TO 小人物 及各位数位的高手
2007-08-23,06:57:46
System Repair Engineer 2.5.16.900
Smallfrogs (
http://www.KZ....com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理许可权用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、开机档案夹、服务等)
流览器载入项
正在运行的进程(包括进程模组资讯)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动专案
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.]
<kava><C:\WINDOWS\system32\kavo.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows XP Publisher]
<NVRaidService><C:\WINDOWS\System32\nvraidservice.exe> [NVIDIA Corporation]
<NVRTCLK><C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe> []
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<RemoteControl><"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -hide> [(Verified)Microsoft Corporation]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
<printers><libcintles3.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
开机档案夹
[ComproRemote]
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\ComproRemote.lnk --> C:\PROGRA~1\COMMON~1\VIDEOM~1\COMPRO~1.EXE [Compro Technology, Inc.]><N>
[ComproScheduler]
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\ComproScheduler.lnk --> C:\PROGRA~1\COMMON~1\VIDEOM~1\COMPRO~2.EXE [Compro Technology, Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[TweakYC]
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\TweakYC.lnk --> C:\PROGRA~1\VIDEOM~1\COMPRO~2\TweakYC.exe [Compro Technology, Inc.]><N>
==================================
服务
[Apache2 / Apache2][Running/Auto Start]
<"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
==================================
驱动程式
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
<System32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[bdfdll / bdfdll][Stopped/Manual Start]
<\??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys><N/A>
[VideoMate TV Capture / Cap7134][Running/Manual Start]
<System32\DRIVERS\Cap7134.sys><Compro Technology, Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Sony Ericsson USB Flash Driver / ggsemc][Stopped/Manual Start]
<system32\DRIVERS\ggsemc.sys><Sony Ericsson Mobile Communications>
[ids0015d / ids0015d][Stopped/Manual Start]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys><N/A>
[ids00180 / ids00180][Stopped/Manual Start]
<\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys><N/A>
[Sony Ericsson 750 driver (WDM) / k750bus][Running/Manual Start]
<system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Running/Manual Start]
<system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Running/Manual Start]
<system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Running/Manual Start]
<system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Running/Manual Start]
<system32\DRIVERS\k750obex.sys><MCCI>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[oreans32 / oreans32][Stopped/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[VideoMate TV Tuner / PhTVTune][Running/Manual Start]
<System32\DRIVERS\PhTVTune.sys><Compro Technology, Inc.>
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Motorola USB Modem Driver for MPT XP / usbsermptxp][Stopped/Manual Start]
<system32\DRIVERS\usbsermptxp.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
==================================
流览器载入项
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[网页防护程式]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Yahoo! Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe, Yahoo! Inc.>
[D.S.Lite]
{F8475519-8412-4D40-A46E-692D9D04DF7F} <E:\杂(应用)\DSLite2\DSLite.exe, watermonster.org>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, MicrosoftR Corporation>
[Solitaire Showdown Class]
{5C051655-FCD5-4969-9182-770EA5AA5565} <C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Windows Live Photo Upload Control]
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, MicrosoftR Corporation>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[passport 可用指令档的服务]
{2D2307C8-7DB4-40D6-9100-D52AF4F97A5B} <%SystemRoot%\System32\netplwiz.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, MicrosoftR Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Live Photo Upload Control]
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, MicrosoftR Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Symantec RuFSI File information Class]
{C2FCEF4E-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Symantec RuFSI Registry Information Class]
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[GetInfo Class]
{D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\PROGRA~1\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[JetCarNetscape Class]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Foxy 下载]
<res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜寻]
<res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>
[下载编码内容(&D.S.Lite)]
<E:\杂(应用)\DSLite2\dl_text.html, N/A>
[下载编码内容(S&martGet)]
<E:\Download\SmartGet1.3\dl_text.html, N/A>
[下载编码档案内容(&D.S.Lite)]
<E:\杂(应用)\DSLite2\dl_url.html, N/A>
[使用 FlashGet 下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用 S&martGet 下载]
<E:\Download\SmartGet1.3\dl_link.htm, N/A>
[全部使用 FlashGet 下载]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[汇出至 Microsoft Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 688 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1593.0]
[PID: 1208 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1968 / 简成学][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\system32\kavo0.dll] [N/A, ]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll] [Sony Ericsson Mobile Communications AB, 1, 1, 2, 0]
[C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.7189]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Documents and Settings\简成学\Application Data\Foxy\LinkMaker.dll] [, 1, 1, 1, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll] [Sony Ericsson Mobile Communications AB, 1, 1, 15, 0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7189]
[C:\WINDOWS\system32\CpDTVMen.dll] [Compro Tech., 1, 0, 0, 2]
[C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.10040]
[PID: 228 / 简成学][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.34]
[PID: 236 / 简成学][C:\WINDOWS\System32\nvraidservice.exe] [NVIDIA Corporation, 1.0.1]
[C:\WINDOWS\System32\NvRaidSvZHT.dll] [NVIDIA Corporation, 1.0.1]
[PID: 284 / 简成学][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [VM, 4.2.711.31]
[PID: 288 / 简成学][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[PID: 304 / 简成学][C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000]
[C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000]
[PID: 316 / 简成学][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1593.0]
[PID: 328 / 简成学][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl] [Kaspersky Lab, 6.0.0.300]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\basegui.dll] [Kaspersky Lab, 6.0.0.300]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16]
[C:\WINDOWS\system32\kavo0.dll] [N/A, ]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 344 / 简成学][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.7189]
[C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.7189]
[PID: 376 / 简成学][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 384 / 简成学][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [VM, 4.2.711.31]
[C:\WINDOWS\system32\kavo0.dll] [N/A, ]
[PID: 496 / 简成学][C:\Program Files\Common Files\VideoMate\ComproRemote.exe] [Compro Technology, Inc., 2, 0, 2, 5]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\34com.dll] [Philips Semiconductors, 2, 3, 0, 1]
[C:\WINDOWS\system32\34api.dll] [Philips Semiconductors, 2, 3, 0, 1]
[PID: 516 / 简成学][C:\Program Files\Common Files\VideoMate\ComproScheduler.exe] [Compro Technology, Inc., 1, 0, 0, 9]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1276 / 简成学][C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe] [Yahoo! Inc., 8,1,0,0]
[C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Yahoo!\Shared\YbSkin2.dll] [Yahoo! Inc., 2006, 10, 11, 1]
[C:\PROGRA~1\Yahoo!\MESSEN~1\res_msgr.dll] [Yahoo! Inc., 8,5,0,1]
[PID: 1884 / SYSTEM][C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libapr-1.dll] [Apache Software Foundation, 1.2.8]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libaprutil-1.dll] [Apache Software Foundation, 1.2.8]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libapriconv-1.dll] [Apache Software Foundation, 1.1.1]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libhttpd.dll] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_actions.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_alias.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_asis.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_auth_basic.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authn_default.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authn_file.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_default.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_groupfile.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_host.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_user.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_autoindex.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_cgi.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_dir.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_env.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_imagemap.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_include.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_isapi.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_log_config.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_mime.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_negotiation.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_setenvif.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_userdir.so] [Apache Software Foundation, 2.2.4]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7189]
[PID: 400 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1972 / SYSTEM][C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libapr-1.dll] [Apache Software Foundation, 1.2.8]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libaprutil-1.dll] [Apache Software Foundation, 1.2.8]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libapriconv-1.dll] [Apache Software Foundation, 1.1.1]
[C:\Program Files\Apache Software Foundation\Apache2.2\bin\libhttpd.dll] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_actions.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_alias.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_asis.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_auth_basic.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authn_default.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authn_file.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_default.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_groupfile.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_host.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_authz_user.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_autoindex.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_cgi.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_dir.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_env.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_imagemap.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_include.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_isapi.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_log_config.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_mime.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_negotiation.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_setenvif.so] [Apache Software Foundation, 2.2.4]
[C:\Program Files\Apache Software Foundation\Apache2.2\modules\mod_userdir.so] [Apache Software Foundation, 2.2.4]
[PID: 3300 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / 简成学][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHT.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\Program Files\Common Files\Microsoft Shared\IME\MSTCIA\Applet\chtskdic.dll] [Microsoft Corporation, 8.0.0.1912]
[C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHOBJ.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\WINDOWS\system32\kavo0.dll] [N/A, ]
[C:\Program Files\Windows Live Toolbar\zh-tw\mtbres.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\zh-tw\searchboxRes.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\zh-tw\CMRes.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\zh-tw\RssFinderRes.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\zh-tw\msn_slrs.DLL.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\msntabres.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\zh-tw\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\zh-tw\SmaMenRes.dll.mui] [Microsoft Corporation., 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\zh-tw\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0130]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\Downloaded Program Files\rufsi.dll] [Symantec Corporation, 2006.02.15.043]
[PID: 3196 / 简成学][C:\WINDOWS\system32\DllHost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\Ink\SKCHOBJ.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\Program Files\Common Files\Microsoft Shared\Ink\INKOBJ.DLL] [Microsoft Corporation, 1.0.01038.0]
[PID: 3200 / 简成学][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4000 / 简成学][E:\杂(应用)\各类防毒软体\SREng\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\杂(应用)\各类防毒软体\SREng\Lang\1028.DLL] [System Repair Engineer, 2.5.16.900]
[C:\WINDOWS\system32\kavo0.dll] [N/A, ]
[E:\杂(应用)\各类防毒软体\SREng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[C:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[E:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[G:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[I:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 284, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 288, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 496, C:\PROGRAM FILES\COMMON FILES\VIDEOMATE\COMPROREMOTE.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模组所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模组所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模组所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模组所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模组所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================
[/CODE]