[CODE]

2007-02-01,13:21:51

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <UUpdate><rem C:\Progra

<UUpdate><rem C:\Program Files\UUSee\UUpdate.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <LClock><rem C:\Program Files\LClock\LClock.exe>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <paTray><rem "C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe">  [N/A]
    <System><rem C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <upx1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\upx1.exe>  [N/A]
    <upxdnd1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\ztt.exe>  [N/A]
    <webService><C:\WINDOWS\services.exe>  [N/A]
    <Snewpeek><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\6.exe>  [N/A]
    <wsvbs><rem C:\WINDOWS\wsvbs.exe>  [N/A]
    <sdafdsafds><rem C:\WINDOWS\temp\155.exe>  [N/A]
    <AHNSD><"C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe">  [AhnLab, Inc.]
    <WinampAgent><"F:\软件包\winampa.exe">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  [N/A]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [(Verified)YAHOO Corporation Limited]
    <_{06A48AD9-FF57-4E73-937B-B493E72F4226}><>  [N/A]
    <_{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><>  [N/A]
    <_{6E44887F-5214-41F2-AB46-4728735C4CC6}><>  [N/A]
    <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptimg.dll>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[4FEB270 / 4FEB270][Stopped/Auto Start]
  <C:\WINDOWS\system32\4FEB270.EXE -service><Microsoft Corporation>
[9FFD0DA0 / 9FFD0DA0][Stopped/Auto Start]
  <C:\WINDOWS\system32\9FFD0DA0.EXE -service><Microsoft Corporation>
[AhnLab Task Scheduler / AhnLab Task Scheduler][Running/Auto Start]
  <"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe"><AhnLab, Inc.>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Imsvc / Imsvc][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Webmail.dll><>
[Remote Registry Protect / Investor][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\cgjhq.dll><Microsoft Corporation>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[MonSvcNT / MonSvcNT][Running/Auto Start]
  <C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe><AhnLab, Inc.>

[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Policy Agent Service V2.5 / paSvc][Running/Auto Start]
  <"C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe"><AhnLab, Inc.>
[Remote Managements Instrumenta / Remss_Ser][Stopped/Auto Start]
  <C:\WINDOWS\system32\netstart.exe -service><N/A>
[SysServiceStart / ServiceStart][Running/Auto Start]
  <C:\Windows\system32\RWBIQXEKRY.EXE><N/A>
[Security Machine Manager / SOCEESe][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\EKBMM.DLL,Export 1087><N/A>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
  <C:\WINDOWS\system32\win.exe><N/A>
[Vsn vsxx Service / vsxx][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\bfda\imkh.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
  <C:\WINDOWS\system32\kaven.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>

==================================
驱动程序
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnfdIont / AnfdIont][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ApfIPXX / ApfIPXX][Stopped/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\ApfIPXX.sys><AhnLab, Inc.>
[ast / ast][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[ffpbek / ffpbek][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[lxyp / lxypc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\lxypc.sys><N/A>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
  <system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[msqmx / msqmx][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\msqmx.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Policy Agent Service V2.5 / paSvc][Running/Auto Start]
  <"C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe"><AhnLab, Inc.>
[Remote Managements Instrumenta / Remss_Ser][Stopped/Auto Start]
  <C:\WINDOWS\system32\netstart.exe -service><N/A>
[SysServiceStart / ServiceStart][Running/Auto Start]
  <C:\Windows\system32\RWBIQXEKRY.EXE><N/A>
[Security Machine Manager / SOCEESe][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\EKBMM.DLL,Export 1087><N/A>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
  <C:\WINDOWS\system32\win.exe><N/A>
[Vsn vsxx Service / vsxx][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\bfda\imkh.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
  <C:\WINDOWS\system32\kaven.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>

==================================
驱动程序
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnfdIont / AnfdIont][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ApfIPXX / ApfIPXX][Stopped/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\ApfIPXX.sys><AhnLab, Inc.>
[ast / ast][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[ffpbek / ffpbek][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[lxyp / lxypc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\lxypc.sys><N/A>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
  <system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[msqmx / msqmx][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\msqmx.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

{4CEB0B7C-0729-412B-8627-0088FB4F6D9F} <C:\WINDOWS\system32\BHO04.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\bfda\.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YDKRZGMTZGMTZ]
  {72D93625-D049-4B9E-9D7D-1131D0AFCAD4} <C:\WINDOWS\system32\PVAHPVCIP.DLL, N/A>
[V3BOH Class]
  {76EAE03C-F2B1-4397-97E8-390920B7C2DC} <C:\Program Files\AhnLab\V3\V3Bar.dll, AhnLab, Inc.>
[我的订阅]
  {8755CE6E-0BF7-4441-8751-FB728941B0B4} <C:\Program Files\P4P\rss.dll, Sohu.com Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[V3]
  {9E3849D6-41EF-4B2F-86B7-632EF90758E4} <"C:\Program Files\AhnLab\V3\V3Bar.dll", N/A>
[]
  {A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[af6a]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\42c4ntos.dll, N/A>
[]
  {EB16D2B9-8AA5-4CD7-A9F2-72A4D3078327} <C:\WINDOWS\system32\ciartmkwxgsuu.dll, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\webmail.dll]  [, 1, 0, 0, 2]
    [c:\windows\system32\ntxml.dll]  [, 1, 0, 0, 1]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1400][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
    [C:\WINDOWS\system32\vrcqt.dll]  [N/A, N/A]
    [C:\Windows\system32\TYEKTZGMTAH.DLL]  [N/A, 1.0.0.1]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\WINDOWS\TEMP\temper\iecatch.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, N/A]
    [C:\Program Files\AhnLab\V3\V3ShllEx.dll]  [AhnLab, Inc., 6, 0, 0, 13]
    [C:\Program Files\AhnLab\V3\NLS\V3SH0804.nls]  [AhnLab, Inc., 6, 0, 0, 7]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\ContextMenuExt.dll]  [N/A, N/A]
[PID: 1416][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe]  [AhnLab, Inc., 5, 3, 0, 158]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 5]
[PID: 1512][C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe]  [AhnLab, Inc., 6, 1, 0, 12]
    [C:\PROGRA~1\AhnLab\V3\AhnGICF.dll]  [AhnLab, Inc., 6, 0, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3DrEx.dll]  [AhnLab, Inc., 7, 0, 0, 112]
    [C:\PROGRA~1\AhnLab\V3\v3svcctr.dll]  [AhnLab, Inc., 6, 1, 0, 1]
    [C:\PROGRA~1\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\PROGRA~1\AhnLab\V3\V3Flt.dll]  [AhnLab, Inc., 6, 1, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\PROGRA~1\AhnLab\V3\v3if.dll]  [AhnLab, Inc., 6, 1, 0, 3]
    [C:\PROGRA~1\AhnLab\V3\V3STScan.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\AhnDMZ.dll]  [AhnLab, Inc., 6, 0, 0, 73]
    [C:\PROGRA~1\AhnLab\V3\V3Track.dll]  [AhnLab, Inc., 6, 0, 0, 26]
    [C:\PROGRA~1\AhnLab\V3\V3IMSvc.dll]  [AhnLab, Inc., 6, 0, 0, 33]
    [C:\PROGRA~1\AhnLab\V3\V3Ift.dll]  [AhnLab, Inc., 6, 0, 0, 5]
    [C:\PROGRA~1\AhnLab\V3\NLS\V3Dr0804.nls]  [AhnLab, Inc., 7, 0, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\v3logex.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3NETINT.dll]  [AhnLab, Inc., 6, 0, 0, 20]
    [C:\PROGRA~1\AhnLab\V3\System\26\V3pro32e.dll]  [AhnLab, Inc., 2007,01,30,00]
    [C:\WINDOWS\system32\v3w32se2.dll]  [Ahnlab, Inc., 2002, 12, 16, 1]
    [C:\PROGRA~1\AhnLab\V3\V3SR32.dll]  [AhnLab, Inc., 5, 0, 0, 2]
[PID: 1660][C:\WINDOWS\system32\7B73C970.exe]  [N/A, N/A]
[PID: 1732][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 28]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 3, 0, 1]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 9]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 1]
    [C:\Program Files\P4P\tbupdate.dll]  [Sogou.com Inc., 1, 0, 1, 1]
    [C:\Program Files\P4P\p4pipc.dll]  [Sogou.com Inc., 1, 0, 0, 13]
[PID: 1744][C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe]  [AhnLab, Inc., 2.5.5.76]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\TPool.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll]  [AhnLab, 2, 5, 5, 11]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\PaNetApi.dll]  [Ahnlab, Inc., 2, 5, 5, 90]
[PID: 340][C:\Windows\system32\RWBIQXEKRY.EXE]  [N/A, N/A]
[PID: 408][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448][C:\WINDOWS\system32\win.exe]  [N/A, N/A]
[PID: 748][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\bfda\imkh.dll]  [, 1, 2, 0, 8]
[PID: 2120][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
[PID: 2128][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]

[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\webmail.dll]  [, 1, 0, 0, 2]
    [c:\windows\system32\ntxml.dll]  [, 1, 0, 0, 1]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1400][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
    [C:\WINDOWS\system32\vrcqt.dll]  [N/A, N/A]
    [C:\Windows\system32\TYEKTZGMTAH.DLL]  [N/A, 1.0.0.1]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\WINDOWS\TEMP\temper\iecatch.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, N/A]
    [C:\Program Files\AhnLab\V3\V3ShllEx.dll]  [AhnLab, Inc., 6, 0, 0, 13]
    [C:\Program Files\AhnLab\V3\NLS\V3SH0804.nls]  [AhnLab, Inc., 6, 0, 0, 7]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\ContextMenuExt.dll]  [N/A, N/A]
[PID: 1416][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe]  [AhnLab, Inc., 5, 3, 0, 158]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 5]
[PID: 1512][C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe]  [AhnLab, Inc., 6, 1, 0, 12]
    [C:\PROGRA~1\AhnLab\V3\AhnGICF.dll]  [AhnLab, Inc., 6, 0, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3DrEx.dll]  [AhnLab, Inc., 7, 0, 0, 112]
    [C:\PROGRA~1\AhnLab\V3\v3svcctr.dll]  [AhnLab, Inc., 6, 1, 0, 1]
    [C:\PROGRA~1\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\PROGRA~1\AhnLab\V3\V3Flt.dll]  [AhnLab, Inc., 6, 1, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\PROGRA~1\AhnLab\V3\v3if.dll]  [AhnLab, Inc., 6, 1, 0, 3]
    [C:\PROGRA~1\AhnLab\V3\V3STScan.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\AhnDMZ.dll]  [AhnLab, Inc., 6, 0, 0, 73]
    [C:\PROGRA~1\AhnLab\V3\V3Track.dll]  [AhnLab, Inc., 6, 0, 0, 26]
    [C:\PROGRA~1\AhnLab\V3\V3IMSvc.dll]  [AhnLab, Inc., 6, 0, 0, 33]
    [C:\PROGRA~1\AhnLab\V3\V3Ift.dll]  [AhnLab, Inc., 6, 0, 0, 5]
    [C:\PROGRA~1\AhnLab\V3\NLS\V3Dr0804.nls]  [AhnLab, Inc., 7, 0, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\v3logex.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3NETINT.dll]  [AhnLab, Inc., 6, 0, 0, 20]
    [C:\PROGRA~1\AhnLab\V3\System\26\V3pro32e.dll]  [AhnLab, Inc., 2007,01,30,00]
    [C:\WINDOWS\system32\v3w32se2.dll]  [Ahnlab, Inc., 2002, 12, 16, 1]
    [C:\PROGRA~1\AhnLab\V3\V3SR32.dll]  [AhnLab, Inc., 5, 0, 0, 2]
[PID: 1660][C:\WINDOWS\system32\7B73C970.exe]  [N/A, N/A]
[PID: 1732][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 28]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 3, 0, 1]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 9]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 1]
    [C:\Program Files\P4P\tbupdate.dll]  [Sogou.com Inc., 1, 0, 1, 1]
    [C:\Program Files\P4P\p4pipc.dll]  [Sogou.com Inc., 1, 0, 0, 13]
[PID: 1744][C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe]  [AhnLab, Inc., 2.5.5.76]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\TPool.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll]  [AhnLab, 2, 5, 5, 11]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\PaNetApi.dll]  [Ahnlab, Inc., 2, 5, 5, 90]
[PID: 340][C:\Windows\system32\RWBIQXEKRY.EXE]  [N/A, N/A]
[PID: 408][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448][C:\WINDOWS\system32\win.exe]  [N/A, N/A]
[PID: 748][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\bfda\imkh.dll]  [, 1, 2, 0, 8]
[PID: 2120][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
[PID: 2128][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]

[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
[PID: 2164][C:\WINDOWS\services.exe]  [N/A, N/A]
[PID: 2200][C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe]  [AhnLab, Inc., 5, 3, 0, 23]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 5]
[PID: 2208][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2220][C:\Program Files\AhnLab\V3\MonSysNT.exe]  [AhnLab, Inc., 6, 1, 0, 91]
    [C:\Program Files\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\Program Files\AhnLab\V3\V3SSCtrl.dll]  [AhnLab, Inc., 6, 0, 0, 100]
    [C:\Program Files\AhnLab\V3\AhnI18N.dll]  [AhnLab, Inc., 6, 0, 0, 18]
    [C:\Program Files\AhnLab\V3\NLS\Mon0804.nls]  [AhnLab, Inc., 6, 0, 0, 26]
    [C:\Program Files\AhnLab\V3\AhnAlert.dll]  [AhnLab, Inc., 6, 0, 0, 17]
[PID: 2228][C:\Program Files\AhnLab\V3\V3P3AT.exe]  [AhnLab, Inc., 6, 1, 0, 201]
    [C:\Program Files\AhnLab\V3\v3if.dll]  [AhnLab, Inc., 6, 1, 0, 3]
    [C:\Program Files\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\Program Files\AhnLab\V3\V3DrEx.dll]  [AhnLab, Inc., 7, 0, 0, 112]
    [C:\Program Files\AhnLab\V3\V3P3ATHL.dll]  [AhnLab, Inc., 6, 0, 0, 23]
    [C:\Program Files\AhnLab\V3\AhnI18N.dll]  [AhnLab, Inc., 6, 0, 0, 18]
    [C:\Program Files\AhnLab\V3\V3MsgFlt.dll]  [AhnLab, Inc., 6, 0, 0, 63]
    [C:\Program Files\AhnLab\V3\V3NfCtl.dll]  [AhnLab, Inc., 6, 0, 0, 3]
    [C:\Program Files\AhnLab\V3\AnfdCtrl.dll]  [AhnLab, Inc., 2, 0, 0, 12]
    [C:\Program Files\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\Program Files\AhnLab\V3\AhnIConv.dll]  [AhnLab, Inc., 1, 0, 0, 1]
    [C:\Program Files\AhnLab\V3\NLS\V3Dr0804.nls]  [AhnLab, Inc., 7, 0, 0, 8]
    [C:\Program Files\AhnLab\V3\NLS\V3MF0804.nls]  [AhnLab, Inc., 6, 0, 0, 8]
    [C:\Program Files\AhnLab\V3\v3logex.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\Program Files\AhnLab\V3\NLS\p3at0804.nls]  [AhnLab, Inc., 6, 0, 0, 14]
    [C:\Program Files\AhnLab\V3\System\26\V3pro32e.dll]  [AhnLab, Inc., 2007,01,30,00]
    [C:\WINDOWS\system32\v3w32se2.dll]  [Ahnlab, Inc., 2002, 12, 16, 1]
    [C:\Program Files\AhnLab\V3\V3SR32.dll]  [AhnLab, Inc., 5, 0, 0, 2]
    [C:\Program Files\AhnLab\V3\V3azex.dll]  [AhnLab, Inc., 5, 0, 0, 14]
    [C:\Program Files\AhnLab\V3\AZMain.DLL]  [ESTSoft Corp, 3.6.9.543]
    [C:\Program Files\AhnLab\V3\V3MailDt.dll]  [AhnLab, Inc., 6, 0, 0, 91]
[PID: 2244][C:\Program Files\AhnLab\V3\V3IMPro.exe]  [AhnLab, Inc., 6, 0, 0, 33]
    [C:\Program Files\AhnLab\V3\V3IM.dll]  [AhnLab, Inc., 6, 0, 0, 47]
    [C:\Program Files\AhnLab\V3\V3Ift.dll]  [AhnLab, Inc., 6, 0, 0, 5]
    [C:\Program Files\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\Program Files\AhnLab\V3\NLS\V3IM0804.nls]  [AhnLab, Inc., 6, 0, 0, 8]
    [C:\Program Files\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
[PID: 2264][C:\WINDOWS\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 2272][C:\Documents and Settings\Boss\winampa~.exe]  [N/A, N/A]
[PID: 2292][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
[PID: 3460][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3120][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
[PID: 3140][C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.391\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.391\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

运行Sreng删除注册表

<upx1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\upx1.exe> [N/A]
<upxdnd1><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\ztt.exe> [N/A]
<webService><C:\WINDOWS\services.exe> [N/A]
wsvbs><rem C:\WINDOWS\wsvbs.exe> [N/A]
<sdafdsafds><rem C:\WINDOWS\temp\155.exe> [N/A]
<Snewpeek><rem C:\DOCUME~1\Boss\LOCALS~1\Temp\6.exe> [N/A]