以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(Internat.exe)(internat.exe) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [(Verified)Microsoft Windows 2000 Publisher]
(NvCplDaemon)(RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(nwiz)(nwiz.exe /install) []
(NvMediaCenter)(RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(AutoRegC)(autoregc.exe) []
(kav)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe") [Kaspersky Lab]
(360Safetray)(C:\Program Files\360safe\safemon\360Tray.exe /start) [奇虎网]
(HDCSP RegCertTool)(C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe) [CIDC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows 2000 Publisher]
(Userinit)(C:\WINNT\system32\userinit.exe,) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
(WinlogonNotify: klogon)(C:\WINNT\system32\klogon.dll) [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINNT\system32\setup\wmpocm.exe /ShowWMP) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)((无)) [N/A]
--------------------------------------------------------------------------------
启动文件夹

N/A
--------------------------------------------------------------------------------
服务

[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
(C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r)(Kaspersky Lab)
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
(C:\WINNT\system32\nvsvc32.exe)(NVIDIA Corporation)
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
(C:\WINNT\System32\svchost.exe -k netsvcs--)C:\WINNT\system32\mspmsnsv.dll)(Microsoft Corporation)
--------------------------------------------------------------------------------
驱动程序

[中国华大智能密码钥匙驱动程序 / CIDCUSB][Running/Manual Start]
(System32\Drivers\cidcusb.sys)(CIDC.)
[dmboot / dmboot][Stopped/Disabled]
(System32\drivers\dmboot.sys)(VERITAS Software Corp.)
[Logical Disk Manager Driver / dmio][Running/Boot Start]
(\SystemRoot\System32\drivers\dmio.sys)(VERITAS Software Corp.)
[dmload / dmload][Running/Boot Start]
(\SystemRoot\System32\drivers\dmload.sys)(VERITAS Software Corp.)
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
(\??\G:\INSTALL\GMSIPCI.SYS)(N/A)
[kl1 / kl1][Running/Boot Start]
(\SystemRoot\system32\drivers\kl1.sys)(Kaspersky Lab)
[klif / klif][Running/System Start]
(\??\C:\WINNT\system32\drivers\klif.sys)(Kaspersky Lab)
[MSICPL / MSICPL][Stopped/Manual Start]
(\??\G:\install4\MSICPL.sys)(N/A)
[NTACCESS / NTACCESS][Stopped/Manual Start]
(\??\G:\NTACCESS.sys)(N/A)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
(system32\DRIVERS\NVENETFD.sys)(NVIDIA Corporation)
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
(system32\DRIVERS\nvnetbus.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
(\??\G:\NTGLM7X.sys)(N/A)
[CRW-Vu SCReader / WATCHKEY][Stopped/Auto Start]
(system32\DRIVERS\wdkey.SYS)(Beijing WatchData System Co., Ltd.)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(system32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)

--------------------------------------------------------------------------------
浏览器加载项

[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, )
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} (C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINNT\system32\msdxm.ocx, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
--------------------------------------------------------------------------------
正在运行的进程

[PID: 196][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 240][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]
[C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 268][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 280][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 464][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 492][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
[PID: 964][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINNT\system32\wmp.dll] [Microsoft Corporation, 9.00.00.3075]
[C:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\wmvcore.dll] [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
[C:\WINNT\system32\wmidx.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\WINNT\system32\wmnetmgr.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 1188][C:\WINNT\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.8186]
[C:\WINNT\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8186]
[PID: 1216][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[PID: 1220][C:\WINNT\system32\autoregc.exe] [N/A, ]
[C:\WINNT\system32\WDCRWV.dll] [N/A, ]
[PID: 1244][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 2, 1, 1001]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 2, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[C:\Program Files\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.50.2162.0]
[PID: 1252][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe] [CIDC, 1, 0, 0, 10]
[PID: 1280][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 976][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE] [Microsoft Corporation, 11.0.6355]
[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.6360]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3264.0]
[C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL] [Microsoft Corporation, 1.02]
[C:\WINNT\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2009]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9972]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\offguard.dll] [Kaspersky Lab, 6.0.0.299]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\WINNT\system32\FM20.DLL] [Microsoft Corporation, 11.0.6254]
[C:\WINNT\system32\fm20CHS.DLL] [Microsoft Corporation, 11.0.5516]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [Microsoft Corporation, 11.0.5510.0]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll] [Microsoft Corporation, 11.0.5510.0]
[C:\WINNT\system32\HD_CSP.dll] [N/A, ]
[C:\WINNT\system32\HD_InterFace.dll] [, 1, 1, 0, 1]
[C:\WINNT\system32\HD_Device.dll] [HED, 1, 0, 6, 0]
[C:\WINNT\system32\HD_TYHD.dll] [HED, 1, 0, 9, 0]
[C:\WINNT\system32\Cidcex.dll] [CIDC, 0, 2, 10, 81]
[C:\WINNT\system32\HD_HDCOS.dll] [HED, 1, 0, 1, 5]
[C:\WINNT\system32\HDIFD20B.dll] [CIDC., 1, 0, 17, 15]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929)]
[C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510]
[PID: 780][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 380][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32]
[C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.50.2162.0]
[C:\WINNT\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 628][C:\Program Files\WinRAR\WinRAR.exe] [Eugene Roshal, 3.30]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 1440][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.375\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
--------------------------------------------------------------------------------

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
--------------------------------------------------------------------------------
Winsock 提供者

N/A
--------------------------------------------------------------------------------
Autorun.inf

N/A
--------------------------------------------------------------------------------
HOSTS 文件

127.0.0.1 localhost
--------------------------------------------------------------------------------
API HOOK

RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEB25)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CED67)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEF0B)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xBD7CEC49)
入口点错误：CreateProcessA (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xBD7CEE8F)
--------------------------------------------------------------------------------
隐藏进程

N/A
--------------------------------------------------------------------------------