‹‹ 上一主题 | 下一主题 ››
 24 12
发新话题
打印

[木马] 4.pif木马的清除1(未完全解决)

shixiangzhou

CFan贫民

Rank: 1
1楼 发表于 2008-8-22 12:05  只看该作者

4.pif木马的清除1(未完全解决)

系统:winxp sp2  
症状:浏览的网页突然关闭,瑞星,360等很多软件被镜像劫持,提示被另外的程序使用.系统盘下生出下列怪文件
C:\c.pif
C:\d.pif
C:\GX.PIF
C:\l.tmp
C:\lo.tmp
C:\RIS.PIF
C:\SVS.PIF
C:\Documents and Settings\Default User\4.pif
C:\Documents and Settings\Default User\5.pif
D:\GX.PIF
D:\RIS.PIF
D:\SVS.PIF
E:\GX.PIF
E:\SVS.PIF
F:\GX.PIF
F:\RIS.PIF
F:\SVS.PIF
G:\SVS.PIF
G:\GX.PIF
H:\GX.PIF
H:\SVS.PIF
I:\GX.PIF
系统时间被修改为2004年.
主页被修改为about.blank.la?g

搜索论坛:估计为根据瑞星客户服务中心的监控
木马群中毒典型症状 9条1、杀毒软件主程序无法打开,双击无反应; 2、杀毒软件无法进行智能升级;
3、点击进行智能升级报错,或系统蓝屏;  4、杀毒软件监控无法正常启动;
5、利用Flash漏洞传播病毒; (我已打了补丁)       6、篡改系统文件,伪装进程加载;
7、攻击系统漏洞,恶意安全驱动;     8、劫持并尝试删除安全辅助类工具;
9、恶意修改系统的时间,阻止杀毒软件启动或对非在线验证授权的杀毒软件造成影响。

SRG扫描结果:(很多项目我看不懂哦)
复制内容到剪贴板
代码:

2004-08-22,09:08:50

System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描



启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <explorer><C:\WINDOWS\system32\wuauclt.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
    <IFEO[360rpt.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
    <IFEO[360safe.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE]
    <IFEO[360safebox.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE]
    <IFEO[360tray.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
    <IFEO[ANTIARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE]
    <IFEO[Ast.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE]
    <IFEO[AutoRunKiller.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE]
    <IFEO[AvMonitor.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.COM]
    <IFEO[AVP.COM]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
    <IFEO[AVP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE]
    <IFEO[CCenter.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
    <IFEO[Frameworkservice.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
    <IFEO[GFUpd.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
    <IFEO[GuardField.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE]
    <IFEO[IceSword.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE]
    <IFEO[Iparmor.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
    <IFEO[KASARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
    <IFEO[KAVPFW.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE]
    <IFEO[kavstart.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE]
    <IFEO[kmailmon.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE]
    <IFEO[KRegEx.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP]
    <IFEO[KVMonxp.KXP]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE]
    <IFEO[KVSrvXP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE]
    <IFEO[KVWSC.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE]
    <IFEO[kwatch.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE]
    <IFEO[Mmsk.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.EXE]
    <IFEO[msconfig.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE]
    <IFEO[Navapsvc.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE]
    <IFEO[nod32krn.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE]
    <IFEO[Nod32kui.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE]
    <IFEO[RAV.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE]
    <IFEO[RavStub.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE]
    <IFEO[Regedit.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE]
    <IFEO[rfwmain.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE]
    <IFEO[rfwProxy.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE]
    <IFEO[rfwsrv.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.EXE]
    <IFEO[rfwstub.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE]
    <IFEO[Runiep.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE]
    <IFEO[safeboxTray.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE]
    <IFEO[SREngLdr.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
    <IFEO[VPC32.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
    <IFEO[VPTRAY.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
    <IFEO[WOPTILITIES.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  []


==================================
启动文件夹
[4]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\4.pif -->  [N/A]><N>


==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server / lanmanserver][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[Network Connections / Netman][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Print Spooler / Spooler][Running/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[WebClient / WebClient][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>


==================================
驱动程序
[1cl0 / 1cl0x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\1cl0x.sys><>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><Microsoft Corporation>
[ASTDriver / ASTDriver][Stopped/Manual Start]
  <\??\E:\安全与杀毒\ast\ast\ASTDriver.sys><Windows (R) Server 2003 DDK provider>
[ASTTools / ASTTools][Stopped/Manual Start]
  <\??\E:\安全与杀毒\ast\ast\ASTTools.sys><DSW Lab>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[gnrq / gnrq][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\gnrq.sys><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HTTP / HTTP][Running/Manual Start]
  <System32\Drivers\HTTP.sys><Microsoft Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IP Network Address Translator / IpNat][Stopped/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[Microsoft Kernel Wave Audio Mixer / kmixer][Running/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
[npf / npf][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><Microsoft Corporation>
[Srv / Srv][Running/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[uuav9a6j / uuav9a6j2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uuav9a6j2.sys><>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[sys_hkx / sys_hkx][Others/Disabled]
  <\??\C:\WINDOWS\TEMP\~00.tmp><N/A>


==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 明勋科技有限公司>
[网站排名工具条BHO]
  {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\zzToolBar\Toolbar_bho.dll, www.chinarank.org.cn>
[知识库]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://blank.la/?h, N/A>
[网站排名工具条]
  {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35} <C:\Program Files\zzToolBar\ToolBand.dll, www.chinarank.org.cn>
[GFlow.Word]
  {77B773CA-399B-4191-A2AC-22C04854558B} <C:\WINDOWS\Downloaded Program Files\GFlow.ocx, 河北中盟科技>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[ULiveCtrl Control]
  {070CA17A-4BD2-4612-83B4-32B1B9159B48} <C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[网站排名工具条]
  {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35} <C:\Program Files\zzToolBar\ToolBand.dll, www.chinarank.org.cn>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 明勋科技有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[网站排名工具条BHO]
  {489873CE-F3E1-44A3-8E89-04BE26BE4446} <C:\Program Files\zzToolBar\Toolbar_bho.dll, www.chinarank.org.cn>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[GFlow.Word]
  {77B773CA-399B-4191-A2AC-22C04854558B} <C:\WINDOWS\Downloaded Program Files\GFlow.ocx, 河北中盟科技>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SecAddons Class]
  {AF69627B-8489-41C2-971A-B927DF7A5B0F} <E:\安全与杀毒\ast\ast\SecAddons.dll, 超级巡警>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>


==================================
正在运行的进程
[PID: 804 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winsrv.dll]  [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\KERNEL32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 896 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHSVCS.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\system32\umpnpmgr.dll]  [Microsoft Corporation, 5.1.2600.2744 (xpsp_sp2_gdr.050822-1647)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[PID: 952 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\LSASRV.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\kerberos.dll]  [Microsoft Corporation, 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\schannel.dll]  [Microsoft Corporation, 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226)]
    [C:\WINDOWS\system32\wdigest.dll]  [Microsoft Corporation, 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516)]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[PID: 1100 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\rpcss.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [c:\windows\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[PID: 1176 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\rpcss.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[PID: 1312 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\shsvcs.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [c:\windows\system32\dhcpcsvc.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [c:\windows\system32\ESENT.dll]  [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\System32\SCHANNEL.dll]  [Microsoft Corporation, 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226)]
    [C:\WINDOWS\System32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [c:\windows\system32\wkssvc.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [c:\windows\system32\netman.dll]  [Microsoft Corporation, 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)]
    [c:\windows\system32\es.dll]  [Microsoft Corporation, 2001.12.4414.308]
    [c:\windows\system32\srvsvc.dll]  [Microsoft Corporation, 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729)]
    [c:\windows\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\comsvcs.dll]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\colbact.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\MTXCLU.DLL]  [Microsoft Corporation, 2001.12.4414.311]
    [C:\WINDOWS\System32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\System32\rasmans.dll]  [Microsoft Corporation, 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343)]
    [c:\windows\system32\tapisrv.dll]  [Microsoft Corporation, 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)]
    [C:\WINDOWS\system32\kerberos.dll]  [Microsoft Corporation, 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522)]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.90.1101.0]
[PID: 1436 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[PID: 1500 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [c:\windows\system32\webclnt.dll]  [Microsoft Corporation, 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[PID: 1948 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\netapi32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 60, 425, 0]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ZIMFPrnt.DLL]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\system32\ZIMF.dll]  [Zenographics, Inc., 5, 70, 616, 0]
    [C:\WINDOWS\system32\ZTAG.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NoRun.dll]  [WangSea, 1.6.0.0]
[PID: 472 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8485]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NoRun.dll]  [WangSea, 1.6.0.0]
[PID: 1276 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\Program Files\TrueLaunchBar\tlb.dll]  [Tordex, 4.1.0.0]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\Program Files\TrueLaunchBar\int\2052\tlb_res.dll]  [N/A, ]
    [C:\WINDOWS\system32\msxml3.dll]  [Microsoft Corporation, 8.90.1101.0]
    [C:\WINDOWS\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\mlang.dll]  [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 292 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NoRun.dll]  [WangSea, 1.6.0.0]
[PID: 2716 / Administrator][E:\安全与杀毒\Wsyscheck\Wsyscheck\Wsyscheck.exe]  [Wang6071@sina.com.cn, 1.45.0.0]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\oleaut32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
[PID: 2856 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NoRun.dll]  [WangSea, 1.6.0.0]
[PID: 3160 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.2600.0]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.DLL]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHELL32.DLL]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\netapi32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
[PID: 3800 / Administrator][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\PROGRA~1\COMMON~1\PushWare\cpush.dll]  [, 1.1.0.0]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 3080 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\wisysfxs.dll]  [N/A, ]
[PID: 2492 / Administrator][E:\安全与杀毒\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\oledlg.dll]  [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RICHED20.DLL]  [Microsoft Corporation, 5.30.23.1228]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]


==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 896, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1948, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1276, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2716, E:\安全与杀毒\WSYSCHECK\WSYSCHECK\WSYSCHECK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2716, E:\安全与杀毒\WSYSCHECK\WSYSCHECK\WSYSCHECK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3160, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 3160, C:\WINDOWS\SYSTEM32\WUAUCLT.EXE]


==================================
API HOOK
N/A

==================================
隐藏进程
N/A

TOP

shixiangzhou

CFan贫民

Rank: 1
2楼 发表于 2008-8-22 12:15  只看该作者

windows清理助手扫描:

复制内容到剪贴板
代码:
2008-08-22,10:13:14
SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)
Windows XP Professional Service Pack 2 (build 2600) - Administrators

========================================
注册项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Shell><Explorer.exe>  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2007-09-01 20:58 M:2007-08-15 15:02]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
    <gdi32><gdi32.dll>  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300), C:2007-09-01 20:58 M:2007-08-15 15:02]
    <kernel32><kernel32.dll>  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301), C:2007-09-01 20:59 M:2007-08-15 15:02]
    <ole32><ole32.dll>  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2007-09-01 20:59 M:2007-08-15 15:02]
    <oleaut32><oleaut32.dll>  [Microsoft Corporation, 5.1.2600.3139, C:2007-09-01 20:59 M:2007-08-15 15:02]
    <olecli32><olecli32.dll>  [Microsoft Corporation, 1.07 (xpsp_sp2_gdr.050725-1528), C:2007-09-01 20:59 M:2007-08-15 15:02]
    <olecnv32><olecnv32.dll>  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2007-09-01 20:59 M:2007-08-15 15:02]
    <shell32><shell32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
    <urlmon><urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
    <user32><user32.dll>  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222), C:2007-09-01 20:59 M:2007-08-15 15:03]
    <wininet><wininet.dll>  [Microsoft Corporation, 6.00.2900.3164 (xpsp_sp2_gdr.070626-1259), C:2007-09-01 20:59 M:2007-08-15 15:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:58 M:2004-08-17 20:00|(Verified)N/A, C:2007-09-01 20:59 M:2004-08-17 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\HPLJ1020LM]
    <PrintMonitor: HPLJ1020LM><ZLhp1020.DLL>  [(Verified)Zenographics, Inc., 5, 60, 425, 0, C:2008-07-24 21:58 M:2007-05-18 09:00]

========================================
启动项

========================================
计划任务

========================================
组件

ShellServiceObjectDelayLoad
[PostBootReminder 对象]
    {7849596a-48ea-486e-8937-a2a3009f31a9}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[烧 CD 的 ShellFolder]
    {fbeb8a05-beee-4442-804e-409d6c4515e9}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
ShredTaskScheduler
[Browseui 预加载程序]
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[组件类别缓存程序]
    {8C7461EF-2B13-11d2-BE35-3078302C2030}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
ShellExecuteHook
[URL 执行挂钩]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}  <shell32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[Shell Search Band]
    {21569614-B795-46b1-85F4-E737A8DC09AD}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Set Program Access and Defaults]
    {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[搜索]
    {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[帮助和支持]
    {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[帮助和支持]
    {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[运行...]
    {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Internet]
    {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[电子邮件]
    {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[字体]
    {D20EA4E1-3957-11d2-A40B-0C5020524152}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[管理工具]
    {D20EA4E1-3957-11d2-A40B-0C5020524153}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Microsoft Internet 工具栏]
    {5E6AB780-7743-11CF-A12B-00AA004AE837}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[下载状态]
    {22BF0C20-6DA7-11D0-B373-00A0C9034938}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[补充的外壳文件夹]
    {91EA3F8B-C99B-11d0-9815-00C04FD91972}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[补充的外壳文件夹 2]
    {6413BA2C-B461-11d1-A18A-080036B11A03}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[BandProxy]
    {F61FFEC1-754F-11d0-80CA-00AA005B4383}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Microsoft BrowserBand]
    {7BA4C742-9E81-11CF-99D3-00AA004AE837}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[窗格中的搜索]
    {169A0691-8DF9-11d1-A1C4-00C04FD75D13}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[注册数目路选项实用程序]
    {AF4F6510-F982-11d0-8595-00AA004CD6D8}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[地址(&A)]
    {01E04581-4EEE-11d0-BFE9-00AA005B4383}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[地址 EditBox]
    {A08C11D2-A228-11d0-825B-00AA005B4383}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Shell Microsoft AutoComplete]
    {00BB2763-6A77-11D0-A535-00C04FD7D062}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[MRU 自动完成列表]
    {6756A641-DE71-11d0-831B-00AA005B4383}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[自定义 MRU 自动完成列表]
    {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[可访问的]
    {7e653215-fa25-46bd-a339-34a2790f3cb7}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[跟踪弹出栏]
    {acf35015-526e-4230-9596-becbe19f0ac9}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Microsoft 历史自动完成列表]
    {00BB2764-6A77-11D0-A535-00C04FD7D062}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Microsoft 外壳文件夹自动完成列表]
    {03C036F1-A186-11D0-824A-00AA005B4383}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Microsoft 多个自动完成列表容器]
    {00BB2765-6A77-11D0-A535-00C04FD7D062}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Shell Band Site Menu]
    {ECD4FC4E-521C-11D0-B792-00A0C90312E1}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[外壳 DeskBarApp]
    {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[外壳 DeskBar]
    {ECD4FC4C-521C-11D0-B792-00A0C90312E1}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[外壳 Rebar BandSite]
    {ECD4FC4D-521C-11D0-B792-00A0C90312E1}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[用户帮助]
    {DD313E04-FEFF-11d1-8ECD-0000F87A470C}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[全局文件夹设置]
    {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[IE Search Band]
    {30D02401-6A81-11d0-8274-00C04FD5AE38}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[IE Microsoft AutoComplete]
    {3028902F-6374-48b2-8DC6-9725E775B926}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Web 搜索]
    {07798131-AF23-11d1-9111-00A0C98BA67D}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[TridentImageExtractor]
    {7376D660-C583-11d0-A3A5-00C04FD706EC}  <%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Favorites Band]
    {EFA24E61-B078-11d0-89E4-00C04FC9E26E}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[History Band]
    {EFA24E62-B078-11d0-89E4-00C04FC9E26E}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Shell Automation Inproc Service]
    {0A89A860-D7B1-11CE-8350-444553540000}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Microsoft Browser Architecture]
    {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[ISFBand OC]
    {131A6951-7F78-11D0-A979-00C04FD705A2}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Search Assistant OC]
    {9461b922-3c5a-11d2-bf8b-00c04fb93661}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Shell DocObject Viewer]
    {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[InternetShortcut]
    {FBF23B40-E3F0-101B-8488-00AA003E56F8}  <shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Microsoft Url History 服务]
    {3C374A40-BAE4-11CF-BF7D-00AA006946EE}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[历史记录]
    {FF393560-C2A7-11CF-BFF4-444553540000}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Internet 临时文件]
    {7BD29E00-76C1-11CF-9DD0-00A0C9034933}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Internet 临时文件]
    {7BD29E01-76C1-11CF-9DD0-00A0C9034933}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Microsoft Url 搜索挂接]
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[IE4 套件初始屏幕]
    {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[CDF Extension Copy Hook]
    {67EA19A0-CCEF-11d0-8024-00C04FD75D13}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Internet]
    {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[浏览器栏]
    {EFA24E64-B078-11d0-89E4-00C04FC9E26E}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Internet Name Space]
    {871C5380-42A0-1069-A2EA-08002B30309D}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[频道文件]
    {f39a0dc0-9cc8-11d0-a599-00c04fd64433}  <%SystemRoot%\system32\cdfview.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[频道快捷方式]
    {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}  <%SystemRoot%\system32\cdfview.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[频道句柄对象]
    {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}  <%SystemRoot%\system32\cdfview.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Channel Menu]
    {f3da0dc0-9cc8-11d0-a599-00c04fd64437}  <%SystemRoot%\system32\cdfview.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Channel Properties]
    {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}  <%SystemRoot%\system32\cdfview.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:01]
[Extensions Manager Folder]
    {692F0339-CBAA-47e6-B5B5-3B84DB604E87}  <%SystemRoot%\system32\extmgr.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:58 M:2007-08-15 15:02]
Protocols
[AP Class Install Handler filter]
    {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[AP lzdhtml encoding/decoding Filter]
    {8f6b0360-b80d-11d0-a9b3-006097942311}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[WebView MIME Filter]
    {733AC4CB-F1A4-11d0-B951-00A0C90312E1}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Microsoft HTML About Pluggable Protocol]
    {3050F406-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
[CDL: Asychronous Pluggable Protocol Handler]
    {3dd53d40-7b8b-11D0-b013-00aa0059ce02}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[file:, local: Asychronous Pluggable Protocol Handler]
    {79eac9e7-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[ftp: Asychronous Pluggable Protocol Handler]
    {79eac9e3-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[gopher: Asychronous Pluggable Protocol Handler]
    {79eac9e4-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[http: Asychronous Pluggable Protocol Handler]
    {79eac9e2-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[https: Asychronous Pluggable Protocol Handler]
    {79eac9e5-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Microsoft InfoTech Protocols for IE 4.0]
    {9D148291-B9C8-11D0-A4CC-0000F80149F6}  <C:\WINDOWS\system32\itss.dll>  [Microsoft Corporation, 5.2.3790.2453 (srv03_sp1_gdr.050525-1542), C:2007-09-01 20:59 M:2007-08-15 15:02]
[Microsoft HTML Javascript Pluggable Protocol]
    {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
[Microsoft HTML Mailto Pluggable Protocol]
    {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
[MHTML Asychronous Pluggable Protocol Handler]
    {05300401-BCBC-11d0-85E3-00C04FD85AB4}  <%SystemRoot%\system32\inetcomm.dll>  [Microsoft Corporation, 6.00.2900.3138 (xpsp_sp2_gdr.070514-1324), C:2007-09-01 21:08 M:2007-08-15 15:02]
[mk: Asychronous Pluggable Protocol Handler]
    {79eac9e6-baf9-11ce-8c82-00aa004ba90b}  <C:\WINDOWS\system32\urlmon.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Microsoft HTML Resource Pluggable Protocol]
    {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}  <%SystemRoot%\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
[Microsoft HTML Resource Pluggable Protocol]
    {76E67A63-06E9-11D2-A840-006008059382}  <%SystemRoot%\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
ToolBar
[网站排名工具条]
    {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35}  <C:\Program Files\zzToolBar\ToolBand.dll>  [(Verified)www.chinarank.org.cn, 2.0.0.2, C:2008-07-25 19:22 M:2008-07-25 19:22]
ActiveX Extension
[ULiveCtrl Control]
    {070CA17A-4BD2-4612-83B4-32B1B9159B48}  <C:\PROGRA~1\sina\SINAWE~1\302~1.9BE\UCLIVE~1.OCX>  [(Verified)北京新浪信息技术有限公司, 3, 0, 2, 9, C:2008-08-10 23:17 M:2008-08-06 16:54]
[网站排名工具条]
    {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35}  <C:\Program Files\zzToolBar\ToolBand.dll>  [(Verified)www.chinarank.org.cn, 2.0.0.2, C:2008-07-25 19:22 M:2008-07-25 19:22]
[CAdLogic Object]
    {11F09AFD-75AD-4E51-AB43-E09E9351CE16}  <C:\Program Files\Common Files\PushWare\cpush.dll>  [1.1.0.0, C:2008-08-18 16:30 M:2008-08-18 16:30]
[DHTML Edit Control Safe for Scripting for IE5]
    {2D360201-FFF5-11D1-8D03-00A0C959BC0A}  <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx>  [Microsoft Corporation, 6.01.9232, C:2007-09-01 21:08 M:2007-08-15 15:01]
[Info cache]
    {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}  <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll>  [明勋科技有限公司, 2, 3, 0, 2, C:2008-08-27 09:47 M:2008-08-27 09:47]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll>  [Thunder Networking Technologies,LTD, 5, 0, 4, 22, C:2007-09-02 10:35 M:2007-07-27 19:27]
[网站排名工具条BHO]
    {489873CE-F3E1-44A3-8E89-04BE26BE4446}  <C:\Program Files\zzToolBar\Toolbar_bho.dll>  [(Verified)www.chinarank.org.cn, V02, C:2008-07-25 19:22 M:2008-07-25 19:22]
[Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 10.00.00.4058, C:2007-09-01 20:59 M:2007-08-15 11:19]
[Active Desktop Mover]
    {72267F6A-A6F9-11D0-BC94-00C04FB67863}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[GFlow.Word]
    {77B773CA-399B-4191-A2AC-22C04854558B}  <C:\WINDOWS\Downloaded Program Files\GFlow.ocx>  [河北中盟科技, 1.01.0004, C:2002-08-22 08:46 M:2002-08-22 08:46]
[DLoader Class]
    {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}  <C:\WINDOWS\Downloaded Program Files\downloader.dll>  [(Verified)Sina Com, 1, 0, 0, 14, C:2008-07-28 15:29 M:2008-07-28 15:29]
[360SafeLive]
    {87515F61-A66C-4319-A0E0-D416CB8059E3}  <C:\Program Files\360Safe\live.dll>  [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00]
[Microsoft Web 浏览器]
    {8856F961-340A-11D0-A96B-00C04FD705A2}  <C:\WINDOWS\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[Microsoft Scriptlet Component]
    {AE24FDAE-03C6-11D1-8B76-0080C744F389}  <C:\WINDOWS\system32\mshtml.dll>  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242), C:2007-09-01 20:59 M:2007-08-15 15:02]
[SecAddons Class]
    {AF69627B-8489-41C2-971A-B927DF7A5B0F}  <E:\安全与杀毒\ast\ast\SecAddons.dll>  [超级巡警, 1, 0, 3, 4, C:2004-08-20 15:23 M:2008-08-12 13:58]
[SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89}  <%SystemRoot%\system32\shdocvw.dll>  [Microsoft Corporation, 6.00.2900.3314 (xpsp_sp2_gdr.080215-1241), C:2004-08-20 16:32 M:2008-02-16 16:59]
[RDS.DataSpace]
    {BD96C556-65A3-11D0-983A-00C04FC29E36}  <C:\Program Files\Common Files\System\msadc\msadco.dll>  [Microsoft Corporation, 2.81.1124.0 (xpsp_sp2_gdr.060322-1613), C:2007-09-01 21:08 M:2007-08-15 15:02]
[AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 10.00.00.4058, C:2007-09-01 20:59 M:2007-08-15 11:19]
[AUDIO__X_MS_WMA Moniker Class]
    {CD3AFA84-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 10.00.00.4058, C:2007-09-01 20:59 M:2007-08-15 11:19]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-23 02:15 M:2006-10-23 02:15]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
Context Menu
[Open With]
    {09799AFB-AD67-11d1-ABCD-00C04FC30936}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Open With EncryptionMenu]
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Send To]
    {7BA4C740-9E81-11CF-99D3-00AA004AE837}  <%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]

========================================
服务
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe">  [Macrovision Europe Ltd., 11.03.005, C:2008-08-07 10:54 M:2008-08-07 10:54]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00]
[Print Spooler / Spooler][Running/Auto Start]
    <%SystemRoot%\system32\spoolsv.exe>  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2007-09-01 20:59 M:2007-08-15 15:03]
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2007-09-01 20:59 M:2007-08-15 15:02]
[DHCP Client / Dhcp][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\dhcpcsvc.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003), C:2007-09-01 20:58 M:2007-08-15 15:01]
[COM+ Event System / EventSystem][Running/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\es.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 2001.12.4414.308, C:2007-09-01 20:58 M:2007-08-15 15:02]
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Server / lanmanserver][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\srvsvc.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Workstation / lanmanworkstation][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\wkssvc.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Network Connections / Netman][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\netman.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525), C:2007-09-01 20:59 M:2007-08-15 15:02]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.10.8485, C:2006-06-13 07:11 M:2006-06-13 07:11]
[Remote Access Connection Manager / RasMan][Running/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\rasmans.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343), C:2007-09-01 20:59 M:2007-08-15 15:02]
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k rpcss --> "%SystemRoot%\system32\rpcss.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2007-09-01 20:59 M:2007-08-15 15:02]
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-23 11:05 M:2008-07-29 09:29]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-23 11:05 M:2008-07-29 09:29]
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k imgsvc --> "%SystemRoot%\system32\wiaservc.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Telephony / TapiSrv][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\tapisrv.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Themes / Themes][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:2007-09-01 20:59 M:2007-08-15 15:03]
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\upnphost.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255), C:2007-09-01 20:59 M:2007-08-15 15:03]
[WebClient / WebClient][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\webclnt.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-01 20:59 M:2004-08-17 20:00|Microsoft Corporation, 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536), C:2007-09-01 20:59 M:2007-08-15 15:03]

========================================
驱动
[1cl0x / 1cl0x][Running/Boot Start]
    <System32\DRIVERS\1cl0x.sys>  [(C) Microsoft Corporation. All rights reserved., 1, 0, 0, 1, C:2007-09-01 20:59 M:2004-08-17 20:00]
[acpidisk / acpidisk][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\acpidisk.sys>  [N/A, C:2004-08-22 08:40 M:2008-08-27 13:21]
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
    <system32\drivers\aec.sys>  [Microsoft Corporation, 5.1.2601.2180, C:2007-09-01 21:07 M:2006-08-12 00:08]
[ASTDriver / ASTDriver][Stopped/Manual Start]
    <\??\E:\安全与杀毒\ast\ast\ASTDriver.sys>  [Windows (R) Server 2003 DDK provider, 5.2.3790.1830 built by: WinDDK, C:2004-08-20 15:23 M:2008-03-10 13:50]
[ASTTools / ASTTools][Stopped/Manual Start]
    <\??\E:\安全与杀毒\ast\ast\ASTTools.sys>  [DSW Lab, 1.0.0.2 built by: WinDDK, C:2004-08-20 15:23 M:2008-03-07 14:04]
[FltMgr / FltMgr][Running/Boot Start]
    <system32\DRIVERS\fltMgr.sys>  [Microsoft Corporation, 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039), C:2007-09-01 21:08 M:2007-08-15 15:02]
[gnrq / gnrq][Stopped/Boot Start]
    <system32\drivers\gnrq.sys>  [N/A, C:2007-09-01 20:59 M:2004-08-17 20:00]
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-07-23 10:34 M:2005-01-07 17:07]
[HTTP / HTTP][Running/Manual Start]
    <System32\Drivers\HTTP.sys>  [Microsoft Corporation, 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512), C:2006-08-12 00:08 M:2007-08-15 15:09]
[IP Network Address Translator / IpNat][Running/Manual Start]
    <system32\DRIVERS\ipnat.sys>  [Microsoft Corporation, 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056), C:2007-09-01 20:59 M:2007-08-15 15:02]
[KernelCheck / KernelCheck][/Boot Start]
    <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KpCheck.sys>  []
[Microsoft Kernel Wave Audio Mixer / kmixer][Stopped/Manual Start]
    <system32\drivers\kmixer.sys>  [Microsoft Corporation, 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359), C:2007-09-01 21:07 M:2006-10-03 23:58]
[MRXSMB / MRxSmb][Running/System Start]
    <system32\DRIVERS\mrxsmb.sys>  [Microsoft Corporation, 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036), C:2007-09-01 20:59 M:2007-08-15 15:02]
[msiffei / msiffei][Stopped/Manual Start]
    <Sys