[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 448][C:\WINDOWS\uninstall\rundl132.exe] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 476][C:\Program Files\Common Files\{08831C2E-063C-2052-0727-060502060056}\Update.exe] [N/A, N/A]
[C:\Program Files\Common Files\{08831C2E-063C-2052-0727-060502060056}\System.dll] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 500][C:\WINDOWS\system32\wdfmgr32.exe] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 512][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 568][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 1340][C:\WINDOWS\system32\Media\services.exe] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1636][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8293]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 1852][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[c:\windows\system32\drivers\restore.dll] [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 2396][C:\program files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\WINDOWS\system32\winsys32_070104.dll] [N/A, N/A]
[PID: 2620][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 2904][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\PROGRA~1\COMMON~1\dtes\kxlg.dll] [, 1, 2, 0, 8]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 3124][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 3456][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 3864][C:\program files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 3996][C:\WINDOWS\system32\ systemi.exe] [BenQ, 1.00]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 532][F:\Maxthon\Maxthon~.exe] [Maxthon International Ltd., 1, 5, 7, 82]
[F:\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[F:\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[F:\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[F:\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[F:\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\WINDOWS\system32\winsys32_070104.dll] [N/A, N/A]
[PID: 356][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 2264][C:\WINDOWS\system32\sevchost.exe] [Microsoft Corporation, 5, 0, 0, 0]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 2468][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 224][C:\WINDOWS\system32\sevchost.exe] [Microsoft Corporation, 5, 0, 0, 0]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 2788][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 3264][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[PID: 3480][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 3528][C:\Documents and Settings\All Users\Templates\temp.exe] [N/A, N/A]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[PID: 3784][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1188][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 2140][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1180][F:\sreng2\SREng\SREng~.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 3976][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\WSD_SOCK32.dll] [N/A, N/A]
[PID: 1744][C:\WINDOWS\system32\ravmod.exe] [Microsft Corporation, 6, 0, 3790, 1830]
[C:\WINDOWS\136741M.BMP] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
MT-TcpFilter
C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com