[CODE]

2009-11-03,19:37:34

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe">  [(Verified)Nero AG]
    <PPS Accelerator><D:\新建文件夹\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><"C:\Program Files\360safe\safemon\360Tray.exe" /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <hhukcert><C:\WINDOWS\system32\hhukcert.exe>  [(Verified)"Beijing Huahong Integrated Circuit Design Co.,Ltd"]
    <RisTray><"E:\瑞星\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[NMIndexingService / NMIndexingService][Running/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Ris Service / RsRisMon][Running/Auto Start]
  <"E:\瑞星\Rising\Ris\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[主动防御 / ZhuDongFangYu][Running/Auto Start]
  <"C:\Program Files\360safe\deepscan\zhudongfangyu.exe"><360安全中心>

==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[BFSDRV / BFSDRV][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[BREGDRV / BREGDRV][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HuaHong Virtual SmartCard Reader Driver / HHVReader][Running/Manual Start]
  <system32\DRIVERS\HHVRdr.sys><HuaHong>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Quantum DeepScanner Servers / qutmdserv][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\qutmdrv.sys><360安全中心>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\E:\瑞星\Rising\Ris\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsassist / rsassist][Running/Auto Start]
  <system32\drivers\rsassist.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/Auto Start]
  <\??\E:\瑞星\Rising\Ris\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Tencent\QQDownload2\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) Synacast>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed)  >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, (Signed) Infosec Technologies Co., Ltd.>
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[QQCertCtrl Class]
  {BAEA0695-03A4-43BB-8495-C7025E1A8F42} <C:\WINDOWS\system32\qqedit\qqcert.dll, (Signed) 腾讯科技（深圳）有限公司>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Tencent\QQDownload2\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\system32\ICBCNE~1.DLL, Infosec Technologies Co., Ltd.>
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <D:\阿里旺旺\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
[]
  {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\Safelive.dll, (Signed) >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) Synacast>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[ICBCQPKCom_HH Class]
  {B219E31C-E110-4638-AF01-7BDD5ACA552C} <C:\WINDOWS\system32\ICBCQP~1.DLL, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[&V使用Vagaa哇嘎下载]
  <D:\Vagaa\Data\vg.htm, N/A>
[&使用QQ旋风下载]
  <d:\Tencent\QQDownload2\geturl.htm, N/A>
[&使用QQ旋风下载全部链接]
  <d:\Tencent\QQDownload2\getAllurl.htm, N/A>
[使用光影编辑和美化]
  <C:\Program Files\nEO iMAGING\NeoOpenNeo.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 672 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 728 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 752 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1036 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1124 / SYSTEM][E:\瑞星\Rising\Ris\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
    [E:\瑞星\Rising\Ris\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [E:\瑞星\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
    [E:\瑞星\Rising\Ris\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.41]
    [E:\瑞星\Rising\Ris\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [E:\瑞星\Rising\Ris\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 41]
    [E:\瑞星\Rising\Ris\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [E:\瑞星\Rising\Ris\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
    [E:\瑞星\Rising\Ris\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29]
    [E:\瑞星\Rising\Ris\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22]
    [E:\瑞星\Rising\Ris\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [E:\瑞星\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [E:\瑞星\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\瑞星\Rising\Ris\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.2]
    [E:\瑞星\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [E:\瑞星\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [E:\瑞星\Rising\Ris\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11]
    [E:\瑞星\Rising\Ris\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 8]
    [E:\瑞星\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
    [E:\瑞星\Rising\Ris\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [E:\瑞星\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [E:\瑞星\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [E:\瑞星\Rising\Ris\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [E:\瑞星\Rising\Ris\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [E:\瑞星\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [E:\瑞星\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.17]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [E:\瑞星\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [E:\瑞星\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\NComm2.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [E:\瑞星\Rising\Ris\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [E:\瑞星\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
    [E:\瑞星\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [E:\瑞星\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.18]
    [E:\瑞星\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[PID: 1176 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
[PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1388 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1404 / SYSTEM][C:\Program Files\360safe\deepscan\zhudongfangyu.exe]  [360安全中心, 1, 0, 0, 1008]
    [C:\Program Files\360safe\deepscan\CloudCom2.dll]  [360安全中心, 3, 0, 0, 1008]
    [C:\Program Files\360safe\SoftMgr\360SoftMgrS.dll]  [奇虎网, 2, 1, 5, 1005]
    [C:\Program Files\360safe\deepscan\heavygate.dll]  [360安全中心, 3, 6, 11, 0]
    [C:\Program Files\360safe\deepscan\qutmload.dll]  [360.CN, 1, 0, 0, 1001]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1684 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll]  [Nero AG, 3, 1, 0, 11]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll]  [Nero AG, 3, 1, 0, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\kakaext.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [D:\阿里旺旺\AliIMExt.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\WINDOWS\system32\YouKuDesktopShell.dll]  [www.youku.com, 1.2.7.1700]
    [C:\WINDOWS\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 3, 1, 1, 1]
    [C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll]  [Nero AG, 1,3,4, 207]
    [C:\Program Files\Common Files\Nero\Lib\MediaLibraryNSE.dll]  [Nero AG, 3.1.5.0]
[PID: 1708 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 372 / SYSTEM][C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe]  [Nero AG, 3, 1, 0, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll]  [Nero AG, 3, 1, 0, 0]
    [C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll]  [Nero AG, 8.1.3.4]
    [C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll]  [Nero AG, 3, 1, 0, 0]
    [C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll]  [Nero AG, 3, 1, 0, 0]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 692 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1972 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7518]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.7518]
[PID: 164 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.44]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 244 / Administrator][C:\WINDOWS\system32\BHDCRegC.exe]  [SHHIC, 1.01]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 256 / Administrator][C:\WINDOWS\system32\hhukcert.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\hhkpk11m.dll]  [FG, 2, 0, 00, 000]
    [C:\WINDOWS\system32\hhukapi.dll]  [N/A, ]
[PID: 1788 / Administrator][E:\瑞星\Rising\Ris\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [E:\瑞星\Rising\Ris\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.15]
    [E:\瑞星\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [E:\瑞星\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [E:\瑞星\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [E:\瑞星\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [E:\瑞星\Rising\Ris\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
    [E:\瑞星\Rising\Ris\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55]
    [E:\瑞星\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [E:\瑞星\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\瑞星\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.6]
    [E:\瑞星\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [E:\瑞星\Rising\Ris\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7]
    [E:\瑞星\Rising\Ris\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.69]
    [E:\瑞星\Rising\Ris\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [E:\瑞星\Rising\Ris\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 37]
    [E:\瑞星\Rising\Ris\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [E:\瑞星\Rising\Ris\scanleak.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [E:\瑞星\Rising\Ris\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [E:\瑞星\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [E:\瑞星\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [E:\瑞星\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 492 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 508 / Administrator][C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe]  [Nero AG, 3.1.5.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll]  [Nero AG, 1,3,4, 207]
    [C:\Program Files\Common Files\Nero\Lib\NMIndexingServicePS.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMDataServices.dll]  [Nero AG, 3.1.5.0]
[PID: 544 / Administrator][D:\新建文件夹\PPStream\ppsap.exe]  [PPStream Inc, 1, 0, 11, 171]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [d:\新建文件夹\PPStream\1.1.0.2700\vodnet.dll]  [PPStream Inc., 1, 0, 11, 256]
    [d:\新建文件夹\PPStream\1.1.0.2700\vodres.dll]  [PPStream Inc., 1, 0, 11, 256]
    [d:\新建文件夹\PPStream\1.1.0.2700\ppssg.dll]  [PPStream Inc., 1, 0, 11, 256]
    [d:\新建文件夹\PPStream\1.1.0.2700\fds.dll]  [PPStream Inc., 1, 0, 0, 101]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1692 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1884 / SYSTEM][C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe]  [Nero AG, 3.1.5.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\Nero\Lib\NMIndexingServicePS.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMLogCxx.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\log4cxx.dll]  [Nero AG, 1, 0, 1, 0]
    [C:\Program Files\Common Files\Nero\Lib\NMDataServices.dll]  [Nero AG, 3.1.5.0]
[PID: 2180 / Administrator][C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMSQLDB.dll]  [Nero AG, 3.1.5.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [C:\Program Files\Common Files\Nero\Lib\NMLogCxx.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\log4cxx.dll]  [Nero AG, 1, 0, 1, 0]
    [C:\Program Files\Common Files\Nero\Lib\NMIndexingServicePS.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMCoFoundation.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMPluginBase.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMFullTextExtraction.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMSearchPluginSimilarImages.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMDataServices.dll]  [Nero AG, 3.1.5.0]
    [C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 3.1.5.0]
[PID: 2800 / Administrator][E:\瑞星\Rising\Ris\rsmain.exe]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [E:\瑞星\Rising\Ris\rspalmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.20]
    [E:\瑞星\Rising\Ris\RSXML.DLL]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55]
    [E:\瑞星\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [E:\瑞星\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [E:\瑞星\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.6]
    [E:\瑞星\Rising\Ris\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [E:\瑞星\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [E:\瑞星\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [E:\瑞星\Rising\Ris\ravpsafe.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.26]
    [E:\瑞星\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [E:\瑞星\Rising\Ris\pubcfg.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.51]
    [E:\瑞星\Rising\Ris\rsscanbd.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [E:\瑞星\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\瑞星\Rising\Ris\rfwLog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [E:\瑞星\Rising\Ris\rfw.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 64]
    [E:\瑞星\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [E:\瑞星\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [E:\瑞星\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [E:\瑞星\Rising\Ris\ravxpage.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50]
    [E:\瑞星\Rising\Ris\ravxmons.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16]
    [E:\瑞星\Rising\Ris\ravptool.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [E:\瑞星\Rising\Ris\log2file.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.13]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [E:\瑞星\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [E:\瑞星\Rising\Ris\htmllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 3520 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 732 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [D:\Tencent\QQDownload2\QQIEHelper01.dll]  [Tencent Technology (Shenzhen) Company Limited, 2, 0, 528, 204]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll]  [RealPlayer, 1.0.1.200]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Real\RealPlayer\lang\rpbrp_cn.dll]  [RealNetworks, Inc., 6.0.14.0]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\PPLiveVA\DownloaderManager.dll]  [Synacast, 1.0.0.35]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\urlproc.dll]  [360.CN, 1, 0, 0, 1006]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx]  [Adobe Systems, Inc., 10,0,32,18]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
[PID: 660 / Administrator][D:\Tencent\QQDownload2\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 2, 1, 570, 570]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [D:\Tencent\QQDownload2\xmain.dll]  [Tencent Technology (Shenzhen) Company Limited, 1.9.285.285]
    [D:\Tencent\QQDownload2\QQDownloadSkin.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Tencent\QQDownload2\VBScript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [D:\Tencent\QQDownload2\xdownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1.9.304.304]
    [D:\Tencent\QQDownload2\xcore.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]
    [D:\Tencent\QQDownload2\QQIEHelper01.dll]  [Tencent Technology (Shenzhen) Company Limited, 2, 0, 528, 204]
[PID: 2728 / Administrator][C:\WINDOWS\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 1444 / Administrator][C:\WINDOWS\SREcec25149.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1022]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B574D244-A8DD-46EE-B241-10DACC2FB255}] SEQPACKET 5
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B574D244-A8DD-46EE-B241-10DACC2FB255}] DATAGRAM 5
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E515AA52-6D8A-489E-AC95-EEC578F96ECF}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E515AA52-6D8A-489E-AC95-EEC578F96ECF}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED90F28A-0712-43B8-9E79-C26864BE9636}] SEQPACKET 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED90F28A-0712-43B8-9E79-C26864BE9636}] DATAGRAM 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3197F6A3-72FE-437A-B4E9-2CBF3A130761}] SEQPACKET 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3197F6A3-72FE-437A-B4E9-2CBF3A130761}] DATAGRAM 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1	858656.com
127.0.0.1	my123.com
127.0.0.1	8749.com
127.0.0.1	4199.com
127.0.0.1	7379.com
127.0.0.1	7255.com
127.0.0.1	3448.com
127.0.0.1	7939.com
127.0.0.1	8009.com
127.0.0.1	piaoxue.com
127.0.0.1	kzdh.com
127.0.0.1	about.blank.la
127.0.0.1	6781.com
127.0.0.1	7322.com
127.0.0.1	9991.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 624, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 244, C:\WINDOWS\SYSTEM32\BHDCREGC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2728, C:\WINDOWS\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
 Microsoft .NET Framework 版本 1.1，简体中文版 
KB943649,  Outlook 2003 更新 (KB943649) 
KB945185,  Office 2003 安全更新 (KB945185) MS08-013
KB907417,  Office 2003 更新 (KB907417) 
KB943973,  Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB925850,  Windows Media Player 11 
KB950213,  Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157) 
KB953432,  Microsoft Office Outlook 2003 更新 (KB953432) 
KB902344,  启用了 WMDRM 的 Media Player 更新程序 (KB902344) 
KB955439,  Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB949810,  Office 正版增值计划通知 (KB949810)-CHS 
KB943729,  用于 Windows XP 的组策略首选项客户端扩展 (KB943729) 
KB905474,  Windows Genuine Advantage 通知 (KB905474) 
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86 
KB944036,  用于 Windows XP 的 Internet Explorer 8 
KB974331,  Microsoft Silverlight 更新 (KB974331) 
KB974331,  Windows Live 软件包 
KB931125,  根证书更新 [2009 年 9 月] (KB931125) 
KB974554,  Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB973705,  Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB974771,  Outlook 2003 垃圾邮件筛选器更新 (KB974771) 
KB971513,  Windows XP 更新程序 (KB971513) 
KB976749,  Update for Internet Explorer 6 for Windows XP (KB976749) 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]