[CODE]

2009-09-14,11:16:03

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <iKu><C:\Program Files\YouKu\iKu\iKu.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <domino><C:\WINDOWS\domino.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VMSnap1><C:\WINDOWS\VMSnap1.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><D:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <XLSoftmgrTray><C:\Program Files\Thunder Network\SoftManager\Program\XLSoftmgrTray.exe  /sysstart>  [File is missing]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <updater><C:\WINDOWS\system32\updater.exe>  []
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <ming9bstart><C:\WINDOWS\system\ming9b090423.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <{E3531A16-FFEA-416F-82DF-32FEDE02EABF}><C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll>  []
    <{A6B7F435-38B4-4DCC-9EBF-21C968ECF4FD}><C:\WINDOWS\system32\S9UQCTA4tnRSJhfxC7Vfj.inf>  []
    <{737858A9-9AEA-4838-9B49-54DA731F7F37}><C:\WINDOWS\system32\BMsg6pdMD4ht.dll>  []
    <{CF2C613A-A0D9-4E5C-B1BB-6B03B269B054}><C:\WINDOWS\system32\rKPbzUHze58GK2VWcYUCt.inf>  []
    <{A600E212-2A41-41BC-92F1-ED5C96B06185}><C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf>  []
    <{51716C09-6B08-4CCF-B526-718E912C0573}><C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll>  []
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll>  []
    <{5405A7B2-F3F5-446F-8715-2A4EF674E079}><C:\WINDOWS\system32\rfpz9wwyy2np.dll>  []
    <{610B6886-2A1A-475A-A842-65A613C70460}><C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf>  []
    <{765BA0B5-EBE4-4B1A-AFDA-5683606F626C}><C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll>  []
    <{87DE8A1A-96C5-4420-B222-EF998F697CE7}><C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll>  []
    <{108DA6C0-CFBF-41D4-9A09-C4D06AE6FFD2}><C:\WINDOWS\system32\Q9q2MHJ3uTBErM7wc.inf>  [File is missing]
    <{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll>  []
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll>  []
    <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon>  []
    <{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll>  []
    <{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll>  []
    <{5B0C7E2C-3257-4619-8282-A173017B16E2}><C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur>  []
    <{CD478099-014D-4B3A-A4BB-B518F1019BC7}><C:\WINDOWS\system32\SCEVFJRCmaB7.dll>  []
    <{7F41BC77-7742-4ABF-9277-1316B43D049A}><C:\WINDOWS\system32\kFDDTTA2NjqgtbCWBxS.inf>  [File is missing]
    <{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}><C:\WINDOWS\system32\ndxq9awMc.dll>  []
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><C:\WINDOWS\system32\2EF0D734.dll>  []
    <{51AA0D89-E9A9-4284-93E8-40C0FDD59304}><C:\WINDOWS\system32\eNyN5X48HrtXc.dll>  [File is missing]
    <{CE38B9E6-AF0C-4B93-AFAB-A20C2311FFD0}><C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf>  []
    <{A5CA6C70-7185-4466-AB45-B1C34E7A37CA}><C:\WINDOWS\system32\ed78ab9.dll>  [File is missing]
    <{BE12C98F-645D-4566-B524-DC32040B7C8A}><C:\WINDOWS\system32\eYNMAnskCCBQCc8Jp.dll>  []
    <{ECC00636-8C3B-4D8D-B271-AAA6DF9505CD}><C:\WINDOWS\system32\Am274u6Rqq2cTzTpjCGKy.inf>  []
    <{1719B301-B494-4185-9379-242461F9CF02}><C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf>  []
    <{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}><C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf>  []
    <{41D2953A-CB90-485A-8673-6975088309F7}><C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf>  []
    <{93F33500-527E-4E33-AECA-69B15243A90E}><C:\WINDOWS\system32\cRsAQd4hw.dll>  []
    <{93DA1E7D-7C46-4F90-8674-EC90511FCA72}><C:\WINDOWS\system32\CDuAUVkGy9.dll>  []
    <{72236771-3891-46BF-B185-1D816A09333F}><C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf>  []
    <{AB8105BD-1B1B-40F3-8D3D-65FD7FC68CC5}><C:\WINDOWS\Downloaded Program Files\ktEDQzfuNZk2SUAMgyAZz.cur>  []
    <{B7D59563-AD35-4D2B-B174-7A61A0BC829B}><C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf>  []
    <{C1B34818-3883-4A0A-9665-189A8A39EAB0}><C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf>  []
    <{E5608703-D625-410D-B97E-6AB2D40D1A9F}><C:\WINDOWS\Tasks\KzuFUQHxezWBCenC2A.inf>  []
    <{C5CB6C70-7185-4466-AB45-B1C34E7A37CA}><C:\WINDOWS\system32\usbvmx.dll>  []
    <{076FB645-17A5-4DE6-B23E-C90FAB741CB0}><C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf>  []
    <{66D2E7CF-582B-4146-85B3-93224CB76DC9}><C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf>  []
    <{4894F5C2-169D-4DAC-A982-444B9BDB3AC4}><C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur>  []
    <{7488E47D-E8F3-41C0-B2DA-9B2BD8803A80}><C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf>  []
    <{129067F2-E20A-4D14-8F30-FC3968B9C028}><C:\WINDOWS\Tasks\ybmux4Mu6FUnQJEHWu.inf>  []
    <{1C0D6505-4198-4783-82F4-C6683FF6C4EF}><C:\WINDOWS\Tasks\CxsxepuZefXkXcNY8h.inf>  []
    <{E16EA4C8-040B-4A12-A0F5-783963AD665D}><C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\aetsprov]
    <N/A><C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\aetsprov.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
    <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe]
    <IFEO[360SoftMgrSvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.e]
    <IFEO[360tray.e]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
    <IFEO[agentsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
    <IFEO[apvxdwin.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
    <IFEO[ast.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
    <IFEO[avengine.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
    <IFEO[avltmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe]
    <IFEO[avmailc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
    <IFEO[avp32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe]
    <IFEO[avtask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe]
    <IFEO[avwebgrd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
    <IFEO[bdagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe]
    <IFEO[bdwizreg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
    <IFEO[boxmod.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
    <IFEO[ccapp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
    <IFEO[ccevtmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe]
    <IFEO[ccregvfy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
    <IFEO[ccsetmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
    <IFEO[cqw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
    <IFEO[DrvAnti.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
    <IFEO[ekrn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
    <IFEO[enc98.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe]
    <IFEO[extdb.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe]
    <IFEO[frameworkservice.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe]
    <IFEO[frwstub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe]
    <IFEO[guardfield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe]
    <IFEO[iparmor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
    <IFEO[kaccore.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe]
    <IFEO[kasmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe]
    <IFEO[kav32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
    <IFEO[kavsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvcui.exe]
    <IFEO[kavsvcui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe]
    <IFEO[kislnchr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
    <IFEO[kmailmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe]
    <IFEO[knownsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
    <IFEO[kpfw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
    <IFEO[kpfwsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe]
    <IFEO[kregex.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe]
    <IFEO[kswebshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe]
    <IFEO[kvfw.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe]
    <IFEO[kvmonxp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp]
    <IFEO[kvmonxp.kxp]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
    <IFEO[kvprescan.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe]
    <IFEO[kvsrvxp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp]
    <IFEO[kvxp.kxp]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
    <IFEO[kwatch.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
    <IFEO[livesrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
    <IFEO[mcagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe]
    <IFEO[mcdash.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe]
    <IFEO[mcdetect.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe]
    <IFEO[mcmscsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
    <IFEO[McNASvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe]
    <IFEO[Mcods.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
    <IFEO[McProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe]
    <IFEO[McSACore.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
    <IFEO[mcshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
    <IFEO[mcsysmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
    <IFEO[mctskshd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe]
    <IFEO[mcvsescn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
    <IFEO[mcvsshld.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
    <IFEO[mghtml.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
    <IFEO[MpfSrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe]
    <IFEO[MPMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe]
    <IFEO[MPSVC.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe]
    <IFEO[MPSVC1.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe]
    <IFEO[MPSVC2.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe]
    <IFEO[msksrver.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe]
    <IFEO[naprdmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
    <IFEO[navapsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
    <IFEO[navapw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe]
    <IFEO[navw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe]
    <IFEO[nmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
    <IFEO[nod32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe]
    <IFEO[npfmntor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe]
    <IFEO[oasclnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe]
    <IFEO[pavsrv51.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe]
    <IFEO[pfw.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe]
    <IFEO[psctrls.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe]
    <IFEO[psimreal.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe]
    <IFEO[psimsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe]
    <IFEO[qqdoctormain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe]
    <IFEO[qutmserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe]
    <IFEO[ras.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe]
    <IFEO[ravmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe]
    <IFEO[ravstub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
    <IFEO[rfwproxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe]
    <IFEO[rsmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
    <IFEO[rsnetsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
    <IFEO[rssafety.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe]
    <IFEO[RsTray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe]
    <IFEO[safebank.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
    <IFEO[safeboxtray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe]
    <IFEO[scanfrm.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
    <IFEO[sched.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
    <IFEO[seccenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe]
    <IFEO[secnotifier.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe]
    <IFEO[SetupLD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe]
    <IFEO[SfCtlCom.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
    <IFEO[shstat.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe]
    <IFEO[smartup.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe]
    <IFEO[sndsrvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe]
    <IFEO[spbbcsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe]
    <IFEO[tbmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe]
    <IFEO[TMBMSRV.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe]
    <IFEO[TmProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe]
    <IFEO[UfSeAgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe]
    <IFEO[uihost.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe]
    <IFEO[ulibcfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe]
    <IFEO[updaterui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe]
    <IFEO[uplive.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe]
    <IFEO[vcr32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe]
    <IFEO[vcrmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
    <IFEO[vptray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
    <IFEO[vsserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
    <IFEO[vstskmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe]
    <IFEO[webproxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
    <IFEO[xcommsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe]
    <IFEO[xnlscn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe]
    <IFEO[修复工具.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe>貉wH醾]
    <IFEO[修复工具.exe>貉wH醾]><ntsd -d>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\Aurora.scr>  [Axialis Software]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[6to4 / 6to4][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\6to4.dll><N/A>
[Application Management / AppMgmt][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><N/A>
[Computer Browser / Browser][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Error Reporting Service / ERSvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ersvc.dll><N/A>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Ias / Ias][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Ias.dll><N/A>
[Iprip / Iprip][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Iprip.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[NWCWorkstation / NWCWorkstation][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\NWCWorkstation.dll><N/A>
[Nwsapagent / Nwsapagent][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Nwsapagent.dll><N/A>
[Remote Access Auto Connection Manager / RasAuto][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasauto.dll><N/A>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[System Restore Service / srservice][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\srsvc.dll><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\MsPMSNSv.dll><N/A>
[WmdmPmSp / WmdmPmSp][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
[Network Provisioning Service / xmlprov][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><N/A>

==================================
驱动程序
[299046d8c5e1a0f2 / 299046d8c5e1a0f2][Stopped/Manual Start]
  <\??\C:\299046d8c5e1a0f2.dat><N/A>
[2f6460a81317b9fe / 2f6460a81317b9fe][Stopped/Manual Start]
  <\??\C:\2f6460a81317b9fe.dat><N/A>
[33e59c482b69f70d / 33e59c482b69f70d][Stopped/Manual Start]
  <\??\C:\33e59c482b69f70d.dat><N/A>
[4d082358c5d3ea14 / 4d082358c5d3ea14][Stopped/Manual Start]
  <\??\C:\4d082358c5d3ea14.dat><N/A>
[559612a4aacafbd0 / 559612a4aacafbd0][Stopped/Manual Start]
  <\??\C:\559612a4aacafbd0.dat><N/A>
[594bb6e8cc749c3e / 594bb6e8cc749c3e][Stopped/Manual Start]
  <\??\C:\594bb6e8cc749c3e.dat><N/A>
[5eef994cde945284 / 5eef994cde945284][Stopped/Manual Start]
  <\??\C:\5eef994cde945284.dat><N/A>
[615bbed0bf5a14bb / 615bbed0bf5a14bb][Stopped/Manual Start]
  <\??\C:\615bbed0bf5a14bb.dat><N/A>
[6349fcf00611be2b / 6349fcf00611be2b][Stopped/Manual Start]
  <\??\C:\6349fcf00611be2b.dat><N/A>
[779d9868dffeeb91 / 779d9868dffeeb91][Stopped/Manual Start]
  <\??\C:\779d9868dffeeb91.dat><N/A>
[7ad55548741257c1 / 7ad55548741257c1][Stopped/Manual Start]
  <\??\C:\7ad55548741257c1.dat><N/A>
[8954d6f08ff1c28c / 8954d6f08ff1c28c][Stopped/Manual Start]
  <\??\C:\8954d6f08ff1c28c.dat><N/A>
[8daf3a94564eebfb / 8daf3a94564eebfb][Stopped/Manual Start]
  <\??\C:\8daf3a94564eebfb.dat><N/A>
[949c9bb8a831d1d8 / 949c9bb8a831d1d8][Stopped/Manual Start]
  <\??\C:\949c9bb8a831d1d8.dat><N/A>
[98f6ff5c6f94faef / 98f6ff5c6f94faef][Stopped/Manual Start]
  <\??\C:\98f6ff5c6f94faef.dat><N/A>
[a06247e4a327a6b3 / a06247e4a327a6b3][Stopped/Manual Start]
  <\??\C:\a06247e4a327a6b3.dat><N/A>
[a3732cc821485162 / a3732cc821485162][Stopped/Manual Start]
  <\??\C:\a3732cc821485162.dat><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start]
  <System32\Drivers\adildr.sys><N/A>
[USB ADSL LAN Adapter / adiusbae][Stopped/Manual Start]
  <system32\DRIVERS\adiusbae.sys><N/A>
[USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start]
  <system32\DRIVERS\adiusbaw.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[b1a4fe784d5141dc / b1a4fe784d5141dc][Stopped/Manual Start]
  <\??\C:\b1a4fe784d5141dc.dat><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bb255d1c2bdfa369 / bb255d1c2bdfa369][Stopped/Manual Start]
  <\??\C:\bb255d1c2bdfa369.dat><N/A>
[bc6edbdc6f630289 / bc6edbdc6f630289][Stopped/Manual Start]
  <\??\C:\bc6edbdc6f630289.dat><N/A>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[c523a3249fe650fd / c523a3249fe650fd][Stopped/Manual Start]
  <\??\C:\c523a3249fe650fd.dat><N/A>
[d8f957381f9358dd / d8f957381f9358dd][Stopped/Manual Start]
  <\??\C:\d8f957381f9358dd.dat><N/A>
[f084af90fa96f603 / f084af90fa96f603][Stopped/Manual Start]
  <\??\C:\f084af90fa96f603.dat><N/A>
[f505eb30ca9686f2 / f505eb30ca9686f2][Stopped/Manual Start]
  <\??\C:\f505eb30ca9686f2.dat><N/A>
[fe5f71d8512ce1af / fe5f71d8512ce1af][Stopped/Manual Start]
  <\??\C:\fe5f71d8512ce1af.dat><N/A>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) MIDI UART / nvmpu401][Running/Manual Start]
  <system32\drivers\nvmpu401.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[rspp / rspp][Running/Disabled]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><N/A>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[System Restore Filter Driver / sr][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\sr.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Microsoft USB Generic Parent Driver / usbccgp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\usbccgp.sys><N/A>
[WmiSvc / WmiSvc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\WmiSvc.sys><N/A>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[usbnat / usbnat][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[pcidump / pcidump][Running/Disabled]
  <\??\C:\WINDOWS\system32\drivers\pcidump.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, (Signed) 腾讯>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[PIPI Link Helper]
  {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} <C:\Program Files\pipi\JfCheck.dll, PIPI Tech.>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\系统工具\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\ChinaNet\VnetTransfer.dll, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) Synacast>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed)  >
[PP.tv视频搜索]
  {95B3F550-91C4-4627-BCC4-521288C52978} <http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58, N/A>
[启动PP加速器]
  {95B3F550-91C4-4627-BCC4-521288C52979} <C:\Program Files\PPLiveVA\PPLiveVA.exe, (Signed) Synacast>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\DOWNLO~1\ICBCNE~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\SUBMIT~1.DLL, >
[tcast control]
  {9CA74596-B5BB-4634-971C-F0224115A15F} <C:\WINDOWS\DOWNLO~1\TPLAYE~1.OCX, Tom Online Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[AxUSBKey Class]
  {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} <C:\WINDOWS\system32\ICBCUS~1.DLL, 北京信安世纪公司>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, (Signed) Sohu.com Inc.>
[]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0C7C23EE-A848-485B-873C-0ED954731014} <, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, (Signed) 腾讯>
[]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, (Signed) Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, (Signed) Synacast>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, >
[PIPI Link Helper]
  {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} <C:\Program Files\pipi\JfCheck.dll, PIPI Tech.>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {21189F09-B313-47F5-9853-6E2264B367B4} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[UUUpgrade Control]
  {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <C:\PROGRA~1\COMMON~1\uusee\UUUPGR~1.OCX, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\Program Files\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <, >
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\系统工具\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\ChinaNet\VnetTransfer.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\DOWNLO~1\ICBCNE~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <c:\PROGRA~1\PPStream\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\INPUTC~1.DLL, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\SUBMIT~1.DLL, >
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <C:\PROGRA~1\Tencent\QQLive\QQLive.ocx, Tencent>
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52978} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52979} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[tcast control]
  {9CA74596-B5BB-4634-971C-F0224115A15F} <C:\WINDOWS\DOWNLO~1\TPLAYE~1.OCX, Tom Online Inc.>
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) Synacast>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(340).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <, >
[]
  {B234553D-A066-4816-9120-933F7BAB47F7} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
  {C35D7AE1-0865-4A30-BF07-29FA29324155} <, >
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Program Files\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[ARMP Control]
  {D5CD69C4-F983-46E2-AF79-455E892729FA} <C:\PROGRA~1\uusee\ARMP.ocx, N/A>
[]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[UpdateC2 Control]
  {DC7094C6-8F61-42ED-AECE-63F5EEF647C5} <C:\PROGRA~1\COMMON~1\uusee\updateC2.ocx, N/A>
[]
  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[AxUSBKey Class]
  {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} <C:\WINDOWS\system32\ICBCUS~1.DLL, 北京信安世纪公司>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.424.dll, ShenZhen Thunder Networking Technologies Ltd.>
[PPLive Lite Class]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\PPLive\Plugin\pplugin.dll, (Signed) >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(340).dll, Xunlei Networking Technologies,LTD>
[&使用BitComet下载]
  <res://D:\系统工具\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\系统工具\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\系统工具\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 800 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 892 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
    [c:\windows\system32\appmgmts.dll]  [N/A, ]
    [c:\windows\system32\qmgr.dll]  [N/A, ]
    [c:\windows\system32\xmlprov.dll]  [N/A, ]
    [c:\windows\system32\mspmsnsv.dll]  [N/A, ]
    [c:\windows\system32\iprip.dll]  [N/A, ]
    [c:\windows\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [c:\windows\system32\rasauto.dll]  [N/A, ]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1112 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 9, 5, 15]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\Program Files\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [C:\Program Files\StormII\box\BoxLog.dll]  [北京暴风网际科技有限公司, 3, 9, 6, 27]
[PID: 1264 / SYSTEM][C:\WINDOWS\system32\imapi.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1332 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8185]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1360 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
[PID: 1924 / Administrator][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll]  [N/A, ]
    [C:\WINDOWS\system32\S9UQCTA4tnRSJhfxC7Vfj.inf]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\rKPbzUHze58GK2VWcYUCt.inf]  [N/A, ]
    [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\rfpz9wwyy2np.dll]  [N/A, ]
    [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf]  [N/A, ]
    [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\dhDhwS7fFW.dll]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur]  [N/A, ]
    [C:\WINDOWS\system32\SCEVFJRCmaB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\ndxq9awMc.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf]  [N/A, ]
    [C:\WINDOWS\system32\eYNMAnskCCBQCc8Jp.dll]  [N/A, ]
    [C:\WINDOWS\system32\Am274u6Rqq2cTzTpjCGKy.inf]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf]  [N/A, ]
    [C:\WINDOWS\system32\cRsAQd4hw.dll]  [N/A, ]
    [C:\WINDOWS\system32\CDuAUVkGy9.dll]  [N/A, ]
    [C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\ktEDQzfuNZk2SUAMgyAZz.cur]  [N/A, ]
    [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf]  [N/A, ]
    [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\KzuFUQHxezWBCenC2A.inf]  [N/A, ]
    [C:\WINDOWS\system32\usbvmx.dll]  [N/A, ]
    [C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur]  [N/A, ]
    [C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\ybmux4Mu6FUnQJEHWu.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\CxsxepuZefXkXcNY8h.inf]  [N/A, ]
    [C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [腾讯, 5, 1, 10, 10]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8185]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8185]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\CaiHong\RBShell.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1960 / Administrator][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp.tmp]  [N/A, ]
[PID: 1380 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\System32\COMRes.dll]  [N/A, ]
[PID: 2252 / Administrator][C:\WINDOWS\domino.exe]  [, 3, 6, 703, 6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2276 / Administrator][C:\WINDOWS\VMSnap1.exe]  [Vimicro, 4, 2, 1124, 6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
[PID: 2348 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
[PID: 2492 / Administrator][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [腾讯, 5, 1, 10, 10]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\Program Files\pipi\JfCheck.dll]  [PIPI Tech., 1, 3, 0, 12]
    [D:\系统工具\BitComet\tools\BitCometBHO_1.2.2.28.dll]  [BitComet, 20080228]
    [C:\Program Files\ChinaNet\VnetTransfer.dll]  [, 2007, 5, 11, 17]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\PPLiveVA\DownloaderManager.dll]  [Synacast, 1.0.0.37]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
    [C:\WINDOWS\system\nb9ming32c090423.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx]  [Adobe Systems, Inc., 10,0,32,18]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.3.2810]
    [C:\Program Files\SogouInput\4.2.3.2810\Resource.dll]  [Sogou.com Inc., 4.2.3.2810]
    [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll]  [N/A, ]
    [C:\WINDOWS\system32\S9UQCTA4tnRSJhfxC7Vfj.inf]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\rKPbzUHze58GK2VWcYUCt.inf]  [N/A, ]
    [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf]  [N/A, ]
    [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\rfpz9wwyy2np.dll]  [N/A, ]
    [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf]  [N/A, ]
    [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll]  [N/A, ]
    [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\fonts\A97CRaCB.fon]  [N/A, ]
    [C:\WINDOWS\system32\dhDhwS7fFW.dll]  [N/A, ]
    [C:\WINDOWS\system32\skcfujQ5EDN.dll]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur]  [N/A, ]
    [C:\WINDOWS\system32\SCEVFJRCmaB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\ndxq9awMc.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf]  [N/A, ]
    [C:\WINDOWS\system32\eYNMAnskCCBQCc8Jp.dll]  [N/A, ]
    [C:\WINDOWS\system32\Am274u6Rqq2cTzTpjCGKy.inf]  [N/A, ]
    [C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf]  [N/A, ]
    [C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf]  [N/A, ]
    [C:\WINDOWS\system32\cRsAQd4hw.dll]  [N/A, ]
    [C:\WINDOWS\system32\CDuAUVkGy9.dll]  [N/A, ]
    [C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\ktEDQzfuNZk2SUAMgyAZz.cur]  [N/A, ]
    [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf]  [N/A, ]
    [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\KzuFUQHxezWBCenC2A.inf]  [N/A, ]
    [C:\WINDOWS\system32\usbvmx.dll]  [N/A, ]
    [C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf]  [N/A, ]
    [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur]  [N/A, ]
    [C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\ybmux4Mu6FUnQJEHWu.inf]  [N/A, ]
    [C:\WINDOWS\Tasks\CxsxepuZefXkXcNY8h.inf]  [N/A, ]
    [C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 2720 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 3512 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2608 / Administrator][D:\扫描日志\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2564 / Administrator][D:\扫描日志\SRE78d997bc.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\扫描日志\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2608, D:\扫描日志\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2608, D:\扫描日志\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\423~1.281\PinyinRepair.exe 

==================================
Windows 安全更新检查
 Microsoft .NET Framework 版本 1.1，简体中文版 
KB941569,  用于附带 Windows Media Format Runtime 9.5 和 11 的 Windows XP 的安全更新程序 (KB941569) MS07-068
KB892130,  Windows 正版增值验证工具 (KB892130) 
KB940767,  用于 Windows XP 的 Windows Internet Explorer 7 
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157) 
KB905474,  Windows Genuine Advantage 通知 (KB905474) 
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) 
KB936929,  Windows XP Service Pack 3 (KB936929) 
KB931125,  根证书更新程序 [2009 年 5 月] (KB931125) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86 
KB973346,  用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB973346) MS09-032
KB971657,  Windows XP 安全更新程序 (KB971657) MS09-041
KB944036,  用于 Windows XP 的 Internet Explorer 8 
KB956844,  Windows XP 安全更新程序 (KB956844) MS09-046
KB890830,  Windows 恶意软件删除工具 - 2009 年 9 月 (KB890830) 
KB971961,  用于 Windows XP 的 Jscript 5.6 的安全更新程序 (KB971961) MS09-045
KB968816,  用于 Windows XP SP 2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB968816) MS09-047

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]