[CODE]

2007-08-03,12:04:26

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <runb1132><rundll32.exe C:\\WINDOWS\\system32\\01e128.dll,?GoIn@@YAXXZ>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><wldpri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\system32\wldpri.dll>  []
    <{0E853A9A-1D47-4434-A1A3-F1C17F849A27}><C:\WINDOWS\system32\wintyu.dll>  []
    <{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll>  []
    <{6971CBF6-CBF6-9713-F697-BF671BF69713}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
    <IFEO[KPFWSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.COM]
    <IFEO[krepair.COM]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
    <IFEO[KVScan.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
    <IFEO[KvXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
    <IFEO[RfwMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <IFEO[SREng.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
    <IFEO[UpLive.EXE.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\CBF69713.dat>  []

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows lnfb RunThem / lnfb][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\giaw\qskg.dll>< >
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\2c5c1.exe><N/A>

==================================

驱动程序
[8f3fpaz / 8f3fpaze][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\8f3fpaze.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[IsDrv120 / IsDrv120][Running/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA Disk Cache Filter Driver / nvcchflt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[p6rvc / p6rvc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\p6rvc.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

==================================

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\工具\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\工具\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, Microsoft Corporation>
[ff Class]
  {BFD74C09-98E7-4498-A1F8-3500DC9D85DE} <C:\WINDOWS\system32\12c1.dll, TODO: <公司名>>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\工具\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\工具\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\工具\迅雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, Microsoft Corporation>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[ff Class]
  {BFD74C09-98E7-4498-A1F8-3500DC9D85DE} <C:\WINDOWS\system32\12c1.dll, TODO: <公司名>>
[使用迅雷下载]
  <D:\工具\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\工具\迅雷\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 564 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 916 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 1012 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
[PID: 1068 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 1136 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1748 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.34]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
[PID: 1804 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
[PID: 1900 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [c:\progra~1\giaw\qskg.dll]  [ , 5, 0, 0, 7]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [c:\progra~1\giaw\vxpl.dll]  [ , 5, 0, 0, 7]
    [c:\progra~1\giaw\mogc.dll]  [, 5, 0, 0, 7]
[PID: 1952 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7644]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
[PID: 808 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
[PID: 2044 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\WINDOWS\system32\winlpyfa.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7644]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7644]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10513]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
    [C:\WINDOWS\system32\wintyu.dll]  [N/A, ]
    [D:\工具\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [D:\工具\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [D:\工具\迅雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [D:\工具\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\System32\aclayer.dll]  [Microsoft Corporation, 5, 1, 2600, 2080]
    [C:\WINDOWS\system32\12c1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]

[PID: 1344 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\211.dll]  [  , 1, 0, 0, 3]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
[PID: 2168 / SYSTEM][C:\WINDOWS\system32\2c5c1.exe]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 2432 / Administrator][D:\工具\sreng2\lol.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\CBF69713.dll]  [N/A, ]
    [c:\progra~1\giaw\tvnj.dll]  [, 5, 0, 0, 7]
    [c:\progra~1\giaw\yaso.dll]  [ , 5, 0, 0, 7]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
    [C:\WINDOWS\system32\heqyd.dll]  [N/A, ]
    [C:\WINDOWS\system32\hdada.dll]  [N/A, ]
    [C:\WINDOWS\system32\zkjhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\wtrwd.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgfsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wjhgl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhfdy.dll]  [N/A, ]
    [D:\工具\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=CBF69713.exe
shell\open=打开(&O)
shell\open\Command=CBF69713.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=CBF69713.exe
[E:\]
[AutoRun]
open=CBF69713.exe
shell\open=打开(&O)
shell\open\Command=CBF69713.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=CBF69713.exe
[F:\]
[AutoRun]
open=CBF69713.exe
shell\open=打开(&O)
shell\open\Command=CBF69713.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=CBF69713.exe

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.jack.coyo.eu
127.0.0.1      www.51zc.com
127.0.0.1      www.caiyi8.com
127.0.0.1      vod.caiyi8.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1748, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2168, C:\WINDOWS\SYSTEM32\2C5C1.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]