2007-10-19,23:47:15

System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional  (Build 2600) - 管理许可权用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、开机档案夹、服务等）
    流览器载入项
    正在运行的进程（包括进程模组资讯）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动专案
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
    <ezHelper><C:\Program Files\ezHelper\ezHelper.exe 300>  [N/A]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU">  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <AdobeUpdater><C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe>  [N/A]
    <DAEMON Tools><"C:\Documents and Settings\All Users\Favorites\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45">  [(Verified)Microsoft Windows XP Publisher]
    <NVRTCLK><C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe>  []
    <PathNvidiaTV><C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe>  [N/A]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <ClubBox><>  [N/A]
    <DiskMan32><C:\WINDOWS\dbpgoq.exe>  [N/A]
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <WinSysM><C:\WINDOWS\IGM.exe>  []
    <MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
    <GenProtect><C:\WINDOWS\GenProtect.exe>  []
    <NVDispDrv><C:\WINDOWS\NVDispDrv.exe>  []
    <MFMJ><C:\WINDOWS\System32\MFMJEXE.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><winforms.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C4B7477C-5A95-4415-B882-9AB33EE116E5}><C:\WINDOWS\hELp\529141B59150.DLL>  []
    <{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install>  [Microsoft Corporation]

==================================
开机档案夹
N/A

==================================
服务
[2E5F809D / 2E5F809D][Stopped/Auto Start]
  <C:\WINDOWS\System32\26D35C54.EXE -k><Microsoft Corporation>
[AA6AFD52 / AA6AFD52][Stopped/Auto Start]
  <C:\WINDOWS\System32\BCC1F729.EXE -k><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOTEPAD / NOTEPAD][Stopped/Auto Start]
  <C:\WINDOWS\NOTEPAD.com><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[winlogrt / winlogrt][Stopped/Auto Start]
  <C:\WINDOWS\winlogrt.bat><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance Adaptei / WmiApSiv][Stopped/Auto Start]
  <C:\WINDOWS\winlogon.exe><N/A>

==================================
驱动程式
[cdgfyhgbnhgfvfredcvfgtrtyhjuim / cdgfyhgbnhgfvfredcvfgtrtyhjuim][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[cvcbhyjhgbvgfredfrtgfvbgtyhgbhg / cvcbhyjhgbvgfredfrtgfvbgtyhgbhg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgtvbnhjuiokjhgtrfdcxswert / dfgtvbnhjuiokjhgtrfdcxswert][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgvbnhjuiklopoiuythgfvcdewsazxsdf / dfgvbnhjuiklopoiuythgfvcdewsazxsdf][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gjladtnbfhyipeqadgvxnmjkioygvg / gjladtnbfhyipeqadgvxnmjkioygvg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[jyhgtrfdewqazxscvbnmjhgtuy / jyhgtrfdewqazxscvbnmjhgtuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\D:\Line\npkcrypt.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <System32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[werch / werch][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[werdfcvbghnmjkloiuyuioplkjhgbnvfh / werdfcvbghnmjkloiuyuioplkjhgbnvfh][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[zxsdertygbvbnmjklopiuy / zxsdertygbvbnmjklopiuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>

==================================
流览器载入项
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Java Plug-in 1.6.0_01]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[参考资料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[收音机(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, N/A>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[DataStorage Class]
  {3AC7F64E-6154-47B0-82B5-764ED4077F77} <C:\WINDOWS\Downloaded Program Files\DataStore.dll, Unihub Limited>
[Java Plug-in 1.6.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[NeffyLauncherCtl Class]
  {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} <C:\WINDOWS\Downloaded Program Files\NeffyLauncher.dll, CDNetworks>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[DownloadManager讽秶啋璃]
  {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} <C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX, Akamai Technologies, Inc.>
[Foxy 下载]
  <res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜寻]
  <res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>
[汇出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 672 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1196 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1208 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1484 / tin][C:\WINDOWS\Installer\services.exe]  [N/A, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\DOCUME~1\tin\LOCALS~1\Temp\psxmo.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\EBPMON24.DLL]  [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1772 / tin][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. ([url]www.cmedia.com.tw[/url]), 1.44]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.8]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1892 / tin][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1944 / tin][C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 272 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 320 / tin][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 412 / tin][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE]  [SEIKO EPSON CORPORATION, 3.00]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1328 / tin][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1244 / tin][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3196 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3348 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3464 / tin][C:\Program Files\Foxy\Foxy.exe]  [Foxy, Inc., 1.9.3.0]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1296 / tin][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL]  [MEGAUPLOAD                                   , 5.0.0.226]
    [C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 852 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3932 / tin][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3972 / tin][C:\Documents and Settings\tin\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\tin\桌面\sreng2\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\Documents and Settings\tin\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)

==================================
Autorun.inf
[C:\]
[autorun]
shell\open=Open
shell\open\Command=C:\WINDOWS\help\529141B59150.EXE -s
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 744, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1484, C:\WINDOWS\INSTALLER\SERVICES.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 272, C:\WINDOWS\IGM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3196, C:\WINDOWS\IGM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3348, C:\WINDOWS\IGM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3464, C:\PROGRAM FILES\FOXY\FOXY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 852, C:\WINDOWS\IGM.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================