[PID: 1892][C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe]  [, 2.0.6.50]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Teleca Shared\tlib_log.dll]  [Popwire AB, 1.1.0.67]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll]  [N/A, ]
    [C:\Program Files\Common Files\Teleca Shared\tlib_cmndlgs.dll]  [Popwire AB, 1.1.0.19]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll]  [, 2.0.4.47]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll]  [, 2.0.4.31]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherMainDlg.dll]  [Sony Ericsson Mobile Communications AB, 2.0.4.33]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [C:\Program Files\Common Files\Teleca Shared\TC Device Mgmt.dll]  [Popwire AB, 1.4.7.14]
[PID: 1916][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
[PID: 1924][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
[PID: 3580][C:\Program Files\Common Files\Teleca Shared\Generic.exe]  [Obigo AB, 1, 4, 12, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Teleca Shared\tlib_log.dll]  [Popwire AB, 1.1.0.67]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll]  [N/A, ]
    [C:\Program Files\Common Files\Teleca Shared\TC Device Mgmt.dll]  [Popwire AB, 1.4.7.14]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9841.0]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [C:\Program Files\Common Files\Teleca Shared\HookStarter.dll]  [Popwire AB, 1.0.3.11]
    [C:\Program Files\Common Files\Teleca Shared\SpecificUSB.dll]  [Popwire AB, 1, 2, 1, 1]
    [C:\Program Files\Common Files\Sony Ericsson Shared\SpecificMPM.dll]  [Sony Ericsson Mobile Communications AB, 1, 3, 0, 0]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
[PID: 4040][C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe]  [Sony Ericsson Mobile Communications AB, 1, 2, 0,1219]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,151]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,1223]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll]  [Sony Ericsson Mobile Communications AB, 1, 2, 0,338]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9841.0]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0804.DLL]  [Popwire AB, 1, 0, 0,2018]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,1256]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,1039]
[PID: 3680][D:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [D:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.227.342]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.227.3]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.227.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.227.0]
    [c:\PROGRA~1\iesnap\navpref.dll]  [, 1, 0, 1, 2]
    [D:\Program Files\Tencent\TT\dbghelp.dll]  [Microsoft Corporation, 6.3.0005.1 (DbgBuild.030922-1449)]
    [c:\PROGRA~1\iesnap\navseg.dll]  [, 1, 0, 1, 1]
    [c:\PROGRA~1\iesnap\navneg.dll]  [, 1, 0, 1, 2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 7]
    [C:\Program Files\BitSpirit\Codec\RealMediaSplitter.ax]  [Gabest, 1, 0, 1, 1]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
[PID: 608][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.227.342]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.227.3]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.227.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.227.0]
[PID: 3460][F:\xjp\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [c:\progra~1\guej\thrw.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\guej\ymwb.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 2]
    [C:\PROGRA~1\COMMON~1\vjjvpc\whbdrb.nls]  [, 3, 6, 0, 5]
    [C:\WINDOWS\system32\FREEWB.IME]  [Delphi Fan Studio, 5.1]
    [E:\Program Files\freewb\plugin\date.plg]  [, 1, 0, 0, 1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.227.342]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.227.3]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.227.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.227.0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5C91FE1)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5C92155)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5C92222)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5C9209E)

==================================
隐藏进程
    [197] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    [1877] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe