管理员你好：
首先声明我不是来这里灌水的，确实你你前2次告诉我清除的方法，我照着做了，可是还是不能清楚http://www.68gw.com/这个网站，我实在毫不办法才来这里打扰您的，希望能给与解决，小弟我在此先谢过了，您辛苦了，帮帮忙


而且删掉的hook.dll重启之后又会出现，不知道跟什么还是有联系

2006-11-26,07:39:28

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<eMuleAutoStart><C:\Program Files\eMule\emule.exe -AutoStart> [http://www.emule.org.cn]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DT Soft Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<GADServer><C:\WINDOWS\system32\\GAdServer.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><> [N/A]

==================================
启动文件夹
[Monitor Apache Servers]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>

==================================
服务
[Apache2 / Apache2]
<"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework 服务 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Apache Tomcat / Tomcat5]
<"C:\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5><Apache Software Foundation>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
<C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[cda1000 / cda1000]
<C:\WINDOWS\SYSTEM32\DRIVERS\cda1000.SYS><Adaptec, Inc.>
[Cinemsup / Cinemsup]
<C:\WINDOWS\SYSTEM32\DRIVERS\Cinemsup.SYS><Sonic Solutions>
[drvmcdb / drvmcdb]
<\SystemRoot\system32\DRIVERS\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[NaiAvFilter1 / NaiAvFilter1]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Si3112 / Si3112]
<C:\WINDOWS\SYSTEM32\DRIVERS\Si3112.SYS><Silicon Image, Inc.>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sscdbhk5 / sscdbhk5]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tfsnboio / tfsnboio]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa]
<system32\dla\tfsnudfa.sys><Sonic Solutions>

==================================

浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Java Plug-in 1.4.2]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2]
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Microsoft DDS Library Shape Control]
{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F} <C:\Program Files\Common Files\Microsoft Shared\MSDesigners7\MSDDS.DLL, Microsoft Corporation>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\PROGRA~1\FlashGet\getflash.dll, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用超级解霸播放]
<C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[精彩图铃]
<C:\Program Files\AD4All\link2\phone.htm, N/A>

==================================

正在运行的进程
[PID: 528][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 664][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 864][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 912][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 976][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1040][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1096][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1244][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
[PID: 1360][C:\Program Files\Apache Group\Apache2\bin\Apache.exe] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\bin\libapr.dll] [Apache Software Foundation, 0.9.12]
[C:\Program Files\Apache Group\Apache2\bin\libaprutil.dll] [Apache Software Foundation, 0.9.12]
[C:\Program Files\Apache Group\Apache2\bin\libapriconv.dll] [Apache Software Foundation, 0.9.7]
[C:\Program Files\Apache Group\Apache2\bin\libhttpd.dll] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_access.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_actions.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_alias.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_asis.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_auth.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_cgi.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_dir.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_env.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_imap.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_include.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_isapi.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_log_config.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_mime.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_userdir.so] [Apache Software Foundation, 2.0.59]
[PID: 1388][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe] [Autodesk, Inc., 2.51.000]
[PID: 1396][C:\Program Files\Apache Group\Apache2\bin\Apache.exe] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\bin\libapr.dll] [Apache Software Foundation, 0.9.12]
[C:\Program Files\Apache Group\Apache2\bin\libaprutil.dll] [Apache Software Foundation, 0.9.12]
[C:\Program Files\Apache Group\Apache2\bin\libapriconv.dll] [Apache Software Foundation, 0.9.7]
[C:\Program Files\Apache Group\Apache2\bin\libhttpd.dll] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_access.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_actions.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_alias.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_asis.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_auth.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_autoindex.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_cgi.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_dir.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_env.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_imap.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_include.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_isapi.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_log_config.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_mime.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.59]
[C:\Program Files\Apache Group\Apache2\modules\mod_userdir.so] [Apache Software Foundation, 2.0.59]
[PID: 1448][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\applib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\cmalib.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\TCSubSys.dll] [Network Associates, Inc., 3.5.0.412]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]

[PID: 1108][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 5.1.00]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1200][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.5.0.412]
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1300][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] [McAfee, Inc., 8.0.0.152]
[C:\Program Files\Network Associates\VirusScan\BBCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\coptcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\nvpcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftcfg.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\OASCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\vsodscpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftl.dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 2156][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 2536][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Real\RealPlayer\rpshell.dll] [RealNetworks, Inc., 1.0.1.2263]
[C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Real\RealPlayer\lang\rpext_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\PROGRA~1\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[PID: 2952][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3296][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 51]
[PID: 3396][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 3452][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.5.0.474]
[C:\Program Files\Network Associates\Common Framework\0804\UpdRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] [Network Associates, Inc., 3.5.0.412]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.5.0.412]
[PID: 3460][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [N/A, 1.0.6.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.12.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.11.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[PID: 3496][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[PID: 3512][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1155]
[PID: 3604][C:\WINDOWS\system32\GAdServer.exe] [N/A, N/A]
[C:\DOCUME~1\wcg\LOCALS~1\Temp\E_4\krnln.fnr] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Hook.dll] [N/A, N/A]
[C:\DOCUME~1\wcg\LOCALS~1\Temp\E_4\shell.fne] [N/A, N/A]
[PID: 3616][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 3724][C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe] [Apache Software Foundation, 2.0.59]
[PID: 3736][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3388][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 2560][C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe] [RealNetworks, Inc., 0.1.0.3536]
[C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] [RealNetworks, Inc., 6.0.9.4093]
[C:\Program Files\Real\RealPlayer\lang\systray_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll] [RealNetworks, Inc., 7.0.0.1932]
[PID: 3276][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[PID: 3892][C:\DOCUME~1\wcg\LOCALS~1\Temp\Rar$EX00.969\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================