1.下载“建立安全环境工具”
链接地址：http://bbs.ikaka.com/showtopic-8547280.aspx
2.下载木马群专杀工具专杀：
http://dl.rising.com.cn/DownLoadInfo/VirusTools_More.shtml

今天又重装了一次电脑，发现只要打开QQ2008的登陆框就会有病毒提示框弹出来（瑞星已经没有办法打开了，只能用NOD32），NOD32无法根除这个名为“Rootkit.Agent.NFF”的病毒，目录显示在Win32下
我已经按9楼朋友说的做了，等下把日志发上来

[CODE]

2008-11-11,21:52:20

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <StartCCC><C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe>  []
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <EDS><C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe>  [Samsung Electronics,.LTD]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MagicKeyboard><C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe>  []
    <DMHotKey><C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe>  [SAMSUNG Electronics]
    <egui><"E:\ESET NOD32\egui.exe" /hide /waitservice>  [(Verified)"ESET, spol. s r.o."]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><E:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Antiarp><E:\360safe\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

接上面
==================================
启动文件夹
N/A

==================================
服务
[Agere Modem Call Progress Audio / AgereModemAudio][Running/Auto Start]
  <C:\WINDOWS\system32\agrsmsvc.exe><Agere Systems>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"E:\ESET NOD32\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"E:\ESET NOD32\ekrn.exe"><ESET>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Hotspot Shield Service / HotspotShieldService][Running/Auto Start]
  <E:\Hotspot Shield\bin\openvpnas.exe><N/A>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start]
  <system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[蓝牙总线枚举器 / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[DNSeFilter / DNSeFilter][Running/Manual Start]
  <system32\drivers\SamsungEDS.sys><Samsung Electronics,.LTD>
[MEMIO / DOSMEMIO][Running/Auto Start]
  <\??\C:\WINDOWS\system32\MEMIO.SYS><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rspp / rspp][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TAP VPN Adapter / tapvpn][Running/Manual Start]
  <system32\DRIVERS\tapvpn.sys><The OpenVPN Project>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, (Signed) Baidu.com, Inc.>
[Hotspot Shield Toolbar]
  {c95a4e8e-816d-4655-8c79-d736da1adb6d} <C:\Program Files\Hotspot_Shield\tbHot1.dll, (Signed) Conduit Ltd.>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\迅雷\Components\InMedia\peerid.dll, >
[]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\迅雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\迅雷\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, (Signed) Baidu.com, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360safe\live.dll, (Signed) 360.cn>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\DapCtrl1.5.578.28.156.dll, ShenZhen Thunder Networking Technologies Ltd.>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, (Signed) Baidu.com, Inc.>
[Hotspot Shield Toolbar]
  {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} <C:\Program Files\Hotspot_Shield\tbHot1.dll, (Signed) Conduit Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <, >
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\迅雷\Components\DownAndPlay\DapPlayer3.0.578.69.156.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, (Signed) Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用迅雷下载]
  <E:\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷\Program\getallurl.htm, N/A>
[发送到 Bluetooth 设备(&B)...]
  <C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[添加到百度搜藏]
  <http://cang.baidu.com/-/add.html, N/A>

接上面
==================================
正在运行的进程
[PID: 664 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4174]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2522]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 5.1.0.3300]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1532 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4174]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2522]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 5.1.0.3300]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.1.0.3300]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.1.0.3300]
[PID: 1968 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\ESET NOD32\shellExt.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\Hotspot_Shield\tbHot1.dll]  [Conduit Ltd., 4, 5, 188, 6]
    [C:\Program Files\Conduit\Community Alerts\Alert.dll]  [Conduit Ltd., 1, 0, 10, 0]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
[PID: 284 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.4.2]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 300 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE]  [Advanced Micro Devices Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e5bf987ddfe78844afe3872ce2d40cfd\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6058bd7befc2e747a99a11e3f40dc2cf\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\eb4495305a35ff4e8ce5c920ad94b5bc\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59ae8bd07dd8d4f9ba0eee76e83a604\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.40314__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2783.40314]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30174]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2729.30188]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.40312__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [ATI Technologies Inc., 2.0.2783.40312]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2729.30207]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [ATI Technologies Inc., 2.0.2729.30211]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2783.40020__90ba9c70f846762e\AEM.Server.dll]  [ATI Technologies Inc., 2.0.2783.40020]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30184]

接上面

[PID: 416 / Administrator][C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe]  [Samsung Electronics,.LTD, 1, 0, 0, 3]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 436 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.5.1 07Dec05]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.5.1 07Dec05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.5.1 07Dec05]
[PID: 448 / SYSTEM][C:\WINDOWS\system32\agrsmsvc.exe]  [Agere Systems, 1.0.0.4]
[PID: 476 / Administrator][E:\ESET NOD32\egui.exe]  [ESET, 3.0.669 ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\ESET NOD32\eguiScan.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\eguiAmon.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\eguiEmon.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\eguiEpfw.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\eguiUpdate.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\eguiMailPlugins.dll]  [ESET, 3.0.669 ]
[PID: 516 / Administrator][C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe]  [SAMSUNG Electronics Co., Ltd., 7, 0, 1, 2]
    [C:\Program Files\SAMSUNG\MagicKBD\EasyBoxDll.dll]  [, 1, 4, 0, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\SAMSUNG\MagicKBD\SITSndMx.DLL]  [SAMSUNG Electronics Co., Ltd., 1, 0, 0, 3]
    [C:\Program Files\SAMSUNG\MagicKBD\SITKbdHk.DLL]  [SAMSUNG Electronics Co., Ltd., 1, 0, 0, 21]
    [C:\Program Files\SAMSUNG\MagicKBD\KbdHID9x.DLL]  [SAMSUNG Electronics Co., Ltd., 1, 0, 0, 13]
[PID: 524 / Administrator][C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe]  [Samsung Electronics Co. Ltd., 1.0.1.8]
    [C:\Program Files\SAMSUNG\MagicKBD\SABI2.dll]  [SAMSUNG Electronics, 2, 0, 0, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / Administrator][E:\360safe\antiarp\antiarp.exe]  [360安全中心, 2, 0, 0, 1008]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][E:\ESET NOD32\ekrn.exe]  [ESET, 3.0.669 ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\ESET NOD32\ekrnScan.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\ekrnAmon.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\ekrnEmon.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\ekrnEpfw.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\ekrnUpdate.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\updater.dll]  [ESET, 3.0.669 ]
    [E:\ESET NOD32\ekrnMailPlugins.dll]  [ESET, 3.0.669 ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / Administrator][C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe]  [SAMSUNG Electronics, 2, 1, 9, 0]
    [C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Samsung\Easy Display Manager\SABI2.dll]  [SAMSUNG Electronics, 2, 0, 0, 1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2522]
    [C:\Program Files\Samsung\Easy Display Manager\WinMove.dll]  [, 0, 0, 0, 1]
[PID: 872 / SYSTEM][E:\Hotspot Shield\bin\openvpnas.exe]  [N/A, ]
    [E:\Hotspot Shield\bin\libcurl.dll]  [The cURL library, http://curl.haxx.se/, 7.18.0]
    [E:\Hotspot Shield\bin\libeay32.dll]  [N/A, ]
    [E:\Hotspot Shield\bin\libssl32.dll]  [N/A, ]
[PID: 1164 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Hotspot_Shield\tbHot1.dll]  [Conduit Ltd., 4, 5, 188, 6]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Conduit\Community Alerts\Alert.dll]  [Conduit Ltd., 1, 0, 10, 0]
    [C:\PROGRA~1\baidu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 179]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.6.0.1653]
[PID: 2128 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2184 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe]  [ATI Technologies Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e5bf987ddfe78844afe3872ce2d40cfd\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6058bd7befc2e747a99a11e3f40dc2cf\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\eb4495305a35ff4e8ce5c920ad94b5bc\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59ae8bd07dd8d4f9ba0eee76e83a604\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.40313__90ba9c70f846762e\CCC.Implementation.dll]  [ATI Technologies Inc., 2.0.2783.40313]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30174]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2729.30207]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30178]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [ATI Technologies Inc., 2.0.2729.30211]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.40312__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [ATI Technologies Inc., 2.0.2783.40312]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2729.30188]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.40314__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2783.40314]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll]  [ATI Technologies Inc., 2.0.2729.30313]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\2660efda9ad42f4382a43398dfe0099c\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.40021__90ba9c70f846762e\CLI.Component.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40021]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2729.30209]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2729.30193]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30203]
    [C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll]  [ATI Technologies Inc., 2.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2783.40020__90ba9c70f846762e\AEM.Server.dll]  [ATI Technologies Inc., 2.0.2783.40020]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30184]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.40019__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll]  [ATI Technologies Inc., 2.0.2783.40019]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30176]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30201]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.40357__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll]  [ATI Technologies Inc., 2.0.2783.40357]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30222]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30202]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2573.17684]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll]  [ATI Technologies Inc., 2.0.2729.30256]
    [C:\WINDOWS\system32\ATIDEMGX.dll]  [Advanced Micro Devices, Inc., 2.0.2779.39668]

接上面

[C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30212]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.40029__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll]  [Advanced Mirco Devices, Inc., 2.0.2783.40029]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll]  [Advanced Mirco Devices, Inc., 2.0.2729.30199]
    [C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll]  [ATI Technologies Inc., 2.0.2729.30259]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30197]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll]  [ATI Technologies Inc., 2.0.2729.30242]
    [C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.40022__90ba9c70f846762e\ATIDEMOS.dll]  [ATI Technologies Inc., 2.0.2783.40022]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.40049__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40049]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30216]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.40250__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40250]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2729.30243]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30230]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40186]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30212]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll]  [Advanced Micro Devices, Inc., 2.0.2651.18802]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30213]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.40293__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40293]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30231]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40085]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30219]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.40104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40104]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30219]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30224]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.40216__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40216]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30228]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40194]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30226]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40237]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30259]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40186]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30225]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.40257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40257]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30231]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2783.40194]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30227]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2783.40021__90ba9c70f846762e\APM.Server.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40021]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll]  [ATI Technologies Inc., 2.0.2729.30208]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.40305__90ba9c70f846762e\CLI.Component.Systemtray.dll]  [ATI Technologies Inc., 2.0.2783.40305]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll]  [Advanced Micro Devices, Inc., 2.0.2729.30205]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.40058__90ba9c70f846762e\CLI.Component.Wizard.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40058]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30185]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30211]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2729.30258]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.40064__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40064]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30216]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.40327__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40327]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.40265__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40265]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.40072__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40072]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30264]
    [C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.40278__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40278]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2783.40105__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40105]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2783.40085]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2783.40305_zh-CHS_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll]  [ATI Technologies Inc., 2.0.2783.40305]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.40037__90ba9c70f846762e\CLI.Component.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40037]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30199]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2729.30214]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.40043__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40043]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll]  [ATI Technologies Inc., 2.0.2729.30241]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.40334__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll]  [Advanced Mirco Devices, Inc., 2.0.2783.40334]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.40050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40050]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.40092__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40092]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.40217__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40217]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.40187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40187]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2783.40237]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.40258__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40258]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.40098__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40098]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.40195__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2783.40195]
[PID: 2868 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

接上面

    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3356 / Administrator][E:\SYSCLEAN\sysclean\sysclean.com]  [N/A, ]
[PID: 3368 / Administrator][E:\SYSCLEAN\sysclean\sysclean.exe]  [, 1, 1, 1002, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2704 / Administrator][E:\SYSCLEAN\sysclean\VSCANTM.BIN]  [N/A, ]
    [E:\SYSCLEAN\sysclean\VSAPI32.DLL]  [Trend Micro Inc., 8.500-1002]
[PID: 3128 / Administrator][E:\迅雷\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.9.472]
    [E:\迅雷\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 15]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\迅雷\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 4, 62]
    [E:\迅雷\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 0, 2, 307]
    [E:\迅雷\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\迅雷\Program\asyn_frame.dll]  [, 1, 0, 2, 7]
    [E:\迅雷\Program\backend_agent.dll]  [, 1, 0, 2, 11]
    [E:\迅雷\Program\ptl.dll]  [Thunder Networking Technologies, LTD, 1, 0, 2, 12]
    [E:\迅雷\Program\p2p_upload.dll]  [, 1, 0, 2, 7]
    [E:\迅雷\Program\fs.dll]  [, 1, 0, 2, 7]
    [E:\迅雷\Program\p2p.dll]  [, 1, 0, 2, 12]
    [E:\迅雷\Program\p2p_local_res.dll]  [, 1, 0, 2, 7]
    [E:\迅雷\Program\p2sp.dll]  [, 1, 0, 2, 13]
    [E:\迅雷\Program\down_dispatcher.dll]  [, 1, 0, 2, 12]
    [E:\迅雷\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 9]
    [E:\迅雷\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [E:\迅雷\Program\stream.dll]  [, 2, 0, 2, 308]
    [E:\迅雷\Program\al.dll]  [, 1, 1, 2, 9]
    [E:\迅雷\Program\emule_id.dll]  [, 1, 0, 2, 6]
    [E:\迅雷\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 4, 5, 21]
    [E:\迅雷\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 34]
    [E:\迅雷\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [E:\迅雷\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [E:\迅雷\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 24]
    [E:\迅雷\Components\InMedia\iEmbed16.dll]  [Thunder Networking Technologies,LTD, 3, 4, 7, 103]
    [E:\迅雷\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 1, 5, 41]
    [E:\迅雷\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [E:\迅雷\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 5, 0, 16]
    [E:\迅雷\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
    [E:\迅雷\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\迅雷\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 77]
    [E:\迅雷\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\迅雷\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 77]
    [E:\迅雷\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
    [E:\迅雷\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
    [E:\迅雷\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 59]
    [E:\迅雷\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 18]
    [E:\迅雷\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 74]
    [E:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [E:\迅雷\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 11, 106]
    [E:\迅雷\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [E:\迅雷\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 3]
    [E:\迅雷\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 29]
    [E:\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [E:\迅雷\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [C:\WINDOWS\system32\WMVCore.DLL]  [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\迅雷\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\InMedia\MediaAddin16.dll]  [Thunder Networking Technologies,LTD, 3, 1, 4, 76]
    [E:\迅雷\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[PID: 2496 / Administrator][E:\迅雷\Components\InMedia\ThunderMinisite.exe]  [Thunder Networking Technologies,LTD, 1, 0, 4, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\迅雷\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\InMedia\peerid.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [E:\迅雷\Components\InMedia\MediaAddin16.dll]  [Thunder Networking Technologies,LTD, 3, 1, 4, 76]
[PID: 3588 / Administrator][E:\安装包\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3244 / Administrator][E:\安装包\sreng2\SRE4eca8e94.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\安装包\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 300, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 300, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 416, C:\PROGRAM FILES\SAMSUNG\SAMSUNG EDS\EDSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 516, C:\PROGRAM FILES\SAMSUNG\MAGICKBD\MAGICKBD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 524, C:\PROGRAM FILES\SAMSUNG\MAGICKBD\PERFORMANCEMANAGER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 684, C:\PROGRAM FILES\SAMSUNG\EASY DISPLAY MANAGER\DMHKCORE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2184, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2184, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3356, E:\SYSCLEAN\SYSCLEAN\SYSCLEAN.COM]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3368, E:\SYSCLEAN\SYSCLEAN\SYSCLEAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2704, E:\SYSCLEAN\SYSCLEAN\VSCANTM.BIN]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3128, E:\迅雷\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2496, E:\迅雷\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3588, E:\安装包\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        E:\SOGOUI~1\360~1.165\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

我汗……日志这么多，我是完全不懂啊……哪位高手能指点一下

微软“黑屏”后遗症已初步爆发！许多网友正在庆幸躲过了“黑屏”，却没想到自己已因此而沦至最新病毒“扫荡波”。

最近一段时间，为了避免下载微软的黑屏补丁，许多网友关闭了系统自动更新，从而给了黑客们利用系统漏洞作恶的机会。更可怕的是，中招电脑就象《黑客帝国》中那些被史密斯特工传染的人物一样，马上变成又一个史密斯特工，转身就开始主动攻击局域网内的其它电脑。

据了解，这是黑客利用微软最新RPC漏洞MS08-067实施的“扫荡波”蠕虫攻击，用户如尚未给系统打好KB958644补丁，一旦被黑客扫描发现，瞬间便受到蠕虫病毒侵袭，成为被黑客远程控制的帮凶，主动去攻击其他用户的电脑。也就是说，局域网中一旦有一台电脑中招，全网没有修复漏洞的电脑就都会感染病毒，其危害和传播形式与猖獗一时的“冲击波”、“震荡波”非常相似。

一些已中招的网友在杀毒安全网中求助，他们反映：受到“扫荡波”攻击的系统会出现“svchost.exe应用程序错误”提示，无论点击“确定”还是“取消”按钮，系统或断网、或崩溃，如电脑桌面显示为乱码、程序无响应、无法打开任务管理器，各种症状层出不穷，使用任何杀毒软件均无济于事，即使重装系统也不能解决问题，除了修复系统之外再无药可救。如果您的电脑出现这样的情况，那很可能已经中了“扫荡波”。


图片说明：用户中了“扫荡波”蠕虫病毒后系统会不断出现“svchost.exe应用程序错误”提示



为此，安全专家强烈建议广大网友，尽快使用杀毒软件等第三方工具下载系统补丁，及时修复系统漏洞！已受到“扫荡波”蠕虫攻击的用户，除尽快用杀毒软件下载补丁外，断开网络后进行全盘查杀。

一波未平一波又起，“冲击波”、“震荡波”“魔波”的阴霾还没在们心头抹去，网络病毒再度袭来。10月24日凌晨，微软紧急发布了一项重要的安全更新（MS08-067），涉及 Microsoft Windows 2000、Windows XP 和 Windows Server 2003 的所有受支持版本，此安全更新的等级为“严重”；对于 Windows Vista、Windows Server 2008 和 Windows 7 Beta 的所有受支持版本。其危害程度毫不逊于当年波及80%以上Windows用户的“冲击波”病毒。