163.net

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3848, E:\杀毒工具\SRENGLDR.EXE\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\ast\AST.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\ast\AST.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]