[CODE]

2008-12-16,14:42:32

System Repair Engineer 2.7.0.1210 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790)

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务



启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <mysqld.exe><D:\PhpWeb\ENV\MySQL5\bin\mysqld.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
    <360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe">  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]


==================================
启动文件夹
N/A

==================================
服务
[Apache2 / Apache2][Stopped/Auto Start]
  <d:\PhpWeb\ENV\Apache2\bin\Apache.exe><Apache Software Foundation>
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r><Kaspersky Lab>
[bhaplo / bhaplo][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k bhaplo-->%SystemRoot%\System32\xzkgcv.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Microsoft Search / MSSEARCH][Stopped/Disabled]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Disabled]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Mysql5 / Mysql5][Stopped/Auto Start]
  <d:\PhpWeb\ENV\MySQL5\bin\mysqld.exe><N/A>
[NetBox Web Server / NBWeb][Stopped/Disabled]
  <><(File is missing)>
[NVIDIA Dissplay Drilverv / NVIDIA Dissplay Drilverv][Stopped/Disabled]
  <><(File is missing)>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Disabled]
  <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>


==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[360TimeProt / 360TimeProt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[usbmouseb / usbmouseb][Stopped/Manual Start]
  <\??\C:\WINDOWS\SYSTEM32\drivers\myname5.sys><N/A>
[XScanPF / XScanPF][Stopped/Manual Start]
  <\??\C:\Documents and Settings\SQLDebugger\桌面\X-Scan-v3.3\dat\xpf.sys><N/A>


==================================
浏览器加载项
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[IE Developer Toolbar BHO]
  {CC7E636D-39AA-49b6-B511-65413DA137A1} <C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll, (Signed) Microsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[网络通信保护状态]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[Developer Toolbar]
  {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} <C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {48FFE35F-36D9-44BD-A6CC-1D34414EAC0D} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {7208FB6D-EE30-4734-82C7-59BB71C5C0CE} <, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.2.5807.96.(291).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[IE Developer Toolbar BHO]
  {CC7E636D-39AA-49B6-B511-65413DA137A1} <C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5871.228.(292).dll, (Signed) Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>


==================================
正在运行的进程

[PID: 316 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 364 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]

[PID: 388 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 436 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 448 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]

[PID: 604 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 688 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 760 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 884 / SYSTEM][D:\PhpWeb\ENV\Apache2\bin\Apache.exe]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.9.12]
    [D:\PhpWeb\ENV\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.9.12]
    [D:\PhpWeb\ENV\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.9.7]
    [D:\PhpWeb\ENV\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_asis.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_auth.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_autoindex.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_dir.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_imap.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_isapi.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_proxy.so]  [N/A, ]
    [D:\PhpWeb\ENV\Apache2\modules\mod_proxy_connect.so]  [N/A, ]
    [D:\PhpWeb\ENV\Apache2\modules\mod_proxy_http.so]  [N/A, ]
    [D:\PhpWeb\ENV\Apache2\modules\mod_proxy_ftp.so]  [N/A, ]
    [D:\PhpWeb\ENV\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\Apache2\modules\mod_userdir.so]  [Apache Software Foundation, 2.0.58]
    [D:\PhpWeb\ENV\php5\php5apache2.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\php5\php5ts.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\Zend\ZendOptimizer-3.0.0\lib\ZendExtensionManager.dll]  [N/A, ]
    [D:\PhpWeb\ENV\php5\ext\php_mbstring.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\php5\ext\php_gd2.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\php5\ext\php_mysql.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\Apache2\bin\LIBMYSQL.dll]  [N/A, ]
    [D:\PhpWeb\ENV\php5\ext\php_sockets.dll]  [The PHP Group, 5.1.2.2]
    [D:\PhpWeb\ENV\Zend\ZendOptimizer-3.0.0\lib\Optimizer-3.0.0\php-5.1.x\ZendOptimizer.dll]  [N/A, ]

[PID: 1956 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 2000 / SYSTEM][C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]

[PID: 2276 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 2372 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]

[PID: 2552 / NETWORK SERVICE][c:\windows\system32\inetsrv\w3wp.exe]  [(Verified) Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\msjetoledb40.dll]  [, ]
    [C:\WINDOWS\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon)

[PID: 3348 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3376 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINDOWS\system32\tsd32.dll]  [, ]
    [C:\WINDOWS\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 3.02]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 3720 / 300925521bca][C:\WINDOWS\system32\rdpclip.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 3792 / 300925521bca][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[PID: 3968 / 300925521bca][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [C:\Program Files\360safe\live.dll]  [360.cn, 1, 0, 1, 1028]
[PID: 4016 / 300925521bca][C:\Program Files\360safe\antiarp\antiarp.exe]  [360安全中心, 2, 0, 0, 1008]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 4080 / 300925521bca][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 140 / 300925521bca][D:\PhpWeb\ENV\MySQL5\bin\mysqld.exe]  [N/A, ]
[PID: 368 / 300925521bca][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 3160 / 300925521bca][C:\Documents and Settings\Administrator\桌面\taskmgr.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 2968 / 300925521bca][D:\tonydoc\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3000 / 300925521bca][D:\tonydoc\sreng2\SRE4ed8ef28.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.a.com
127.0.0.1      www.b.com
127.0.0.1      www.c.com
127.0.0.1      www.d.com
127.0.0.1      www.e.com
127.0.0.1      www.f.com
127.0.0.1      www.g.com
127.0.0.1      www.h.com
127.0.0.1      www.i.com
127.0.0.1      www.j.com
127.0.0.1      www.k.com
127.0.0.1      www.l.com
127.0.0.1      www.m.com
127.0.0.1      www.n.com
127.0.0.1      www.o.com
127.0.0.1      www.p.com
127.0.0.1      www.q.com
127.0.0.1      www.r.com
127.0.0.1      www.s.com
127.0.0.1      www.t.com
127.0.0.1      www.u.com
127.0.0.1      www.v.com
127.0.0.1      www.w.com
127.0.0.1      www.x.com
127.0.0.1      www.y.com
127.0.0.1      www.z.com
127.0.0.1      www.data.com

==================================
进程特权扫描
N/A
==================================
计划任务

==================================
API HOOK
N/A
==================================
隐藏进程
N/A
[/CODE]

下载下列工具：
windows清理助手
XDelBox
清理临时文件工具ATF Cleaner
———————————————————————————————————————
开始操作之前，先把网络断开；
———————————————————————————————————————
使用“XDelBox”删除以下文件：
使用时一定拔掉所有移动存储设备，将下面分隔线中的的文件路径全部复制，然后打开XDelBox直接使用右键菜单的“粘帖”导入，勾选“抑制再生”、“驱动安全删除模式”、“备份文件”，最后选择右键菜单的“立刻重启执行删除”。
———————————————————————————————————————
C:\WINDOWS\system32\xzkgcv.dll
C:\WINDOWS\system32\msjetoledb40.dll
———————————————————————————————————————
重启计算机后会看到一个请选择要启动的操作系统的提示，倒计时5秒，
第一个选项是你自己的Windows系统，
第二个选项是XDelBox的Go XDelBox To Del Files，
默认自动选择第二项，会进入类似DOS的界面，这期间什么操作都不用做，等待它自动运行即可，
待病毒文件删除后会自动重启进入Windows系统，
然后再按以下步骤操作：
———————————————————————————————————————
打开SREng，选择【启动项目】-【服务】-【Win32服务应用程序】，将以下项删除：
[bhaplo / bhaplo]    <C:\WINDOWS\system32\svchost.exe -k bhaplo-->%SystemRoot%\System32\xzkgcv.dll>
———————————————————————————————————————
使用“清理临时文件工具ATF Cleaner”，全选所有项目，点击【立即清理】；
———————————————————————————————————————
使用“Windows清理助手”清理一下；

很好很强大！！
我去试试，谢谢～～啵啵

我在最后选择右键菜单的“立刻重启执行删除”的时候发生意外：

XDelBox提述说：

对不起，本版本已停止使用，请到毒豆网下载专用版。

我在哪里可以下载到专用版，或者之前可以版本呢？谢谢

<C:\WINDOWS\system32\svchost.exe -k bhaplo-->%SystemRoot%\System32\xzkgcv.dll>

直接删除不行吗？

Xdelbox工具 下载：http://www.dodudou.com/down/

[code]2008-12-16,18:36:18
SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)
Windows Server 2003, Enterprise Edition Service Pack 2 (build 3790) - Administrators

========================================
注册项
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <mysqld.exe><D:\PhpWeb\ENV\MySQL5\bin\mysqld.exe>  [N/A, C:2005-12-28 20:22 M:2005-12-28 20:22]
    <ServUTrayIcon><C:\Program Files\Serv-U\ServUTray.exe>  [N/A, C:2008-12-07 05:15 M:2005-01-04 10:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12]
    <360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start>  [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe">  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
    <网络通信保护状态><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
    <><>  []

========================================
启动项

========================================
计划任务

========================================
组件

IE Extension
[网络通信保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
Shell Extension
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <hticons.dll>  []
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-11-04 14:42 M:2007-09-23 18:59]
[网络通信保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
BrowserHelperObject
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <>  []
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
ActiveX Extension
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx>  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]
Context Menu
[Kaspersky Anti-Virus]
    {dd230880-495a-11d1-b064-008048ec2fc5}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-11-04 14:42 M:2007-09-23 18:59]

========================================
服务
[Apache2 / Apache2][Stopped/Auto Start]
    <d:\PhpWeb\ENV\Apache2\bin\Apache.exe>  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[Microsoft Search / MSSEARCH][Stopped/Disabled]
    <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe">  [Microsoft Corporation, 9.107.5512.0, C:2008-11-03 19:46 M:2008-12-05 15:45]
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
    <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe>  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-17 17:53]
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Disabled]
    <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe>  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:48 M:2008-12-05 15:47]
[Mysql5 / Mysql5][Stopped/Auto Start]
    <d:\PhpWeb\ENV\MySQL5\bin\mysqld.exe>  [N/A, C:2005-12-28 20:22 M:2005-12-28 20:22]
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Disabled]
    <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe>  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2008-12-05 15:48]
[WinHTTP Web Proxy Auto-Discovery Service / WinHttpAutoProxySvc][Stopped/Disabled]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "winhttp.dll">  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
    <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]

========================================
驱动
[360TimeProt / 360TimeProt][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys>  [N/A, C:2008-12-05 00:13 M:2008-12-05 00:13]
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
    <system32\DRIVERS\ipinip.sys>  []
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
    <system32\drivers\npf.sys>  [NetGroup - Politecnico di Torino, 3, 1, 0, 23, C:2008-12-05 00:39 M:2005-05-17 21:24]
[XScanPF / XScanPF][Stopped/Manual Start]
    <\??\C:\Documents and Settings\SQLDebugger\桌面\X-Scan-v3.3\dat\xpf.sys>  []
[360AntiArp / 360AntiArp][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys>  [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33]
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-11-03 19:10 M:2005-07-08 17:56]
[Kl1 / kl1][Running/Boot Start]
    <system32\drivers\kl1.sys>  [(Verified)Kaspersky Lab, 6.2.35.0, C:2008-07-21 18:34 M:2008-07-21 18:34]
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
    <system32\drivers\klbg.sys>  [(Verified)Kaspersky Lab, 8.0.6.2, C:2008-01-29 18:29 M:2008-01-29 18:29]
[Kaspersky Lab Driver / KLIF][Running/System Start]
    <system32\DRIVERS\klif.sys>  [(Verified)Kaspersky Lab, 8.1.0.100, C:2008-12-05 16:54 M:2008-12-05 16:54]
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
    <system32\DRIVERS\klim5.sys>  [(Verified)Kaspersky Lab, 6.1.28.0, C:2008-04-30 18:06 M:2008-04-30 18:06]
[DDK PACKET Protocol / Packet][Running/Manual Start]
    <system32\DRIVERS\ProtoDrv.sys>  [(Verified)360安全中心, 1, 0, 1, 1001, C:2008-04-09 16:36 M:2008-04-09 16:36]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
    <system32\DRIVERS\Rtnicxp.sys>  [(Verified)Realtek Semiconductor Corporation                          , 5.681.1120.2007 built by: WinDDK, C:2008-09-08 15:01 M:2008-02-18 10:17]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2007-11-10 00:00 M:2007-11-13 17:32]

========================================
进程
[PID: 316 / SYSTEM]  \SystemRoot\System32\smss.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 364 / SYSTEM]  \??\C:\WINDOWS\system32\csrss.exe  [(Verified)Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 388 / SYSTEM]  \??\C:\WINDOWS\system32\winlogon.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\klogon.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 436 / SYSTEM]  C:\WINDOWS\system32\services.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 448 / SYSTEM]  C:\WINDOWS\system32\lsass.exe  [(Verified)Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 604 / SYSTEM]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 688 / NETWORK SERVICE]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 760 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26]
[PID: 884 / SYSTEM]  D:\PhpWeb\ENV\Apache2\bin\Apache.exe  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\bin\libapr.dll  [Apache Software Foundation, 0.9.12, C:2006-04-29 16:31 M:2006-04-29 16:31]
    D:\PhpWeb\ENV\Apache2\bin\libaprutil.dll  [Apache Software Foundation, 0.9.12, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\bin\libapriconv.dll  [Apache Software Foundation, 0.9.7, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\bin\libhttpd.dll  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_access.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_actions.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_alias.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_asis.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_auth.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_autoindex.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_cgi.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_dir.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_env.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_imap.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_include.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_isapi.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_log_config.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_mime.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_proxy.so  [N/A, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_proxy_connect.so  [N/A, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_proxy_http.so  [N/A, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_proxy_ftp.so  [N/A, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_negotiation.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_rewrite.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_setenvif.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\Apache2\modules\mod_userdir.so  [Apache Software Foundation, 2.0.58, C:2006-04-29 17:47 M:2006-04-29 17:47]
    D:\PhpWeb\ENV\php5\php5apache2.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:14 M:2006-01-11 17:14]
    D:\PhpWeb\ENV\php5\php5ts.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:14 M:2006-01-11 17:14]
    D:\PhpWeb\ENV\Zend\ZendOptimizer-3.0.0\lib\ZendExtensionManager.dll  [N/A, C:2006-01-29 15:25 M:2006-01-29 15:25]
    D:\PhpWeb\ENV\php5\ext\php_mbstring.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:15 M:2006-01-11 17:15]
    D:\PhpWeb\ENV\php5\ext\php_gd2.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:14 M:2006-01-11 17:14]
    D:\PhpWeb\ENV\php5\ext\php_mysql.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:15 M:2006-01-11 17:15]
    D:\PhpWeb\ENV\Apache2\bin\LIBMYSQL.dll  [N/A, C:2005-12-28 20:22 M:2005-12-28 20:22]
    D:\PhpWeb\ENV\php5\ext\php_sockets.dll  [The PHP Group, 5.1.2.2, C:2006-01-11 17:15 M:2006-01-11 17:15]
    D:\PhpWeb\ENV\Zend\ZendOptimizer-3.0.0\lib\Optimizer-3.0.0\php-5.1.x\ZendOptimizer.dll  [N/A, C:2006-03-30 18:58 M:2006-03-30 18:58]
[PID: 1956 / SYSTEM]  C:\WINDOWS\system32\inetsrv\inetinfo.exe  [(Verified)Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710), C:2008-11-03 19:26 M:2007-11-10 00:00]
[PID: 2000 / SYSTEM]  C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-17 17:53]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:50]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-17 17:54]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
    C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLFTQRY.DLL  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]
[PID: 2276 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 2372 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 2552 / NETWORK SERVICE]  c:\windows\system32\inetsrv\w3wp.exe  [(Verified)Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710), C:2008-11-03 19:26 M:2007-11-10 00:00]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\scrchpg.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\klscav.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25]
    c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26]
    C:\WINDOWS\system32\msjetoledb40.dll  [(Verified)N/A, C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\DBmsLPCn.dll  [Microsoft Corporation, 2000.080.0194.00, C:2008-11-03 19:47 M:2000-08-06 01:51]

[PID: 3348 / SYSTEM]  \??\C:\WINDOWS\system32\csrss.exe  [(Verified)Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 3376 / SYSTEM]  \??\C:\WINDOWS\system32\winlogon.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\klogon.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\tssoft32.acm  [(Verified)DSP GROUP, INC., 1.01, C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\tsd32.dll  [(Verified)N/A, C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\sl_anet.acm  [(Verified)Sipro Lab Telecom Inc., 3.02, C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\l3codeca.acm  [(Verified)Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305, C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 3720 / 300925521bca]  C:\WINDOWS\system32\rdpclip.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2008-11-03 19:12 M:2007-11-10 00:00]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[PID: 3968 / 300925521bca]  C:\Program Files\360safe\safemon\360tray.exe  [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\Program Files\360safe\safemon\SafeKrnl.dll  [(Verified)奇虎网, 4, 3, 0, 1003, C:2008-08-26 16:55 M:2008-08-26 16:55]
    C:\Program Files\360safe\AntiAdwa.dll  [(Verified)360Safe.com, 4, 2, 0, 1001, C:2008-06-13 20:16 M:2008-06-13 20:16]
    C:\Program Files\360safe\live.dll  [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 4016 / 300925521bca]  C:\Program Files\360safe\antiarp\antiarp.exe  [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 4080 / 300925521bca]  C:\WINDOWS\system32\ctfmon.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 140 / 300925521bca]  D:\PhpWeb\ENV\MySQL5\bin\mysqld.exe  [N/A, C:2005-12-28 20:22 M:2005-12-28 20:22]
[PID: 368 / 300925521bca]  C:\WINDOWS\system32\conime.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 1912 / LOCAL SERVICE]  C:\WINDOWS\System32\logon.scr  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 3988 / 300925521bca]  C:\Program Files\Serv-U\ServUTray.exe  [N/A, C:2008-12-07 05:15 M:2005-01-04 10:41]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[PID: 2840 / 300925521bca]  C:\Program Files\Serv-U\ServUAdmin.exe  [Cat Soft, 6.0.0.2, C:2008-12-07 05:15 M:2005-01-04 11:11]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\Program Files\Serv-U\libeay32.DLL  [N/A, C:2008-12-07 05:15 M:2004-11-05 09:25]
    C:\Program Files\Serv-U\ssleay32.DLL  [N/A, C:2008-12-07 05:15 M:2004-11-05 09:25]
[PID: 3332 / 300925521bca]  C:\Program Files\Serv-U\ServUDaemon.exe  [Cat Soft, 6.0.0.2, C:2008-12-07 05:15 M:2005-01-04 10:38]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\Program Files\Serv-U\libeay32.DLL  [N/A, C:2008-12-07 05:15 M:2004-11-05 09:25]
    C:\Program Files\Serv-U\ssleay32.DLL  [N/A, C:2008-12-07 05:15 M:2004-11-05 09:25]
[PID: 3776 / 300925521bca]  D:\Macromedia\Dreamweaver 8\dreamweaver.exe  [Macromedia, Inc., 8.0.0.2766, C:2005-09-27 16:14 M:2008-12-05 15:01]
    D:\Macromedia\Dreamweaver 8\dbghelp.dll  [Microsoft Corporation, 6.1.0017.2 (DbgBuild.030121-2003), C:2005-09-27 01:23 M:2005-09-27 01:23]
    D:\Macromedia\Dreamweaver 8\xerces-c_2_6.dll  [Apache Software Foundation, 2, 6, 0, C:2005-09-27 01:33 M:2005-09-27 01:33]
    D:\Macromedia\Dreamweaver 8\Fireworks Library.dll  [Macromedia Inc., 7.0, C:2005-09-27 01:28 M:2005-09-27 01:28]
    D:\Macromedia\Dreamweaver 8\NetIO.dll  [N/A, C:2005-09-27 01:36 M:2005-09-27 01:36]
    D:\Macromedia\Dreamweaver 8\CoreTypes.dll  [N/A, C:2005-09-27 01:35 M:2005-09-27 01:35]
    D:\Macromedia\Dreamweaver 8\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 20:14 M:2003-03-18 20:14]
    D:\Macromedia\Dreamweaver 8\icuuc30.dll  [IBM Corporation and others, 3, 0, 0, 0, C:2005-09-27 01:30 M:2005-09-27 01:30]
    D:\Macromedia\Dreamweaver 8\icudt30.dll  [IBM Corporation and others, 3, 0, 0, 0, C:2005-09-27 01:30 M:2005-09-27 01:30]
    D:\Macromedia\Dreamweaver 8\LIBEAY32.dll  [N/A, C:2005-09-27 01:32 M:2005-09-27 01:32]
    D:\Macromedia\Dreamweaver 8\SSLEAY32.dll  [N/A, C:2005-09-27 01:32 M:2005-09-27 01:32]
    D:\Macromedia\Dreamweaver 8\LIBCURL.dll  [N/A, C:2005-09-27 01:35 M:2005-09-27 01:35]
    D:\Macromedia\Dreamweaver 8\Workspace.dll  [N/A, C:2005-09-27 01:37 M:2005-09-27 01:37]
    D:\Macromedia\Dreamweaver 8\MFC71U.DLL  [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 21:12 M:2003-03-18 21:12]
    D:\Macromedia\Dreamweaver 8\PSAPI.DLL  [Microsoft Corporation, 4.00, C:2005-09-27 01:23 M:2005-09-27 01:23]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    D:\Macromedia\Dreamweaver 8\Configuration\Resources.dll  [Macromedia, Inc., 2.0, C:2005-09-27 16:16 M:2005-09-27 16:16]
    D:\Macromedia\Dreamweaver 8\MMxptResources.dll  [Macromedia, Inc., 5, 0, 0, 44, C:2005-09-27 01:30 M:2005-09-27 01:30]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    D:\Macromedia\Dreamweaver 8\Configuration\JSExtensions\MMNotes.dll  [Macromedia, Inc., 3, 0, 2, 0, C:2005-09-27 01:37 M:2005-09-27 01:37]
    D:\Macromedia\Dreamweaver 8\Configuration\JSExtensions\SWFFile.dll  [N/A, C:2005-09-27 01:36 M:2005-09-27 01:36]
    D:\Macromedia\Dreamweaver 8\Configuration\JSExtensions\MM.dll  [N/A, C:2005-09-27 01:37 M:2005-09-27 01:37]
    D:\Macromedia\Dreamweaver 8\Configuration\JSExtensions\DWfile.dll  [N/A, C:2005-09-27 01:40 M:2005-09-27 01:40]
    D:\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll  [N/A, C:2005-09-27 01:28 M:2005-09-27 01:28]
    D:\Macromedia\Dreamweaver 8\Configuration\JSExtensions\TSL.dll  [N/A, C:2005-09-27 01:39 M:2005-09-27 01:39]
[PID: 2188 / 300925521bca]  C:\WINDOWS\system32\taskmgr.exe  [(Verified)Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
[PID: 4380 / 300925521bca]  C:\WINDOWS\explorer.exe  [(Verified)Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710), C:2007-11-10 00:00 M:2007-11-10 00:00]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[PID: 5224 / 300925521bca]  C:\Program Files\arswp\ArSwp.exe  [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-12-16 18:25 M:2008-11-15 11:58]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-12-16 18:25 M:2007-11-28 15:19]
========================================
文件关联
========================================
AutoRun.INF
========================================
Winsock提供者
========================================
HOSTS
    127.0.0.1 localhost
    127.0.0.1 www.a.com
    127.0.0.1 www.b.com
    127.0.0.1 www.c.com
    127.0.0.1 www.d.com
    127.0.0.1 www.e.com
    127.0.0.1 www.f.com
    127.0.0.1 www.g.com
    127.0.0.1 www.h.com
    127.0.0.1 www.i.com
    127.0.0.1 www.j.com
    127.0.0.1 www.k.com
    127.0.0.1 www.l.com
    127.0.0.1 www.m.com
    127.0.0.1 www.n.com
    127.0.0.1 www.o.com
    127.0.0.1 www.p.com
    127.0.0.1 www.q.com
    127.0.0.1 www.r.com
    127.0.0.1 www.s.com
    127.0.0.1 www.t.com
    127.0.0.1 www.u.com
    127.0.0.1 www.v.com
    127.0.0.1 www.w.com
    127.0.0.1 www.x.com
    127.0.0.1 www.y.com
    127.0.0.1 www.z.com
    127.0.0.1 [url=http://www.data.com[/code]www.data.com[/code[/url]]