[CODE]

2006-12-29,22:45:20

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <myZt2><C:\DOCUME~1\djurelea\LOCALS~1\Temp\Zt2\SVCH0ST.EXE>  [N/A]
    <myWl2><C:\DOCUME~1\djurelea\LOCALS~1\Temp\Wl2\lexplore.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <ADMTray.exe><"C:\Acer\Empowering Technology\admtray.exe">  [Avocent Inc.]
    <EPM-DM><c:\acer\Empowering Technology\ePower\epm-dm.exe>  [N/A]
    <Acer ePower Management><C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot>  [N/A]
    <LaunchAp><"C:\Program Files\Launch Manager\LaunchAp.exe">  [N/A]
    <LManager><"C:\Program Files\Launch Manager\HotkeyApp.exe">  [Wistron]
    <CtrlVol><"C:\Program Files\Launch Manager\CtrlVol.exe">  [Wistron]
    <LMgrOSD><"C:\Program Files\Launch Manager\OSDCtrl.exe">  [N/A]
    <Wbutton><"C:\Program Files\Launch Manager\Wbutton.exe">  [N/A]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <eDataSecurity Loader><C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe>  [N/A]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <svchost><"C:\Program Files\文件夹加密超级大师\svchost.exe"  baohu>  [N/A]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <yokUninstall><cmd /c rd /s /q C:\PROGRA~1\yok>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><136741M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{729B6C61-BDC5-4C09-A1DE-A296BA0B89EC}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo.wmp>  [N/A]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[腾讯QQ珊瑚虫版]
  <C:\Documents and Settings\djurelea\「开始」菜单\程序\启动\腾讯QQ珊瑚虫版.lnk --> C:\PROGRA~1\Tencent\QQ\CoralQQ.exe [珊瑚虫工作室]><N>

==================================
服务
[AdminWorks Agent X6 / AWService][Running/Auto Start]
  <"C:\Acer\Empowering Technology\admServ.exe"><Avocent Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server Advance / ServerAC][Stopped/Auto Start]
  <C:\WINDOWS\system32\Security.exe><N/A>

==================================

驱动程序
[Acer EPM Power Scheme Driver / EpmPsd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\epm-psd.sys><Acer Value Labs, USA>
[Acer EPM System Hardware Driver / EpmShd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\epm-shd.sys><Acer Value Labs, USA>
[OSA NdisFilter Protocol / NdisFilt][Running/Manual Start]
  <System32\Drivers\NdisFilt.sys><OSA Technologies>
[Acer NetMonitor Protocol / NETMNT][Stopped/Manual Start]
  <system32\DRIVERS\NETMNT.sys><N/A>
[OsaFsLoc / OsaFsLoc][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys><OSA Technologies>
[osaio / osaio][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\osaio.sys><OSA Technologies, An Avocent Company>
[osanbm / osanbm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\osanbm.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Wbutton / Wbutton][Stopped/System Start]
  <\SystemRoot\system32\drivers\Wbutton.sys><N/A>
[TYKeeper / TYKeeper][Stopped/System Start]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Acer eDataSecurity Management]
  {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} <C:\WINDOWS\system32\ToolBand.dll, HiTRUST>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Acer eDataSecurity Management]
  {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} <C:\WINDOWS\system32\ToolBand.dll, HiTRUST>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[相关搜索]
  {A29F7F71-DCDB-412D-B19A-2002DC966E33} <C:\Program Files\yok\relband.dll, YOK.Com>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&Sample Toolband Serach]
  <res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM, N/A>
[&使用迅雷下载]
  <D:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Thunder\Program\GetAllUrl.htm, N/A>
[珊瑚虫搜索]
  <C:\Program Files\YOK.com\SuperSearch\yoksch.htm, N/A>

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 780][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 852][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 928][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1072][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1196][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1456][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
    [C:\WINDOWS\system32\ToolBand.dll]  [HiTRUST, 1, 20, 0, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [D:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\WINDOWS\system32\userspi.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\eDSshellExt.dll]  [HiTRUST, 1, 20, 0, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
    [C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll]  [www.yok.com, 2.0.1.6]
    [C:\Program Files\yok\yok.dll]  [YOK.Com, 3, 0, 0, 1003]
    [C:\Program Files\yok\toolbar.dll]  [YOK.Com, 3, 0, 0, 1005]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1584][C:\Acer\Empowering Technology\admtray.exe]  [Avocent Inc., 1.6.13.24]
    [C:\Acer\Empowering Technology\ServiceControl.dll]  [N/A, N/A]
    [C:\Acer\Empowering Technology\OsaFsLoc.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 6]
    [C:\Acer\Empowering Technology\InstallNdis.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 0, 2]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1592][C:\acer\Empowering Technology\ePower\epm-dm.exe]  [Acer Inc, 2.66]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1616][C:\Program Files\Launch Manager\LaunchAp.exe]  [, 1, 0, 1, 0]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1624][C:\Program Files\Launch Manager\HotkeyApp.exe]  [Wistron, 1, 0, 7, 6]
    [C:\Program Files\Launch Manager\AlchemyXML.dll]  [Wistron Corporation, 1, 0, 0, 3]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\Program Files\Launch Manager\KBHOOK.dll]  [Wistron Corp., 1, 6, 0, 0]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1664][C:\Program Files\Launch Manager\OSDCtrl.exe]  [, 1, 0, 1, 2]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1680][C:\Program Files\Launch Manager\Wbutton.exe]  [, 1, 0, 7, 3]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1712][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.9 16Dec05]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.9 16Dec05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.9 16Dec05]
[PID: 1764][C:\Program Files\文件夹加密超级大师\svchost.exe]  [夏冰软件, 6, 1, 0, 0]
    [C:\Program Files\文件夹加密超级大师\interfacedll.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\文件夹加密超级大师\nettool.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\文件夹加密超级大师\crtool.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1776][C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 1936][C:\DOCUME~1\djurelea\LOCALS~1\Temp\bzHIXM.exe]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\djurelea\LOCALS~1\Temp\mhs2.dll]  [N/A, N/A]
[PID: 2020][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 840][C:\WINDOWS\system32\com\smss.exe]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 2296][C:\Acer\Empowering Technology\admServ.exe]  [Avocent Inc., 1.5.24.74]
    [C:\Acer\Empowering Technology\OsaFsLoc.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 6]
    [C:\Acer\Empowering Technology\osaiodll.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 1, 2, 15]
    [C:\Acer\Empowering Technology\IpmiTrans.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 14]
    [C:\Acer\Empowering Technology\SYSAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 3, 15]
    [C:\Acer\Empowering Technology\SMBIOSAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 6, 7]
    [C:\Acer\Empowering Technology\cpuid_dll.dll]  [ OSA Technologies, Inc., 1, 0, 6, 13]
    [C:\Acer\Empowering Technology\NBAPI.dll]  [OSA Technologies Inc. Taiwan Branch, 1, 0, 1, 2]
    [C:\Acer\Empowering Technology\NetMonitor.dll]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\Acer\Empowering Technology\s_lm85m.dll]  [OSA Technologies, An Avocent Company, 1, 2, 2, 5]
    [C:\Acer\Empowering Technology\s_smsc47m1.dll]  [OSA Technologies, An Avocent Company, 1, 2, 3, 8]
    [C:\Acer\Empowering Technology\s_it87.dll]  [OSA Technologies, An Avocent Company, 1, 2, 1, 2]
[PID: 3188][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
[PID: 3276][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\pagefile.pif]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
    [D:\pagefile.pif]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1812][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 2000][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
    [D:\pagefile.pif]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
    [C:\pagefile.pif]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 3836][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\pagefile.pif]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 3460][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 3856][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]
[PID: 1928][C:\DOCUME~1\djurelea\LOCALS~1\Temp\Rar$EX00.375\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\136741M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\MSNChatHook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\sysenv.dll]  [HiTRUST, 1, 20, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[D:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[E:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

小第先谢过了