[CODE]

2009-11-12,09:34:23

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <MsnMsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <aliim><C:\Program Files\AliWangWang\aliim.exe>  [(Verified)"Alisoft(Shanghai) Co., Ltd."]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe">  [(Verified)Kaspersky Lab]
    <WHITNEY_S2P><C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe>  []
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <GD_StarKey220_cebb><C:\Program Files\ngsrv\GDsk220_certd_cebb.exe -r>  [捷德中国]
    <Communicator><"C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey>  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe c:\Progra~1\dxc\zydxc1006.dll Start,>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
    <{A2BCFCEE-C939-433F-A32A-7353A6E720DB}><C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf>  [File is missing]
    <{B6C3510F-2666-496B-A46F-6EEFD6328C2B}><C:\WINDOWS\Tasks\txPsQUxAThX8QTR6s6Yn.inf>  [File is missing]
    <{C20C5A13-4DD7-40D9-90B4-700BAB0BBBE9}><C:\WINDOWS\system32\S5kSrtwDf35EW9f2kBDF.inf>  [File is missing]
    <{84639C2D-CD75-4081-B515-329AFCECBF19}><C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur>  [File is missing]
    <{51716C09-6B08-4CCF-B526-718E912C0573}><C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll>  [File is missing]
    <{87DE8A1A-96C5-4420-B222-EF998F697CE7}><C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll>  [File is missing]
    <{9C20D654-5AF8-4DB7-A125-1A17D7065C73}><C:\WINDOWS\system32\QQyQ7452eAVkMqdNR.inf>  [File is missing]
    <{6B1604E2-A839-463C-906A-27A129781E93}><C:\WINDOWS\Downloaded Program Files\rJaeKv7CcbwSzhQbDu.cur>  [File is missing]
    <{6049BC02-7EDA-4C41-B4AB-D5398607C39E}><C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf>  [File is missing]
    <{526EB425-7F56-4773-8D70-B8E45AA8E2B6}><C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur>  [File is missing]
    <{B59F0A61-EF3E-4A2B-9E3A-4A84EDDF2308}><C:\WINDOWS\Downloaded Program Files\AnXnubyMnv58c9vaECWX.cur>  [File is missing]
    <{C07B914B-C164-42D2-9838-1422C3F70D99}><C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf>  [File is missing]
    <{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}><C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf>  [File is missing]
    <{74DA2FEC-F68F-4DC7-9A45-9174AC044427}><C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf>  [File is missing]
    <{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}><C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf>  []
    <{7938BD2F-0143-4C46-991C-71069712D9D9}><C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf>  [File is missing]
    <{3F86C1E9-E95A-41AF-AD72-7D9A1742232D}><C:\WINDOWS\system32\aR5azFSWstNWktJjswK5.inf>  [File is missing]
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll>  [File is missing]
    <{F181F067-7046-4DCB-993F-200990736305}><C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur>  [File is missing]
    <{827E2FB4-1047-43DE-848D-E12BB0C97AAB}><C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf>  [File is missing]
    <{8A6A5B34-D995-4C5D-9338-B5E264B4A87}><C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf>  [File is missing]
    <{1719B301-B494-4185-9379-242461F9CF02}><C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf>  [File is missing]
    <{81EB905C-EDF8-4033-80BF-E0F4F46733DF}><C:\WINDOWS\Tasks\TDz5y2TEAKw2z7xkPhf9Sqj.inf>  [File is missing]
    <{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}><C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf>  [File is missing]
    <{30E05169-5E63-4038-9709-5FAD6E488ED2}><C:\WINDOWS\system32\rb37sCqvGmszGJ3aQYB5qRczx.inf>  [File is missing]
    <{D55E3C90-C192-411F-85FC-6A8A69D0C634}><C:\WINDOWS\system32\WQVBYhAJ6ADw5qzCY8gv84KTH.inf>  [File is missing]
    <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon>  [File is missing]
    <{8E6D4583-0FA1-41B2-BAAA-63352E6333CA}><C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll>  [File is missing]
    <{FF9896FF-88E7-4D7F-8839-5A7C5D062F3B}><C:\WINDOWS\system32\SjQGXVR4VJHtTHeDE75wC.inf>  [File is missing]
    <{3373CD28-8C35-4A36-8569-672D8CA197F5}><C:\WINDOWS\Tasks\4H5HJTHFZkxrCpehBpx4TmR.inf>  [File is missing]
    <{D36A1DF7-6582-4160-B925-59A34E39FE30}><C:\WINDOWS\system32\EMQzJJURMfVkrkEx9GJ.inf>  [File is missing]
    <{88A49137-7C53-4D6E-8EAE-1E46226788A0}><C:\WINDOWS\system32\EHcM5UkuFS6pQv5sm.inf>  [File is missing]
    <{012AA32F-36E6-405F-9F3F-588E0AA73FBB}><C:\WINDOWS\Tasks\Wfayv6njQnCsg.inf>  [File is missing]
    <{C53C1999-1B56-41BD-8F76-520D618F112C}><C:\WINDOWS\Downloaded Program Files\gxrSG8sdA4hAbGNQXnr9JGFu6nZ.cur>  [File is missing]
    <{C3634CF6-FD22-4F3D-BBB4-AE36174A868C}><C:\WINDOWS\system32\A2CbFrBy28J6zdXNZgqCtJ6Ae.inf>  [File is missing]
    <{3DCB9005-ABA0-47F8-8C40-49ABC04AE5EE}><C:\WINDOWS\system32\W8MvNsbGCCW52XyxV8wQ.inf>  [File is missing]
    <{CD478099-014D-4B3A-A4BB-B518F1019BC7}><C:\WINDOWS\system32\SCEVFJRCmaB7.dll>  [File is missing]
    <{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}><C:\WINDOWS\system32\ndxq9awMc.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒 6.0 Windwos 工作站 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r><Kaspersky Lab>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IBM Rational ClearQuest Mail Service / MailService][Stopped/Auto Start]
  <"C:\Program Files\Rational\ClearQuest\mailservice.exe" ><IBM Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[ngSlotDaemon / ngSlotD][Running/Auto Start]
  <C:\Program Files\ngsrv\ngslotd.exe><捷德中国>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[Windows User Mode Driver Framework / UMWdf][Stopped/Manual Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[AFD / AFD][Running/System Start]
  <\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Team MFP Comm Driver / DgiVecp][Running/Auto Start]
  <System32\Drivers\DgiVecp.sys><Samsung Electronics Co., Ltd.>
[Compaq Easy Access PS2 Internet Keyboard (Win2K) / eaps2kbd][Running/Manual Start]
  <system32\DRIVERS\eaps2kbd.sys><Compaq Computer Corp.>
[eawdmfd / eawdmfd][Running/System Start]
  <system32\DRIVERS\eawdmfd.sys><Compaq Computer Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[MintRoot / MintRoot][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\System\MintRoot.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Srv / Srv][Running/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[工程1.IE360]
  {F52A4811-E55D-4055-8488-29152EED86F6} <, >
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MMCShell.dll, (Signed) Sohu.com Inc.>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[PowerCommit Control]
  {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} <C:\WINDOWS\system32\POWERE~1.OCX, (Signed) CSII>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PPUpload.dll, (Signed) PP.Sohu.com Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MMCShell.dll, (Signed) Sohu.com Inc.>
[BDA 调节型号 MPEG2 微调请求]
  {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} <C:\WINDOWS\system32\msvidctl.dll, (Signed) Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <C:\Program Files\AliWangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
[PowerPassword Control]
  {614E58F9-74D0-4D7B-90E3-64A0F2AA73B4} <C:\WINDOWS\system32\POWERE~1.OCX, (Signed) CSII>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[PowerCommit Control]
  {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} <C:\WINDOWS\system32\POWERE~1.OCX, (Signed) CSII>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PPUpload.dll, (Signed) PP.Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[Iesign Control]
  {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A8} <C:\WINDOWS\system32\CEBIES~1.OCX, (Signed) CSII>
[工程1.IE360]
  {F52A4811-E55D-4055-8488-29152EED86F6} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到反广告黑名单]
  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm, N/A>

==================================
正在运行的进程
[PID: 892 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 976 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1000 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1044 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
[PID: 1056 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\psbase.dll]  [Microsoft Corporation, 5.1.2600.5642 (xpsp_sp3_gdr.080716-1319)]
[PID: 1212 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
[PID: 1316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
[PID: 1444 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
    [c:\windows\system32\es.dll]  [Microsoft Corporation, 2001.12.4414.706]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [c:\windows\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
[PID: 1552 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1684 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1816 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\netapi32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\SUGW2LMK.DLL]  [Samsung Electronics., 1.1.2.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp4wm.DLL]  [Hewlett-Packard Corporation, 61.063.461.42]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\win32spl.dll]  [Microsoft Corporation, 5.1.2600.5664 (xpsp_sp3_gdr.080827-1248)]
    [C:\WINDOWS\system32\ssdevm.dll]  [Samsung Electronics, 1, 4, 0, 0]
    [C:\WINDOWS\system32\spool\drivers\w32x86\3\SUGW2lf.dll]  [N/A, ]
    [C:\WINDOWS\system32\spool\drivers\w32x86\3\sugw2UM.dll]  [Unified FB, 0, 1, 49, 0]
    [C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SUGW2CM.DLL]  [SEC, 0, 5, 1, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SUGW2UI.DLL]  [Microsoft Corporation, 0,3,5,0]
[PID: 272 / SYSTEM][C:\Program Files\ngsrv\ngslotd.exe]  [捷德中国, 1, 2, 8, 620]
    [C:\Program Files\ngsrv\slotmon\hidmon_gd.dll]  [捷德中国, 1, 0, 8, 620]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 392 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\System32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1116 / xiaoyan][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ShellEx.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
[PID: 1420 / xiaoyan][C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe]  [, 1, 2, 1, 0]
    [C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\IMFilter.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\scantopc.dll]  [Samsung Electronics, 1, 3, 0, 0]
    [C:\WINDOWS\system32\netapi32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\ssdevm.dll]  [Samsung Electronics, 1, 4, 0, 0]
[PID: 116 / xiaoyan][C:\Program Files\ngsrv\GDsk220_certd_cebb.exe]  [捷德中国, 1, 0, 8, 1029]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\OLEPRO32.DLL]  [Microsoft Corporation, 5.1.2600.5512]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\GDsk220p11_cebb.dll]  [捷德中国, 1, 1, 8, 620]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
[PID: 828 / xiaoyan][C:\Program Files\Microsoft Office Communicator\communicator.exe]  [Microsoft Corporation, 3.5.6907.0 built by: lcs_se_ls2009_main]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\quartz.dll]  [Microsoft Corporation, 6.05.2600.5596]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\es.dll]  [Microsoft Corporation, 2001.12.4414.706]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\inetcomm.dll]  [Microsoft Corporation, 6.00.2900.5579 (xpsp_sp3_gdr.080411-1536)]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1760 / xiaoyan][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
[PID: 980 / xiaoyan][C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 14.0.8089.0726]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\inetcomm.dll]  [Microsoft Corporation, 6.00.2900.5579 (xpsp_sp3_gdr.080411-1536)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\es.dll]  [Microsoft Corporation, 2001.12.4414.706]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\quartz.dll]  [Microsoft Corporation, 6.05.2600.5596]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\dnsapi.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
[PID: 780 / xiaoyan][C:\Program Files\AliWangWang\aliim.exe]  [Alibaba software (Shanghai) Corporation., 1, 0, 0, 1]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\Program Files\AliWangWang\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\AliWangWang\RvCore.DLL]  [Alisoft (Shanghai) Co., Ltd., 1.0.0.85]
    [C:\Program Files\AliWangWang\alilog.dll]  [Copyright 2009 阿里软件（上海）有限公司., 1, 0, 0,56]
    [C:\Program Files\AliWangWang\log4cpp.dll]  [Bastiaan Bakker, LifeLine Networks bv. 阿里软件（上海）有限公司., 0, 3, 2,53]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\AliWangWang\uicontrols\UiBrowser.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\AliWangWang\GUIBase.dll]  [Alisoft (Shanghai) Co., Ltd., 1, 0, 0,85]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\AliWangWang\wwutils.DLL]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\pcre.dll]  [N/A, ]
    [C:\Program Files\AliWangWang\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
    [C:\Program Files\AliWangWang\WS2HELP.dll]  [N/A, ]
    [C:\Program Files\AliWangWang\wwparams.dll]  [N/A, ]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\AliWangWang\uicontrols\WWUIUnits.dll]  [N/A, ]
    [C:\Program Files\AliWangWang\uicontrols\rvnw.dll]  [Alisoft (Shanghai) Co., Ltd., 1, 0, 0,85]
    [C:\Program Files\AliWangWang\uicontrols\rvwindow.dll]  [Alisoft (Shanghai) Co., Ltd., 1, 0, 0,83]
    [C:\Program Files\AliWangWang\UpdateAssist.dll]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\Program Files\AliWangWang\xparam.dll]  [Alisoft (Shanghai) Co., Ltd., 1, 0, 0,85]
    [C:\Program Files\AliWangWang\imbiz.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\protocol.dll]  [N/A, ]
    [C:\Program Files\AliWangWang\imnet.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\AVTransBiz.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\AliWangWang\P2PBiz.dll]  [Alibaba software (Shanghai) Corporation., 1, 0, 0, 1]
    [C:\Program Files\AliWangWang\ww_network2.dll]  [Alibaba software (Shanghai) Corporation., 2, 1, 0, 7]
    [C:\Program Files\AliWangWang\GUICore.dll]  [Alisoft (Shanghai) Co., Ltd., 1.0.0.85]
    [C:\Program Files\AliWangWang\WWApplication.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\wwsdk.dll]  [Alibaba software (Shanghai) Corporation., 3.1.0.0]
    [C:\Program Files\AliWangWang\imdb.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\rvcomlib.dll]  [Alisoft (Shanghai) Co., Ltd., 1.0.0.85]
    [C:\Program Files\AliWangWang\wwsdkcom.dll]  [Alibaba software (Shanghai) Corporation., 3.1.0.0]
    [C:\Program Files\AliWangWang\SDKDB.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\aliedit\aliedit.dll]  [, 2, 1, 2, 3]
    [C:\Program Files\AliWangWang\SysNotify.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\alinet.dll]  [Alisoft (Shanghai) Co., Ltd., 1, 0, 0,85]
    [C:\Program Files\AliWangWang\Useful_services.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\AliWangWang\P2S_service.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\AliWangWang\filetransbiz.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.4]
    [C:\WINDOWS\system32\shdocvw.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
    [C:\Program Files\AliWangWang\wwimport.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\AliWangWang\plugins\8003\GraffitiGUI.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.0]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\klscav.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prremote.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prloader.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prkernel.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\params.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\pxstub.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\tempfile.ppl]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\AliWangWang\plugins\17411\WWKWPlugin.dll]  [酷我科技, 1.0.0.1]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 2320 / xiaoyan][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
[PID: 3760 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 3540 / xiaoyan][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\PROGRA~1\baidu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 185]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\Gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\klscav.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prremote.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prloader.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prkernel.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\params.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\pxstub.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\tempfile.ppl]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\vbscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
    [C:\WINDOWS\system32\mscms.dll]  [Microsoft Corporation, 5.1.2600.5627 (xpsp_sp3_gdr.080624-1245)]
[PID: 2520 / xiaoyan][C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE]  [Microsoft Corporation, 11.0.8169]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\mcou.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\mapiedk.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prremote.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prloader.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\prkernel.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\pxstub.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\params.ppl]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\msimg32.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Kingsoft\FastAIT 2005\AddIns\OutlkAddin.dll]  [金山软件股份公司, 4, 0, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\mcouas.dll]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\winreg.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\trainsup.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\mdb.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\msoe.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\thpimpl.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\FSSync.dll]  [Kaspersky Lab, 6.0.5.844]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\basegui.ppl]  [Kaspersky Lab, 6.0.3.851]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\nfio.ppl]  [Kaspersky Lab, 6.0.3.864]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\fsdrvplg.ppl]  [Kaspersky Lab, 6.0.3.860]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\mailmsg.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\hashmd5.ppl]  [Kaspersky Lab, 6.0.3.837]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\tempfile.ppl]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll]  [Kaspersky Lab, 6.0.3.857]
[PID: 3504 / xiaoyan][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.8169]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 4.5.6001.22159]
    [C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Kingsoft\FastAIT 2005\AddIns\WordAddIn.dll]  [金山软件股份公司, 4, 0, 0, 0]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL]  [Microsoft Corporation, 1.1.6215]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3EN.DLL]  [Microsoft Corporation, 3.1.2303]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\INETCOMM.dll]  [Microsoft Corporation, 6.00.2900.5579 (xpsp_sp3_gdr.080411-1536)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\oeas.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\scrrun.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SUGW2UI.DLL]  [Microsoft Corporation, 0,3,5,0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SUGW2.DLL]  [Microsoft Corporation, 0,3,5,0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\offguard.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
[PID: 1296 / xiaoyan][C:\Documents and Settings\xiaoyan.BENYWAVE\桌面\肖燕\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2388 / xiaoyan][C:\Documents and Settings\xiaoyan.BENYWAVE\桌面\肖燕\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2288 / xiaoyan][C:\DOCUME~1\XIAOYA~1.BEN\LOCALS~1\Temp\SRE4B1.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf]  [N/A, ]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll]  [Kaspersky Lab, 6.0.3.837]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EE09DFA-4292-49BA-8212-8A5B52860674}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EE09DFA-4292-49BA-8212-8A5B52860674}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7CAC7CB-BAD7-4A07-AAD9-8BB49D40E825}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7CAC7CB-BAD7-4A07-AAD9-8BB49D40E825}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B157500-4232-4389-878F-72D66E89AD81}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B157500-4232-4389-878F-72D66E89AD81}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1  www.fangnaiermofayi.cn
127.0.0.1  www.netclean.org.cn
127.0.0.1  www.di3fang.com
127.0.0.1  www.netclean.cn
127.0.0.1  www.kingdun.net
127.0.0.1  www.168tgws.cn
127.0.0.1  www.king6.com.cn
127.0.0.1  www.netclean.com.cn
127.0.0.1  www.lebi.cn
127.0.0.1  www.feydj.com
127.0.0.1  www.netclean.org.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 272, C:\PROGRAM FILES\NGSRV\NGSLOTD.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1420, C:\PROGRAM FILES\SAMSUNG\SAMSUNG SCX-4X21 SERIES\PSU\SCAN2PC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\SAMSUNG\SAMSUNG SCX-4X21 SERIES\PSU\SCAN2PC.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 116, C:\PROGRAM FILES\NGSRV\GDSK220_CERTD_CEBB.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 116, C:\PROGRAM FILES\NGSRV\GDSK220_CERTD_CEBB.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1296, C:\DOCUMENTS AND SETTINGS\XIAOYAN.BENYWAVE\桌面\肖燕\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1296, C:\DOCUMENTS AND SETTINGS\XIAOYAN.BENYWAVE\桌面\肖燕\SRENGLDR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2388, C:\DOCUMENTS AND SETTINGS\XIAOYAN.BENYWAVE\桌面\肖燕\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2388, C:\DOCUMENTS AND SETTINGS\XIAOYAN.BENYWAVE\桌面\肖燕\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
 Microsoft .NET Framework 版本 1.1 简体中文语言包 
KB943649,  Outlook 2003 更新 (KB943649) 
KB945185,  Office 2003 安全更新 (KB945185) MS08-013
KB907417,  Office 2003 更新 (KB907417) 
KB943973,  Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB892130,  Windows 正版增值验证工具 (KB892130) 
KB925850,  Windows Media Player 11 
KB950213,  Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157) 
KB953432,  Microsoft Office Outlook 2003 更新 (KB953432) 
KB921598,  Microsoft Office 2003 安全更新 (KB921598) MS08-044
KB955439,  Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB953404,  Microsoft Office 2003 安全更新 (KB953404) MS08-055
KB110806,  Microsoft .NET Framework 2.0 Service Pack 1 (KB110806) x86 语言包 
KB949810,  Office 正版增值计划通知 (KB949810)-CHS 
KB951535,  Microsoft Office 2003 安全更新 (KB951535) MS08-069
KB955069,  Windows XP 安全更新程序 (KB955069) MS08-069
KB954459,  Windows XP 安全更新程序 (KB954459) MS08-069
KB957097,  Windows XP 安全更新程序 (KB957097) MS08-068
KB956802,  Windows XP 安全更新程序 (KB956802) MS08-071
KB952069,  Windows XP Service Pack 3 安全更新程序 (KB952069) MS08-076
KB958687,  Windows XP 安全更新程序 (KB958687) MS09-001
KB960225,  Windows XP 安全更新程序 (KB960225) MS09-007
KB926140,  用于 Windows XP 的 Windows PowerShell 1.0 (KB926140) 
KB905474,  Windows Genuine Advantage 通知 (KB905474) 
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) 
KB923561,  Windows XP 安全更新程序 (KB923561) MS09-010
KB956572,  Windows XP 安全更新程序 (KB956572) MS09-012
KB952004,  Windows XP 安全更新程序 (KB952004) MS09-012
KB960803,  Windows XP 安全更新程序 (KB960803) MS09-013
KB959426,  Windows XP 安全更新程序 (KB959426) MS09-015
KB961503,  Windows XP 更新程序 (KB961503) 
KB867460,  Microsoft .NET Framework 1.1 Service Pack 1 
KB957784,  Microsoft Office PowerPoint 2003 安全更新 (KB957784) MS09-017
KB961501,  Windows XP 安全更新程序 (KB961501) MS09-022
KB970238,  Windows XP 安全更新程序 (KB970238) MS09-026
KB953331,  Microsoft Office 兼容包 Service Pack 2 (SP2) 
KB971633,  Windows XP 安全更新程序 (KB971633) MS09-028
KB969695,  Office Communicator 2007 R2 更新（KB 文章 969695） 
KB971557,  Windows XP 安全更新程序 (KB971557) MS09-038
KB973540,  Windows XP Service Pack 3 安全更新程序 (KB973540) MS09-037
KB973869,  Windows XP 安全更新程序 (KB973869) MS09-037
KB956744,  Windows XP 安全更新程序 (KB956744) MS09-044
KB973354,  Windows XP 安全更新程序 (KB973354) MS09-037
KB973507,  Windows XP 安全更新程序 (KB973507) MS09-037
KB960859,  Windows XP 安全更新程序 (KB960859) MS09-042
KB973815,  Windows XP 安全更新程序 (KB973815) MS09-037
KB971657,  Windows XP 安全更新程序 (KB971657) MS09-041
KB947319,  Microsoft Office Web Components 安全更新 (KB947319) MS09-043
KB970653,  Windows XP 更新程序 (KB970653) 
KB961371,  Windows XP 安全更新程序 (KB961371) MS09-029
KB944036,  用于 Windows XP 的 Internet Explorer 8 
KB956844,  Windows XP 安全更新程序 (KB956844) MS09-046
KB971961,  用于 Windows XP 的 Jscript 5.7 的安全更新程序 (KB971961) MS09-045
KB968816,  用于 Windows XP SP 3 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB968816) MS09-047
KB974331,  Microsoft Silverlight (KB974331) 
KB931125,  根证书更新 [2009 年 9 月] (KB931125) 
KB974455,  用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB974455) MS09-054
KB973525,  用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB973525) MS09-055
KB954155,  用于 Windows XP SP 3 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB954155) MS09-051
KB975025,  Windows XP 安全更新程序 (KB975025) MS09-051
KB974571,  Windows XP 安全更新程序 (KB974571) MS09-056
KB974112,  Windows XP 安全更新程序 (KB974112) MS09-052
KB971486,  Windows XP 安全更新程序 (KB971486) MS09-058
KB958869,  Windows XP 安全更新程序 (KB958869) MS09-062
KB969059,  Windows XP 安全更新程序 (KB969059) MS09-057
KB974554,  Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB972580,  Microsoft Office 2003 安全更新 (KB972580) MS09-062
KB951944,  2007 Microsoft Office system 安全更新 (KB951944) MS08-055
KB973705,  Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB954430,  Microsoft XML Core Services 4.0 Service Pack 2 安全更新程序 (KB954430) MS08-069
KB968389,  Windows XP 更新程序 (KB968389) 
KB953300,  用于 Windows 2000、Windows Server 2003 和 Windows XP 的 Microsoft .NET Framework 2.0 Service Pack 1 安全更新程序 (KB953300) MS09-061
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和用于 .NET 版本 2.0 至 3.5 的 .NET Framework 3.5 Family Update (KB951847) x86 
KB971513,  Windows XP 更新程序 (KB971513) 
KB973475,  Microsoft Office Excel 2003 安全更新 (KB973475) MS09-067
KB951550,  Microsoft Office 2007 安全更新 (KB951550) MS08-069
KB975958,  Outlook 2003 垃圾邮件筛选器更新 (KB975958) 
KB973443,  Microsoft Office Word 2003 安全更新 (KB973443) MS09-068
KB969947,  Windows XP 安全更新程序 (KB969947) MS09-065
KB943729,  用于 Windows XP 的组策略首选项客户端扩展 (KB943729) 
KB890830,  Windows 恶意软件删除工具 - 2009 年 11 月 (KB890830) 

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
    [2108] C:\WINDOWS\system32\wuauclt.exe

==================================


[/CODE]