[CODE]

2010-05-15,20:20:50

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SrLoader><; D:\超级兔子\MagicSet\SrLoader.exe>  [(Verified)Beijing Gigabit Times Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{D7B21266-AA85-44b8-B516-3B1A69827400}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><D:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><D:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><D:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基互联网安全套装 7.0 / AVP][Stopped/Manual Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[SmartLinkService / SLService][Running/Auto Start]
  <slserv.exe><Smart Link>
[VJVodServices / vvdsvc][Stopped/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k vvdsvc-->D:\WINDOWS\system32\nagasoft\vjocx.dll><南京纳加软件有限公司>
[主动防御 / ZhuDongFangYu][Stopped/Manual Start]
  <"D:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe"><360.cn>

==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[BAPIDRV / BAPIDRV][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\BAPIDRV.SYS><360.cn>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[Scroll Bar Driver / MTC0003_STDSB][Running/Auto Start]
  <system32\STDSB.sys><>
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
  <system32\DRIVERS\Mtlmnt5.sys><Smart Link>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <system32\DRIVERS\Mtlstrm.sys><Smart Link>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <system32\DRIVERS\NtMtlFax.sys><Smart Link>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\D:\WINDOWS\system32\ntsim.sys><VIA Technologies, Inc.>
[Protector / Protector][Running/System Start]
  <system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Quantum DeepScanner Servers / qutmdserv][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\qutmdrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心>
[RecAgent / RecAgent][Stopped/Manual Start]
  <\??\D:\WINDOWS\system32\DRIVERS\RecAgent.sys><Smart Link>
[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
  <\??\D:\WINDOWS\system32\Drivers\safeboxkrnl.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
  <system32\DRIVERS\slntamr.sys><Smart Link>
[SlNtHal / SlNtHal][Stopped/Manual Start]
  <system32\DRIVERS\Slnthal.sys><Smart Link>
[SlWdmSup / SlWdmSup][Running/Manual Start]
  <system32\DRIVERS\SlWdmSup.sys><Smart Link>
[Srv / Srv][Running/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51][Stopped/Manual Start]
  <system32\DRIVERS\w70n51.sys><Intel? Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项

[]
  {FFFFFFFF-74CC-4B7C-B5F1-45913F368388} <, >
[]
  {FFFFFFFF-EEEE-EEEE-849E-8DF86E037512} <, >
[  >> 彩信发送 <<]
  <{FFFFFFFF-EEEE-EEEE-849E-8DF86E037512}, N/A>
[  经KK图铃通发送到手机]
  <, >
[ &8848比较购物]
  <, >
[ &accoona toolbar search]
  <, >
[ chnjp ruby]
  <, >
[ POTU:订阅RSS地址频道]
  <, >
[ POTU:订阅选定的RSS地址频道]
  <, >
[ 发送到手机<迅彩图铃通>]
  <, >
[!CopySo拷贝搜]
  <, >
[!全球排名]
  <, >
[!反向链接]
  <, >
[!搜一搜]
  <, >
[!直接打开链接]
  <, >
[!网页快照]
  <, >
[&8848比较购物]
  <, >
[&8848购物引擎搜索]
  <, >
[&Accoona Toolbar Search]
  <, >
[&AOL Toolbar Search]
  <, >
[&Chnjp ruby]
  <, >
[&Download by NetAnts]
  <, >
[&eBay Search]
  <, >
[&Esou search]
  <, >
[&ICQ Toolbar Search]
  <, >
[&iesnap]
  <, >
[&RSDN Search]
  <, >
[&Sample Toolband Serach]
  <, >
[&Windows Live Search]
  <, >
[&一艘搜索]
  <, >
[&使用BitComet下载]
  <, >
[&使用BitComet下载全部链接]
  <, >
[&使用BitComet下载本页视频]
  <, >
[&使用DuDu 加速器下载]
  <, >
[&使用DuDu 加速器下载全部链接]
  <, >
[&使用DuDu下载]
  <, >
[&使用DuDu下载全部链接]
  <, >
[&使用DuDu下载选择链接]
  <, >
[&使用DuDu捕获页面视频]
  <, >
[&使用PPGou桌面媒体下载]
  <, >
[&使用QQ旋风下载]
  <, >
[&使用QQ旋风下载全部链接]
  <, >
[&使用比邻下载(&B)]
  <, >
[&使用超级旋风下载]
  <, >
[&使用超级旋风下载全部链接]
  <, >
[&使用迅雷下载]
  <, >
[&使用迅雷下载全部链接]
  <, >
[&使用迷你PP下载]
  <, >
[&使用迷你迅雷下载]
  <, >
[&访问通用网址]
  <, >
[1.秀字转换]
  <, >
[2.表情插入]
  <, >
[>>彩信发送<<]
  <, >
[Add to My ToLib]
  <, >
[Add to Windows &Live Favorites]
  <, >
[Alexa Web Search]
  <, >
[Byna 搜索(&B)]
  <, >
[CNNIC无忧上网]
  <, >
[Download &All by NetAnts]
  <, >
[download link using mega manager...]
  <, >
[Easy-WebPrint打印]
  <, >
[Easy-WebPrint添加到打印列表]
  <, >
[Easy-WebPrint预览]
  <, >
[Easy-WebPrint高速打印]
  <, >
[Get Alexa Data]
  <, >
[Google 边栏评注...]
  <, >
[Mail to a Friend...]
  <, >
[MSN 搜索(&M)]
  <, >
[Note this (Google Note&book)]
  <, >
[Note this (Google Notebook)]
  <, >
[QUICK &SEARCH (YISOU.COM)]
  <, >
[QUICK SEARCH (YISOU.COM)]
  <, >
[Save To MHT]
  <, >
[See Related Links]
  <, >
[U88连锁加盟网]
  <, >
[Vagaa哇嘎画时代.lnk]
  <, >
[Write a Review...]
  <, >
[YOK搜索]
  <, >
[YOK搜索(&Y)]
  <, >
[YOK超级搜索]
  <, >
[[e] Allow popups for this site]
  <, >
[[e] Deny popups for this site]
  <, >
[[e] Refine Search]
  <, >
[[e] Search]
  <, >
[★ 发送到手机]
  <, >
[《左看时报》在线服务]
  <, >
[东方快车-保存翻译后的网页]
  <, >
[使用 ChinaCache 极速下载(&C)]
  <, >
[使用BiGet下载]
  <, >
[使用INFOFO将图片制作为彩信(&N)]
  <, >
[使用INFOFO将文字发送到手机(&N)]
  <, >
[使用IS下载]
  <, >
[使用iTudou下载节目]
  <, >
[使用KuGoo3下载(&K)]
  <, >
[使用PhGet下载批量]
  <, >
[使用QQ旋风下载全部链接]
  <, >
[使用Web迅雷下载]
  <, >
[使用Web迅雷下载全部链接]
  <, >
[使用和讯博揽订阅]
  <, >
[使用屁屁狗(PP&Gou)加速下载]
  <, >
[使用屁屁狗(PPGo&u)下载全部链接]
  <, >
[使用彩信超级自写发送到手机]
  <, >
[使用快车3下载]
  <, >
[使用快车3下载全部链接]
  <, >
[使用搜狗直通车下载]
  <, >
[使用新浪下载助手下载]
  <, >
[使用电驴下载]
  <, >
[使用百度搜索]
  <, >
[使用网络传送带下载]
  <, >
[使用网络传送带下载全部链接]
  <, >
[使用网际快车下载]
  <, >
[使用网际快车下载全部链接]
  <, >
[使用脱兔下载]
  <, >
[使用脱兔下载全部链接]
  <, >
[使用迅雷下载]
  <D:\迅雷  五\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷  五\Program\getallurl.htm, N/A>
[使用迅雷离线下载]
  <, >
[使用迷你迅雷下载]
  <, >
[保存: 完整网页...]
  <, >
[保存: 更多保存内容...]
  <, >
[保存到雅虎订阅(&Y)]
  <, >
[全能助手Windows优化王.lnk]
  <, >
[八乐音乐搜索(&B)]
  <, >
[剪贴板文字:  简 > 繁]
  <, >
[剪贴板文字:  繁 > 简]
  <, >
[加入365ＭＹ收藏夹(&U)]
  <, >
[加入365ＭＹ网摘(&N)]
  <, >
[发送到手机]
  <, >
[发送图片到手机]
  <, >
[发送图片到手机(&M)]
  <, >
[在新的前台选项卡中打开]
  <, >
[在新的后台选项卡中打开]
  <, >
[收藏此页到新浪ViVi]
  <, >
[新浪搜索]
  <, >
[易趣购物]
  <, >
[添加为广告拦截图片]
  <, >
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[添加到“我的订阅”]
  <, >
[添加到广告杀手]
  <, >
[添加到我的和讯网摘]
  <, >
[添加到百度搜藏]
  <, >
[添加到雅虎收藏+]
  <, >
[添加到雅虎订阅(&Y)]
  <, >
[珊瑚虫搜索]
  <, >
[用比特精灵下载(&B)]
  <, >
[用炫彩图铃发送该图片]
  <, >
[电鹰搜索]
  <, >
[百度--MP3搜索]
  <, >
[百度--图片搜索]
  <, >
[百度--新闻搜索]
  <, >
[百度--歌词搜索]
  <, >
[百度--网页搜索]
  <, >
[百度--词典搜索]
  <, >
[百度--贴吧搜索]
  <, >
[百度-搜索MP3]
  <, >
[百度-搜索图片]
  <, >
[百度-搜索新闻]
  <, >
[百度-搜索歌词]
  <, >
[百度-搜索网页]
  <, >
[百度-搜索贴吧]
  <, >
[百度-词典搜索]
  <, >
[百度首页]
  <, >
[粉碎文件]
  <, >
[网页:  [简体] 显示]
  <, >
[网页:  [繁体] 显示]
  <, >
[萤火虫发送此表情]
  <, >
[萤火虫网站]
  <, >
[萤火虫论坛]
  <, >
[解霸实时播放]
  <, >
[访问通用网址]
  <, >
[进入北纬30度网站]
  <, >
[金山毒霸反钓鱼...]
  <, >
[雅虎全网搜索]
  <, >
[雅虎搜索]
  <, >

==================================
正在运行的进程
[PID: 840 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940 / SYSTEM][\??\D:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
[PID: 964 / SYSTEM][\??\D:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1008 / SYSTEM][D:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 1020 / SYSTEM][D:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\schannel.dll]  [Microsoft Corporation, 5.1.2600.3487 (xpsp_sp2_gdr.081204-1905)]
[PID: 1180 / SYSTEM][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 1268 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 1308 / SYSTEM][D:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\WINDOWS\System32\SCHANNEL.dll]  [Microsoft Corporation, 5.1.2600.3487 (xpsp_sp2_gdr.081204-1905)]
    [D:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
[PID: 1476 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 1532 / LOCAL SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
[PID: 1796 / SYSTEM][D:\WINDOWS\system32\slserv.exe]  [Smart Link, 3.80.01MC15]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
[PID: 400 / zhaodatian][D:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\迅雷  五\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [D:\迅雷  五\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\迅雷  五\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\迅雷  五\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 3, 1, 1018]
    [D:\WINDOWS\system32\wmvcore.dll]  [Microsoft Corporation, 9.00.00.3268 (xpsp_sp2_qfe.081107-1345)]
    [D:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2172]
    [D:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2172]
    [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 408 / LOCAL SERVICE][D:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 884 / zhaodatian][D:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 856 / SYSTEM][D:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 4636 / zhaodatian][D:\WINDOWS\system32\taskmgr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
[PID: 3000 / zhaodatian][D:\SSM系统监控器\SRENG\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
[PID: 3008 / zhaodatian][D:\SSM系统监控器\SRENG\SRE2d498061.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [D:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3653 (xpsp_sp2_gdr.091207-1450)]
    [D:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.3518 (xpsp_sp2_gdr.090203-1250)]
    [D:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]
    [D:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3660 (xpsp_sp2_gdr.091216-1517)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
N/A

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]