[CODE]

2007-01-31,23:58:58

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <H/PC Connection Agent><"C:\PROGRA~1\MICROS~4\wcescomm.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw)]
    <ASUS Probe><C:\Program Files\ASUS\Probe\AsusProb.exe>  [N/A]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Logitech Utility><Logi_MwX.Exe>  [(Verified)Logitech Inc.]
    <snpstd3><C:\WINNT\vsnpstd3.exe>  []
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><stobject.dll>  [(Verified)Microsoft Corporation]
    <IPicture><c:\program files\internet explorer\PLUGINS\IPictureEx.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ActiveSync]
    <WinlogonNotify: ActiveSync><WcesWlgn.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Visual Studio Debugger Proxy Service / DbgProxy][Stopped/Manual Start]
  <C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Register DLL Driver / Register DLL Driver][Stopped/Auto Start]
  <"C:\WINNT\regdll.exe"><N/A>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[System Event Notification / SENS][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wgihfece.dll><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[aslm75 / aslm75][Running/Manual Start]
  <\??\C:\WINNT\system32\drivers\aslm75.sys><N/A>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[CO_Mon / CO_Mon][Stopped/Manual Start]
  <\??\C:\WINNT\system32\Drivers\CO_Mon.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[EDSP Port Driver / Edspport][Running/Manual Start]
  <System32\DRIVERS\es56hpi.sys><ESS Technology, Inc.>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[Logitech HID/USB Mouse Filter Driver / LHidFlt2][Running/Manual Start]
  <system32\DRIVERS\LHidFlt2.Sys><Logitech, Inc.>
[Logitech USB Receiver device driver / LHidUsb][Running/Manual Start]
  <System32\Drivers\LHidUsb.Sys><Logitech, Inc.>
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
  <system32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[VIA AGP Bus Filter / viaagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA AGP Bus Filter  / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[wgihfece / wgihfece][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\wgihfece.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~4\INetRepl.dll, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[AddSHCARoot Control]
  {098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINNT\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[CMBSafeHelper Class]
  {26BCA338-BB94-4E8F-A082-3E5735875B79} <C:\WINNT\system32\CMBGUARD.dll, >
[Symantec AntiVirus scanner]
  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINNT\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[Symantec RuFSI Utility Class]
  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINNT\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[BDC Control]
  {7253A666-8D4A-11D7-A4DC-00E04C504779} <C:\PROGRA~1\BDC\Bdc.ocx, BLUE>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINNT\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[SHLaunch Control]
  {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} <C:\WINNT\system32\SHLaunch.ocx, >
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\Bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\Bluesky\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\Bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[PP Control]
  {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\PROGRA~1\Bluesky\BLUESK~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\Bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\Bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\Bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\Bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\Bluesky\BLUESK~1\client.ocx, >
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\Bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 160][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\NavLogon.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
[PID: 212][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 224][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 396][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 424][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[PID: 452][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 2.2.0.577]
[PID: 464][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 9.0.0.338]
[PID: 484][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 536][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.10.3077]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
[PID: 600][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 504][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
[PID: 632][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
[PID: 688][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 9.0.0.338]
    [C:\WINNT\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINNT\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINNT\system32\NTS.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINNT\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  [Symantec Corp., 1.1.0.3]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.0.338]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\ecmsvr32.dll]  [Symantec Corporation, 71.1.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG32.DLL]  [Symantec Corporation, 20071.1.0.15]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\vpmsece.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 740][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 756][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 2.2.0.577]

[PID: 776][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 996][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1072][C:\WINNT\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.53]
    [C:\WINNT\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.11]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1104][C:\Program Files\ASUS\Probe\AsusProb.exe]  [N/A, N/A]
    [C:\WINNT\system\VCL35.bpl]  [Borland International, 3.0.3.70]
    [C:\WINNT\system\cp3240mt.dll]  [Borland International, 4.0]
    [C:\WINNT\system\borlndmm.dll]  [Borland International, 3.0.3.70]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\ASUS\Probe\CODISK.DLL]  [N/A, N/A]
    [C:\Program Files\ASUS\Probe\DiskIco.dll]  [N/A, N/A]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\ASUS\Probe\COLM7578.DLL]  [N/A, N/A]
    [C:\WINNT\system\bcbsmp35.bpl]  [, 1.0.0.0]
    [C:\WINNT\system\vclx35.bpl]  [Borland International, 3.0.3.70]
    [C:\Program Files\ASUS\Probe\Asus.dll]  [ASUS, 3, 0, 0, 2]
    [C:\Program Files\ASUS\Probe\ASMIAHD.dll]  [ASUS, 3, 0, 0, 1]
    [C:\Program Files\ASUS\Probe\AsmiCtrl.dll]  [ASUS, 3, 0, 0, 1]
    [C:\Program Files\ASUS\Probe\ASMIDMI.dll]  [ASUS, 3, 1, 0, 1]
    [C:\Program Files\ASUS\Probe\AsmiEnum.dll]  [ASUS, 3, 0, 0, 1]
    [C:\Program Files\ASUS\Probe\AsmiHwIo.dll]  [ASUS, 3, 1, 0, 1]
    [C:\Program Files\ASUS\Probe\AsmiVia.dll]  [N/A, N/A]
    [C:\Program Files\ASUS\Probe\AsmiAsus.dll]  [ASUS, 4, 0, 0, 2]
    [C:\Program Files\ASUS\Probe\COLMIco.dll]  [N/A, N/A]
    [C:\Program Files\ASUS\Probe\CODMI.DLL]  [N/A, N/A]
[PID: 1048][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL]  [Symantec Corporation, 2.0.39.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL]  [Symantec Corporation, 2.0.39.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 2.2.0.577]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 2.2.0.577]
    [C:\WINNT\system32\SYMREDIR.dll]  [Symantec Corporation, 5.3.0.46]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 9.0.0.338]
[PID: 1112][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1136][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1196][C:\Program Files\Logitech\MouseWare\system\em_exec.exe]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll]  [Logitech Inc., 9.79.019]
    [C:\WINNT\system32\COMNCTR.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\ccresrce.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Logitech\MouseWare\System\devices.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\ccustom.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1156][C:\WINNT\vsnpstd3.exe]  [, 1, 0, 2, 2]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1220][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 1, 0, 1, 1002]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 2, 1000]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 1232][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1260][C:\PROGRA~1\MICROS~4\wcescomm.exe]  [Microsoft Corporation, 4.1.4841.0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 1284][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 1304][C:\PROGRA~1\MICROS~4\rapimgr.exe]  [Microsoft Corporation, 4.1.4841.0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 1712][D:\gwbn.exe]  [, 0, 0, 7, 0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]
[PID: 1376][D:\sreng2_PConline\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.79.019]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\WINNT\system32\ZLBFJV.DAT]  [N/A, N/A]
    [C:\WINNT\system32\KGTCGV.DAT]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：NtQuerySystemInformation
入口点错误：NtTerminateProcess
入口点错误：ZwTerminateProcess
入口点错误：RegEnumKeyExA
入口点错误：RegEnumKeyExW
入口点错误：FindFirstFileW
入口点错误：FindNextFileA
入口点错误：FindNextFileW
入口点错误：CreateProcessA
入口点错误：CreateProcessW

==================================


[/CODE]

高手都睡觉了？

高手~~~~~~~~~~

睡觉了，明天来看看，斑竹大人帮忙看看