我是网管论坛's Archiver

sibusia 发表于 2008-5-26 03:12

开机自动在进程中启动IE进程

开机自动在进程中启动用户名为SYSTEM的IE进程
3]@n+_)lE 是在打开一个AkumaEngine的软件以后才出现的这种情况
ZgOkJ$T"c 不知道哪位高手可以指点在下一二?

红桃jacker 发表于 2008-5-26 07:24

建议用sreng扫描一个报告贴出来.
?Lr]I"]cT )X-vO'gmi8clE
AkumaEngine 好像是网游加速相关的软件,

li250904768 发表于 2008-5-26 07:44

不清楚以前遇到过一次,但那好像是中毒了

knightxiao1011 发表于 2008-5-26 08:52

建议使用360扫描,清除.

sunlin19 发表于 2008-5-26 09:07

还是 360 比较简单。V7qR&I8i
可是用他扫下

hundansky 发表于 2008-5-26 12:59

一款加速器软件,可能LZ在某个小站上下的,里面集成了一些流氓软件

sibusia 发表于 2008-5-26 19:58

哦 对了 还有一点 平时的IE进程为小写 那个开机就启动的是大写的
1o+ZZmQgJk :[1\0n(~4WG7uD
另附上本人SREng扫描报告
?#TS)b&BJ&^)yG [code]
U&H3wWe'pW*y 2008-05-26,19:56:08 t6F+L+k1??u
System Repair Engineer 2.5.16.900
Kh{k/n Smallfrogs (http://www.KZTechs.com)lUi.n.me oA-G
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
1f$CC!fu&J)X 以下内容被选中:xm3yM8]"P9r
    所有的启动项目(包括注册表、启动文件夹、服务等)&s9X!v7]P*Lk T2B
    浏览器加载项)M%K:jA3A L}jF
    正在运行的进程(包括进程模块信息)
7g?G e.N;@4zfkv&F     文件关联1c q JAl
    Winsock 提供者U7v!Ku3eCI
    Autorun.inf
cw t8m&e/D H     HOSTS 文件3lS)Pkn(BA
    进程特权扫描%sZ(Ex5]al#S*[

$`@BP_pV T 启动项目O }3bg O
注册表E%Sv Ie.a!S3S
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]f@#p@m:t{
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
9k0M I B:C [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
X VUcL mu.P     <load><>  [N/A]3s/L Kt)S$dV:vo e
    <run><>  [N/A]
L|3Z qy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
t#jV*Ul NRoBF     <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]w(f)W~L"G*CrZw
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
T7g&M"x fe     <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]*H%OUj i g
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Component Publisher](Q(Sj"tP1{8u~:P
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]9DL A }%s]f
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]z;p,P?iTg5KAy
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]tB#ZWi3S8J V#s
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]/p7o8NZ;Hc v&M\
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher])`IPq.ia,C5Z
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]-R4W?,M z ? s2J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]W1O$a3iKN ks
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
$Y5U*}MBc [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]b(nPsj^*o/X&O"I
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
3}Df {5BaTGeu [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
Qg{9sL8?L_-j`     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]9IK(W(ml%f+S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
3Z0YIl5`,i|     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]-m#jK Wk:f-}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]Uw/Q6n*kB_
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
Ks~0BXJAA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]H5nXbc+SM
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
^ P-EX%\1[B [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]0['rm4m1hF[2K
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
&?uN"MRjY [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
:k.[$I)R"xf3E#[K     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
:s*Jxkt6D [HKEY_CURRENT_USER\Control Panel\Desktop]&erNgx%\
    <SCRNSAVE.EXE><C:\PROGRA~1\MY.scr>  [N/A]
4l8_{'qd)?H9K ==================================
Ex'S4Z1WQ 启动文件夹W4E;Z9s/J}V
N/A E0Lg"WZb&C:y
==================================
#Vb6kY8T pl:h `J 服务
'S/nw UN [卡巴斯基互联网安全套装 7.0 / AVP][Stopped/Manual Start]
{kn"X/c   <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
H9O*Z$p|7B6~ [Human Interface Device Access / HidServ][Stopped/Disabled]
V t} Vd.?e   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>.KKt4|4R^
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]S}x] _Hn
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><> eMgU#_"v8N q iN
==================================
0QKPUg 驱动程序D3c_#o5j9DX
[360AntiArp / 360AntiArp][Running/System Start]/Qadp|$bC.H
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
hS%b&IQ$~ [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
Uz.VdA   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
6kL x8| l J3S M%C*f [ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
B _&re8C#L$y   <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
sy hqc J#c]9Y N [cdiskdun / cdiskdun][Stopped/Manual Start] {8W,hcZr |3s\ w
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys><N/A>u0]W ujP TB1s
[cdspacex / cdspacex][Stopped/Manual Start]L6O0Dw(s
  <system32\DRIVERS\CDSPACEX.sys><N/A>
-?$I"UMtJ5e [DBKDRVR54 / DBKDRVR54][Stopped/Manual Start]/@#g0M_ev
  <\??\D:\CE\dbk32.sys><N/A>
Rd$}P|R j BSvS`/e [ialm / ialm][Running/Manual Start]
/v8xgH(Y.{   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
zX+Q3a9G&eV'k [kl1 / kl1][Running/Boot Start]PwVdK4};S]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>+W,J q x&bv| v
[klif / klif][Running/System Start]
_j u yr#F   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
X$yix$Za&L `l [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]g-l1_Eqj
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
{c[ ~*eo4p} [kmsinput / kmsinput][Stopped/Manual Start]
.U{1I9vX[p3p1X   <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
Y*|/cvg"G ?Ex [npkycryp / npkycryp][Stopped/Manual Start]`-KH'x#_{&[S+]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
vqFP4]6F2B9iN [Direct Parallel Link Driver / Ptilink][Running/Manual Start]l `G_%`
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>y#t%s|QV]#K6u
[q2dhn / q2dhn][Stopped/System Start]
U(]/KT5mXx#~1q+n   <\??\C:\WINDOWS\system32\drivers\q2dhn.sys><N/A>*k4?cN1Lz9Y e
[QKeyServiceDisplay / QKeyService][Running/Boot Start]&yLl(Z~ ? X
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
S c+_&U3h/B [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]ab E+?4@1l!T
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>!| O ?)r.{;e neY9H
[System Safety Monitor 2.0 Core Engine / safemon][Stopped/Boot Start]
&U:H` {4\e bd   <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>%f(w {n-W C
[Secdrv / Secdrv][Stopped/Manual Start]6r7kf+P](E
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
cc-S.s;\f]$F [TesSafe / TesSafe][Stopped/Manual Start]+fH!t6A Su:`
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>e"I w~Y(\ g|
[TSP / TSP][Stopped/Manual Start]
_Y~z2xU;_8P4h;V   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>8X-S1\ y8W3hLl P
[Two Rabbits Live Bus / TwoRabts][Stopped/Manual Start]
6p6y,j-NB.Nr   <system32\DRIVERS\TwoRabts.sys><N/A>oO1T"u9M&\
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
0hd PN^9[ z.Y   <system32\drivers\ialmsbw.sys><Intel Corporation>4WA%PA _*DM
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]R*E9pK7F4]&?]
  <system32\drivers\ialmkchw.sys><Intel Corporation>.v&f:u'p |2lT{
==================================1F:]].Jy
浏览器加载项u-V?"A)nZ9D Zgw o
[QQCycloneHelper Class]
&|+e R*@9bHh+L   {01443AEB-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司> G#x X#k|/H
[ThunderAtOnce Class]
^,Z |+Cu|-{   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
IC i5[2l#X Rg [Thunder Browser Helper]
5k$B h!t.`+@   {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>)?;S-]!Og_&o
[SafeMon Class]4~9M;h4Na%T
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
?0d0C1K)z h [启动迅雷5]&F,}w U-lDX
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\不可乱动\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>z/E C&~/U%AT6W D
[]
w9H |b+sS:Hv_,SU   {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
6qYY8FWViH!Q2RV r [Messenger]
+f7P:O B0E g rT(z   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
e%rB [#HUxp0B C [Office Genuine Advantage Validation Tool]
4A"[dM0~,q8j   {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >kN8}gI ^"e&M'Q
[Windows Genuine Advantage Validation Tool]
;o+S2U kM?w"o   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>hi["e!RBd$W^`O#z
[Microsoft Genuine Advantage Self Support Tool]
*H!r_eh4y`,e2n   {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, Microsoft Corporation>
|`tWs [PhotoDraw Class]
,iJ"Z:d H4B~W   {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <E:\不可乱动\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
JV.g!nNOX4i [ScreenCapture Class]
i2x9X4N,}!W)l"rL-|   {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>R |i2k@n9d{
[ScreenCapture Class]
)VQh!^8[?5K   {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>
|*L+yF6DY U)H [Tencent Safety Online Base Module]
v0k'^'S2Fe   {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>6g!Q w6n9UkmPr
[WebActivater Control]
hep/]*~   {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> G%NF`%HBO\
[Office Update Installation Engine]
(m^2Za1JZ   {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
1Oq%b-D BBf(nl [Shockwave Flash Object]nQ#[*K%HH"oQ o
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
Z }0Yhl1K [Thunder Browser Helper]
cx![ d:a1\$C   {00000000-12AC-4305-82F9-43058F20E8D2} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>|Q!e1u _y `!G
[Thunder Browser Helper]
4y6[X/A-E}   {01443AEA-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>3O(zT+Ol
[QQCycloneHelper Class]
!K7H#rT W   {01443AEB-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>.u+O w d(Egbr+}
[ThunderAtOnce Class]
U.A9?'aR'P.EX   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
5~5z Ppt/r^$_ [Office Genuine Advantage Validation Tool]9V7X,v+hlZ;P
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >x)P S8LA W
[IeHelper Class]
|%e#bV.^#v2D   {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <, N/A>
h.[6g8s h_ [Windows Genuine Advantage Validation Tool]
$k!dI sA]   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>L0Z.y uf0d
[InstallHelper Class]
"S],D j-^}R} o&J   {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <, N/A>
8A*NP+peB [UploadFilePartition Class]
C#_wE&xo"D   {2030B925-DF6E-4535-AB9A-C2787F2FEB53} <C:\WINDOWS\system32\TXGYUploader.dll, Tencent >!wXuw#`7]3k(~
[Windows Media Player]SR(~n.{Ul
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>9D {.}\0T6I
[PhotoDraw Class]o)z)L9fJ-D-D
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <E:\不可乱动\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
3u:} ZR1Z m \d%bp*M [XML DOM Document]+L\nV-D }9Mg
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>9Zsym"R
[DHTML Edit Control Safe for Scripting for IE5]1i'f*@L7o7Pu2j
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, N/A>
'f/hSo'a-p*S [Thunder Agent Class] p'I,Q J;v Mpsy
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\不可乱动\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>+fHmF4Hc)b g vv
[Microsoft Terminal Services Client Control (redist)]
_N p!f y/Y   {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
~;@2x#p'A`"h [Microsoft Terminal Services Client Control (redist)]
u;n+SA!~   {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
B8}z _1eu)eVR5c [HHCtrl Object]
t&h(p tC&H fH]([;@!u   {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
+vH3YeR ~.^ [Shell Name Space]
5K(in;|[ YTP%@$g~I   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
,Rk],k#gk [WUWebControl Class]
Me`^ ?NH   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>;Udf oeb9lt(?,Y
[XMP Class]
_:u3G/tZeK[   {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
gz)s @yK~!jn [QQMusicCreator Class].z@y6r7ilndO&j
  {6927992D-6A89-4549-8A32-95901BF5D920} <, N/A>
6Hl(Fy1S [XDRM]
|-Kd4t/Uk)i   {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >h$G@|F:lya
[Windows Media Player][0CxwK
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>,x*H ]6@-G!ZWs.R
[Active Desktop Mover]
V[7X~k2?p   {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
VFy]&|}.Q [Microsoft Terminal Services Client Control (redist)]s#_3VZ*Gp
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>1cL Y~HD IyU
[Microsoft Terminal Services Client Control (redist)]
f#V+I9u Z   {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
;aHY5n1L4aDY/p t8aY [MediaComm Class]
%r"a.G0aDv3Y#SA?   {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\不可乱动\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>L:D!Vl4jM9Ds${&a
[360SafeLive]6u$ygl E
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
9csDAD N/Vs [Microsoft Web Browser]&dI4Y2E]*v
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>Ge.ejB Wn
[Thunder Browser Helper]
SnDM1Gdp1K7~g   {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>_y[6i,y/k
[RealWebStart Class]B&TCD0rBXN
  {88E2AFD9-0FE2-471F-9337-86C9DED12058} <, N/A>
,m_3D-AB I;s [Uploader Class]oL;dG y
  {8A990A37-B746-43CC-BF08-400740854928} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>7JD,K2P+\(T9A$S
[Uploader Class]
}$Lp+E'V;PkA1fs+]   {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>
!N ZgrBkl9~Mg [Microsoft Terminal Services Client Control (redist)];[ A3j5|@G9_OsH
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
*`6z t_Q [UploadFilePartition Class]"~#^ Y;b"Z
  {A877BA28-1F7E-4876-B299-50B3199A1A5D} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>
?E)e.N'TZc4cT [RMGetLicense Class]do6KC3m
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
\uQM/x [Thunder DapCtrl]
K7\hU^+H2x   {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <E:\不可乱动\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.989.dll, ShenZhen Thunder Networking Technologies Ltd.>G ywk'^V
[Microsoft Scriptlet Component]
%Z w"GU0HJ   {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
} z.@j_j[3Z [SearchAssistantOC]"D }jx(P u)V_
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
aAE vn-{ [ScreenCapture Class]6w!W2qR;_ p~~I5z
  {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>,z*O:Lh-C/T bLx%\!z
[SafeMon Class]$q+t e&l7z~*P*zU%E
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>9d:?9NK2T1s.n#V
[RDS.DataSpace]
L J7ozu,pR   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
/~+gh6V`&x HA%xi [ScreenCapture Class]
*c&d EX+P*Y4Tr'_   {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>
t.K"P c4a.H+D [Office Update Installation Engine]
x(rKg b9Hl1D   {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
yvy5i(i3W [QQPlayerSvr Proxy Control]
h6gv/s_r   {CD108273-D434-43E6-AA90-1469F97EB398} <E:\不可乱动\Tencent\QQ\QzoneMusic.dll, 腾讯科技>%q&gJ3P#Nl
[VIDEO__X_MS_ASF Moniker Class]0@~ e/y#ZIN}
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
!JT0H4} ?` [Shockwave Flash Object]
5LIJ w yx   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>N/r+?6zzel u
[AgControl Class]?-QI1Ija2m
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll,  Microsoft Corporation>
]8\-}w&o [PasswordEditCtrl Class]
C-SV:r/ws[Pf   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
5p^\z._ [Web800 Control]
,_ J+x n }1C(wC |^0UH_   {EC53936E-6D4A-4307-9092-A2FC48EAFC56} <E:\不可乱动\Tencent\Web800\Web800.ocx, Microsoft>G7}V`W*x0j(y
[XML HTTP Request]
]uQ:G7wF   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> hcK4A1F"C
[Thunder DapPlayer]4b e"z-o(?2gz
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\不可乱动\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.989.dll, ShenZhen Thunder Networking Technologies Ltd.>
S7` s5l\1RO G7t^,D^ [XPPlayer Class]
4Rp C'jL6B   {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
-y7|f*U.L [XML HTTP]
3Rf[cJ~`#f y   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>^@ ie{W.Qw
[&使用超级旋风下载](fqE;m(O&y.D
  <E:\不可乱动\Tencent\QQDownload\geturl.htm, N/A>
leI[L$kY:f [&使用超级旋风下载全部链接]9i'qV3U(EQ7PO
  <E:\不可乱动\Tencent\QQDownload\getAllurl.htm, N/A>
7JI Erg_&s [使用迅雷下载]Q9C.["~#r
  <E:\不可乱动\Thunder Network\Thunder\Program\geturl.htm, N/A>
x+JX:U1cl [使用迅雷下载全部链接]QVSm2P)u$A
  <E:\不可乱动\Thunder Network\Thunder\Program\getallurl.htm, N/A>
iN Z U x/m [添加到QQ表情]
$K^vRuAk%nA   <E:\不可乱动\Tencent\QQ\AddEmotion.htm, N/A>
y:y8m|KG ==================================
%AOh/Gzz:W'] 正在运行的进程
II!p6Qkd [PID: 664 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]2P5Q!{}O(n%r:H d;L
[PID: 752 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]"U#\aIL(dH.Q
[PID: 784 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
5h+E2uy)}*iJ wd     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
X#wSV,LV9]     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]nU$QC;W
[PID: 828 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
j/m3x?VS     [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
7@(R/Yb9yA[}%S [PID: 840 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]l1@$m{+q u&b7K
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
e/A!JU/aU.v2M     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]6H:p^\Vj2Y
[PID: 992 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]3m!Ni O/gg-n
[PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)](x+aRn"cQRz-j{
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
v+g{Y m [PID: 1104 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]k_GGW4S#R6E
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125][0Y:m7Fl*N[)jV+W$dc
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
-_iTkOJMsAs     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]7^T0^CF3@ ?N@
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125] Iw[Y'BL:|!N
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]x3f#n%r(~*D
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125];U ]:LTB3o
[PID: 1160 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
3Xl_$vO%b     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
7U3qL1u:ya2Z~ [PID: 1488 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]-\{z(~o/iJl"`
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
7x1eu1|xO.z6^rZ     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]djDL(V1q
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]4s7Tv"IN/K|S^'b
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
NHM IcN;f     [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]ipve:gi l&k2\
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] X+L/NCFw2EcS`?
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]#r K#| |a
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]#~ b(?ys6u i
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]5? n(z(?-_~
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]UzTv#]5N;^y l|1u
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.50.5.0] S l${@.RV]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2082]
^ \3Sk*j,G1K     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]-ep[ \/n
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
-Yl4Y"~Q     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
Y)F3[l&nIb a}(?{}     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
)e_O:o OC     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
pay!V9@Q,G7?     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]MT s u r-Nn!FC
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)])r }H3\5`f1h
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
4\0\*Dt;Uh7B     [E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
U2}.x\$R0U8K1n} [PID: 1628 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
Fl9u+Rl7y2@ CNvJc     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
Wva4xB1JbYT*g3c     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]8hB*E0m7~
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
_7G6z6Io bo [PID: 1636 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.05]
5[;~6qIp [PID: 1676 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
W9x_ s[8Y5I)p [PID: 272 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
(xI[ r2N#F [PID: 1760 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
L:X)m,\0\!il#S     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]b\[6p b%S.g
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]w0h/rP Ze*L\.b+~
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]-s!Nu"lZb
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]2J8[U@_!So%|
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]8Ulpj'U"hJ}b
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]sy/ndi"_G5z9rb
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]BL&wd:l _*jy
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)],g.AUEA3e&NY
    [E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]%|;tUi2l9sj }
    [E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]5f/SH^hM
    [E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
X7m5\,sl? fFD     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
+yC~d7g,S'j{.A.|2{     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
;O#W)m~t JV1h     [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001])F7i+b2[Y XY
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]+x/Z"L3HQB8b"iC
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
q!Fvl w9f+w     [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
L'~h&t i-x {l     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
lq"E/qk&\I     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
2L'@|0jaO     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125] u$a8e]6y
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
d.]%Y"M,tldx'OX     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
5KU!qx*L+C'K     [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
2?3QqRT'B     [E:\不可乱动\Tencent\QQ\Qzone\QQPhotoDraw.dll]  [TENCENT, 1, 5, 107, 120]+P.y0v"IEQ
[PID: 3048 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]1o"T%^@ n#ew8}+[
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
(E @L-xq*A"B9{ [PID: 2464 / Administrator][D:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]tTb7?-N
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
2R%y`W f'lCi     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
u{)BGe5N     [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
"Jz;E_T     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
T:`(t9v6lWv\ I     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]3dN+w$\}Vl_
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]/o0MRX$P/E0k Cu]+S'K
==================================QfU9xiFb{g S
文件关联JJ:xR*Q
.TXT  Error. [C:\WINDOWS\notepad.exe %1]:r(s`#n!d
.EXE  OK. ["%1" %*]Y_$P/A8`.B[p
.COM  OK. ["%1" %*]
otz%n n.erO .PIF  OK. ["%1" %*]Z7I F,aw k3I)I
.REG  OK. [regedit.exe "%1"].t&n4HX5}af%u@
.BAT  OK. ["%1" %*]
m{ @/et0d .SCR  OK. ["%1" /S]
Xj#Bk)W-@:l v .CHM  Error. ["hh.exe" %1]
S&P2^;p'_N!YR(] D .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
~u:] ol .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
rwOn6b.Q .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]8KZML'e2J
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
a&{qi({!~h)R .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
$F7V#GwG ql} .LNK  OK. [{00021401-0000-0000-C000-000000000046}] t0`E2kp
==================================
A2W#\)G H(F5x Winsock 提供者#Pn(P7[,m5hIND&s
N/A:N]%i0kJd
==================================s zWz;byB(M,si%X
Autorun.inf
AVYf&xP,`N N/A
6D9|nY x6xlE ==================================a]$c p(W*li
HOSTS 文件
z2B!^3nf/|,ca _ D 127.0.0.1       localhost TM-@*B M9l l7?$WL
==================================*h7jU#hD
进程特权扫描
"E1@Ak|*^8wR 特殊特权被允许: SeLoadDriverPrivilege [PID = 1636, C:\WINDOWS\SOUNDMAN.EXE]Y_hR\rV
==================================
QH N ^u API HOOKEwU:S g:a2kl
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys) o6n M0P_$|'J
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
.G;OAb7~~!Y6{|AP RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)7w(G@2\5k5~
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)s\R2TS6A E uy-c
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys),n@u)W1Y*o/}l
==================================ZY:@jE
隐藏进程"m&U-e9Vl(MX_&T$sT$U
N/A
TGS X&c ==================================8W;~8z"zC,D$o
[/code]

红桃jacker 发表于 2008-5-26 22:26

启动项目注册表:
r,?)L Y vA [HKEY_CURRENT_USER\Control Panel\Desktop]
tQ$Gd@dJ[ u     <SCRNSAVE.EXE><C:\PROGRA~1\MY.scr>  [N/A]VZl'O:X4Dc V7\F]
把这项用sreng删除,不管它是啥,楼主集成的板子建议不要上多余的启动,而且这个文件非常可疑,除非是楼主自己安装的-sbs J8n o

&}/V e_%Gx6x 用sreng删除项目驱动,然后删除文件::P#nz.KK3]4t3^7uK0X"O
驱动程序[ |ev l"l
[cdiskdun / cdiskdun][Stopped/Manual Start]*@HV iC A[o
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys><N/A>pIgo"}8`H:Fs
[cdspacex / cdspacex][Stopped/Manual Start]-\W b#I6b?PIK
  <system32\DRIVERS\CDSPACEX.sys><N/A>
Rf5ihv [q2dhn / q2dhn][Stopped/System Start]*]%lIrT&ip
  <\??\C:\WINDOWS\system32\drivers\q2dhn.sys><N/A>T2u*E$sy&H
[Two Rabbits Live Bus / TwoRabts][Stopped/Manual Start]
vh3Y&vB`$Jr   <system32\DRIVERS\TwoRabts.sys><N/A>
7a:dRf-YOb
@ tm:~Xg{b6Y
3@aX[/\S
+I1P_dmI2~H
@j(n0i;gS [DBKDRVR54 / DBKDRVR54][Stopped/Manual Start]
pT{bM]%^'X   <\??\D:\CE\dbk32.sys><N/A>
/Z0r(Mn)MQ{6U`4d5P 可疑!U)I R F2e Vr2t!|9m
5thb8Y^\ mE)j6|:J

/e)y8d:G,?M S'y5@AW 最后文件关联的几个错误,用sreng修复一下

sibusia 发表于 2008-5-28 17:19

已经按照LS说的作了,r?1f-IF(` Mot[ ~
可文件关联修复好了 一重新打开软件还有。。咋办?

sibusia 发表于 2008-5-28 22:31

额 刚刚开机的时候 那个随开机自动启动的IE出错误了。。2[!e:D7bB[Q{
有个技术分析也不什么的 里面的东西我复制出来了sux`0c;g7?$U
不知道对清理掉这个开机就启动的进程有什么帮助么6I m F%V/n.\ fZ#I9BO

F ].|}5RW%gb@L9b C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER6381.dir00\iexplore.exe.mdmp2O@:eHoNoD-V
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER6381.dir00\appcompat.txt

红桃jacker 发表于 2008-5-29 22:12

建议重新发一个sreng的报告看看

sibusia 发表于 2008-5-29 23:19

[CODE]
}2[&^|Hk:\ m"lu
W4~b+g&P,T 2008-05-29,23:18:26
VY4I'gFs
'k(M Q(LW9JJ6LRk8y+x System Repair Engineer 2.5.16.900#FYv/e R ~P$h
Smallfrogs ([url]http://www.KZTechs.com[/url])
y4M:ll9h-~ eI
0g#X0_I w;[ A Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能@\/Z/@T1t.y
d w5p2_*S-S
以下内容被选中:
UO5EF;mb.Z}k     所有的启动项目(包括注册表、启动文件夹、服务等)
NCapyBHE4I2q     浏览器加载项DKN |b6@
    正在运行的进程(包括进程模块信息)i w7\9|6E$]
    文件关联#y Ql&xy X
    Winsock 提供者
/rZS#PX-e%A![     Autorun.inf
'UV(a4UD$?-U;}J1t     HOSTS 文件
p6JyO*Sg,{UQ     进程特权扫描
b+w6t)K5hu6W
"ssj-X.g*? D5B 2KxM^1rR#{0x(v2m
启动项目J7k3r4WW'^0J|a
注册表&q B A6}kE,T&B
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
&K7LN.k`4n0r     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
I$Q3hmX3GQ [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]S _S6C4Y'{
    <load><>  [N/A]"~9C.A6XYXbx*{
    <run><>  [N/A]
n3?~(F9gX?5V5j [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
LgE#U ^#N?i     <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]R^K9c$m `:G
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]7f"g@S]5J)I
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
R K.I*y6_$I pwFb6r     <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]$o^ b*J4c3Z:S?W
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
2qn"kp_{{     <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]S"m6z^eBy
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]x\L2Wg Xd
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
"} TUh]^ X     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]VNb%n$Xn
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
_d_,mz/F8nl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]a!h@X]YWuE
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
8I,{#C6~.hsJ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}])ja.H'e,mOaz+^x)]"I
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
e1cz*H)K$o;` [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]#pUG^K%xxxtL
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]?VkwX M'`
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]J@/`&c^;z`
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
;w#fi3T*a^iM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]D5rN x`'QBmMi*{
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
mY#[*^`w r.? [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]+i`Fg&z J
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]7fK:H/mw3pu0C
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
St;~%B%c5Y)ei0t     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher] ?au8d)oR Y
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]&|}/jFk
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]l[)?3iL7N3v[1B

&CE|2Jn&N z)Qo ==================================!qit@&a3NE
启动文件夹
%Z On/gb8~ZC"j N/A
(roJ{2g8bvY 2Z0DEY1ya
==================================Qp br)Z9@P
服务 M:~CZ&c#G8V q)r
[卡巴斯基互联网安全套装 7.0 / AVP][Stopped/Manual Start]2{:I Il1Ga8}b hz
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
U(aU z h1_`BV [Human Interface Device Access / HidServ][Stopped/Disabled]
YnL6z|   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
/j&E:O2iw0j:hs;N9E [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]aQ+E-JjRF c+]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>1{d'Y:xU}

#I,j$ZVt{9|3I ==================================
/L6@:v ~f$TE 驱动程序
x3Bp)hTr5Mt [360AntiArp / 360AntiArp][Running/System Start]
b|njJlKQ?   <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
SbXgS(j [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
l7@X[O$_   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>"R7U9X*h9s1@4mYh
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
}4@BkuU2ID)U_8O%d_   <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
m7H&{o0T+?uJ [DBKDRVR54 / DBKDRVR54][Stopped/Manual Start]
1D'M-p!^;E b,L   <\??\D:\CE\dbk32.sys><N/A>
a3h!RM#L7b6Pj [ialm / ialm][Running/Manual Start]
(x$u~\fMV r   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
\l,v4fR0u"S8Q [kl1 / kl1][Running/Boot Start]
1h*m(o:J?%y9O   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
%kj P jN-j Iq [klif / klif][Running/System Start] fN#fCJ
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
i-D"C#f] i.F [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]3^#B1y)iKj-P7n5Z@M
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
-m oz6k0r'X:l#O [kmsinput / kmsinput][Stopped/Manual Start]H!x*[`/|#d(B
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>G(Z4F$j)Q-B~ N
[npkycryp / npkycryp][Stopped/Manual Start]
%C8H2Zx%g-Ms   <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>6HI%e(_K"{ l
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]9H,\0KKU2V!vPb v ~
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> }D6I0RX&m^u
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
I Om(^3Z?,V%Q   <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
R3O,bA,H8u n [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]{\8VK6F
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
NDc(Mjj9i [System Safety Monitor 2.0 Core Engine / safemon][Stopped/Boot Start]5a9K*E u.X7P3N$M
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>JSM\f5kkT
[Secdrv / Secdrv][Stopped/Manual Start]dWi}$R8HI.Q5?)@
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>X+X} ?[0fU0G
[TesSafe / TesSafe][Stopped/Manual Start]J:BY|R&`S/g1ARq
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>0A)i,C1MQq*U8E
[TSP / TSP][Stopped/Manual Start]tr {LX
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>iu XF"D%X$fa
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
9v%J*hLz!c#V ~e+d   <system32\drivers\ialmsbw.sys><Intel Corporation>
RPE)w-C d_/y5t5e:l [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]y"Srw?"e
  <system32\drivers\ialmkchw.sys><Intel Corporation> N4\$X/m$cFc
{ jD%wvJf _
==================================
2aHM(H)] 浏览器加载项/yA+B_$v-?
[QQCycloneHelper Class]
!EYY*j7@2| x?&a$a   {01443AEB-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>z4T ~$JK,fM t+u
[ThunderAtOnce Class]
K8j {\O:wzS#O   {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
8S C3C4d w.oB [Thunder Browser Helper]:k'V&bX:~ y6b r q
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
lR D9Xe%c"e [SafeMon Class]D,i`eP t
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN> | aY7@Ym-y!@
[启动迅雷5]!gt!l$YaTP
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\不可乱动\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
G Rv$dD/`G []
B*L,Chk5{.lxw   {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
I{,m1lQ4qm,^-N [Messenger]
$}OG [.\(G!^2s `   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>.~Nl;O4D;zyJ'e
[Office Genuine Advantage Validation Tool]1}9M|SBA#f Ibp
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
^uN%Hk [Windows Genuine Advantage Validation Tool]#A]#E"l^;j%y6d$O
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
t7[#IQ6w7g@ [Microsoft Genuine Advantage Self Support Tool]O$e ^}QX
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, Microsoft Corporation>8?$YJ(hE9rs
[PhotoDraw Class]4C^aXpQ B1_JA
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <E:\不可乱动\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
E/t ZDr)w#ORH [ScreenCapture Class]
sC^7?TDn6x   {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>
"@sF#gKZJ)Mz z [ScreenCapture Class]
$[F"P/Q-@-|#GN*z   {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.> B7ZSXY6LQz(\
[Tencent Safety Online Base Module]5CltFxff
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
gdw#^FTq'r [WebActivater Control]
O5vM?J|   {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
9{6]D*o]Pa [Office Update Installation Engine]
X,[ew T%{U!TwjO   {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>.q9JRqf%z;P
[Shockwave Flash Object]
0^(fP?8hggwP   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>%hX t$x(~'yd
[Thunder Browser Helper]$x5s'w%lq g(^b
  {00000000-12AC-4305-82F9-43058F20E8D2} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
(^ Q E#Y&L+t0a4Rt [Thunder Browser Helper]
_6C5i Z N8E&Q4V e.z N   {01443AEA-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
PRz8d(u A7j5V [QQCycloneHelper Class]SE:hE|y#d3|
  {01443AEB-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>8d`qgD&H+N8b|B
[ThunderAtOnce Class]
+FOin3`1D Di   {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>]B*J*J3n}e
[Office Genuine Advantage Validation Tool] n$M0Uw C,E-R0|2w%{$I
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[%X3` Rdi7P9g&D~ [IeHelper Class]
,G&Nwa)Jks   {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <, N/A>
qQ$Y_b&sP1f0p [Windows Genuine Advantage Validation Tool]
1|!AY"g[x3uN   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
I @C"^\ [InstallHelper Class]
J9Ev&cMU1c b3uL   {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <, N/A>
(^t3Jb)aS? [UploadFilePartition Class]
a5Kjy S[#F   {2030B925-DF6E-4535-AB9A-C2787F2FEB53} <C:\WINDOWS\system32\TXGYUploader.dll, Tencent >
["X6R'N'CJ [Windows Media Player]
] x5Pr/B m   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
Ju"O {R*@8B [PhotoDraw Class]
vhN0mnIU b e   {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <E:\不可乱动\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
%y Hl#h8u7Vr [XML DOM Document]
Qm/G&m2Lu   {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
E%Xf,Y%lR [DHTML Edit Control Safe for Scripting for IE5]B0L\vTZ:fL C)O@0[\
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, N/A>!L;j)eeS.x!TYWc
[QQRightClick Class]
jW)aPX E.t?$P7l   {4836C333-208E-4BCE-B30B-00B9545B0F6E} <E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
RU,kh4aV,V7H T,c4M6m [Thunder Agent Class]
_9_!FX'k0^OEiF   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\不可乱动\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
iH M,@CG'JX [Microsoft Terminal Services Client Control (redist)]#Ig+JG8J%V!X*X
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
H8[3E E eI [Microsoft Terminal Services Client Control (redist)]
9q9|)I/U6p1rb[@   {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
4Y(k x&U6u}+eco8Z/Q [HHCtrl Object],O-oe"\x9~#\O?!P
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
p1~SJa:Q'?{ [Shell Name Space]]2o(XFE+Q`(r
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
+s)G/ga ~ _!yP9F [WUWebControl Class]
qPc+V)JJx7\   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
$I*~*Bv\9e4Ex [XMP Class]#F |imfh!q%N
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
Z T\!B/A)gHb&H[j [QQMusicCreator Class]SV(f5dr3}n!zb
  {6927992D-6A89-4549-8A32-95901BF5D920} <, N/A>
P4s ^5lpT {E] [XDRM]
&kK+P+ol&O)?q S   {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >?6MjKEV~P2K+qA
[Windows Media Player]
P/v@,e*my:j^)D   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
v5H~TK:N s5x [Active Desktop Mover]
}}v@:t0o   {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
BM6tN A}C [Microsoft Terminal Services Client Control (redist)]
$_6D:w_8KzPG   {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
e h SFb+D [Microsoft Terminal Services Client Control (redist)]
LU6P6u9T0p5j   {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
,f$RZw,j [MediaComm Class]9V4CI zcK
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\不可乱动\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
kQt%h(R a+] [360SafeLive]
&CY*K*{!c3FypF4b0G   {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>8d7dm1`6rV%C&y%ZQ
[Microsoft Web Browser]
c p{6ls.qS   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>!{ JU9Pp
[Thunder Browser Helper]#[l/@'V c.s Pv!x*O'az
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
,v7b l#P*JR8F [RealWebStart Class]
]:w goZv;Z1u{6dR   {88E2AFD9-0FE2-471F-9337-86C9DED12058} <, N/A> p0HxY$_P
[Uploader Class]
DR i+C9m2A   {8A990A37-B746-43CC-BF08-400740854928} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>5IB G;LAwH"Lpb1F
[Uploader Class]}+xjH%u,Q"q!o
  {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>Zu o-d C5|
[Microsoft Terminal Services Client Control (redist)]
]*U#u6_H7r*X G   {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
Y4PT d*p g7y [UploadFilePartition Class]|6i"yx'BG$sDCy
  {A877BA28-1F7E-4876-B299-50B3199A1A5D} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>m"gYp _i;r7o]$b`
[RMGetLicense Class]"c%YUrD
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
#M0N!GT:wL Qk [Thunder DapCtrl]
k OK+c3M]x)L   {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <E:\不可乱动\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.989.dll, ShenZhen Thunder Networking Technologies Ltd.>
0f*nnzp!C bwi [Microsoft Scriptlet Component]
^ITi6n#C6[6Y   {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
R:i#EL3_ P8\ [SearchAssistantOC]
&B7D:@dKK   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>` X MGP4C9R?U
[ScreenCapture Class]
Tv!|_0r*m   {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>
sgf#BgZ [SafeMon Class]%h9eO U:q&AJ _
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
(Sg~A4\^;W [RDS.DataSpace]
6~_.f"?+L%}\dW@   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
&C/BT6FS9]4?6^/w [ScreenCapture Class].s(YM6F6t2uhE
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, Tencent Inc.>j(OF2vy2l%`4\U
[Office Update Installation Engine])P,`.EZ/@
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>S4wl uo7KhmkJ
[QQPlayerSvr Proxy Control]
&P.Xt}jh7p R x v   {CD108273-D434-43E6-AA90-1469F97EB398} <E:\不可乱动\Tencent\QQ\QzoneMusic.dll, 腾讯科技>rM m{hq
[VIDEO__X_MS_ASF Moniker Class]
ceg1L}],}1`+T"~   {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
,|r@2_%Q G [Shockwave Flash Object]
(l3hv2M{   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>:X~ _b8E2u ?j
[AgControl Class]
6N~6k?@"r"Hq   {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll,  Microsoft Corporation>
n'I'p\7t;x2\ [PasswordEditCtrl Class]
C5i9['QX[u@   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
w)`d#F%Str:M [Web800 Control]1y`I5P@e j@_c
  {EC53936E-6D4A-4307-9092-A2FC48EAFC56} <E:\不可乱动\Tencent\Web800\Web800.ocx, Microsoft>
(sH3cm&C%w(^9F [XML HTTP Request]
?[7XJ _4Z%Y   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>jId~9qRp
[Thunder DapPlayer]
x(w4i)a-x8U'@7w   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\不可乱动\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.989.dll, ShenZhen Thunder Networking Technologies Ltd.>lu^\ oj1?/ON
[XPPlayer Class] P%taOg
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>9\hc8s Knp
[XML HTTP]
%YfLXwM:v   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>5|nI}"{4Z:t5}
[&使用超级旋风下载]
Q8? Lqd   <E:\不可乱动\Tencent\QQDownload\geturl.htm, N/A> DDn"]zXsq:L
[&使用超级旋风下载全部链接]
-RbmmM#T%t0@:n   <E:\不可乱动\Tencent\QQDownload\getAllurl.htm, N/A>C*ZE)SC%|D
[使用迅雷下载]
+i c~5k)T7U`   <E:\不可乱动\Thunder Network\Thunder\Program\geturl.htm, N/A>
8f9Q{wzh [使用迅雷下载全部链接]j-C3W#L3?lb
  <E:\不可乱动\Thunder Network\Thunder\Program\getallurl.htm, N/A>
E UA2bxV [添加到QQ表情]
Q&g'dY{n1`P zD   <E:\不可乱动\Tencent\QQ\AddEmotion.htm, N/A>0ApG-a@ j

&J\;K[\ HX M-O ==================================CMdg!Au,s
正在运行的进程
umg3wGS_ [PID: 660 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]3dv%b/iCi i^
[PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]"]&lgb| uk
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
%F7UNB:S:pz*~mS     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]v5K5L1N&EhyN
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
:ma0@/SR"H? [PID: 824 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
u]!KvEPD     [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[ GVO&xKG [PID: 836 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
"TJmN1~&mT,fU     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]yY~'c"pZp_
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]+von3P1YY.J.D)J?
[PID: 996 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]2RB.YXy/`
[PID: 1068 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]Q8sJ-p1^7u
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]S(x[$x? lD+x!b P
[PID: 1168 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
fj8zr.c ebVC     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
7NB U;Q8C'@     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
j;~.q*F5X#D/y)~     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
2`B;zr3e[ ~     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
(nv-s FfD kH!oG [PID: 1216 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
3M1`m+n7Q Q     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]S(u/DR.B E*g#b+QF
[PID: 1608 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
e Ht3w`u     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
(XWGG!l:V v     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]X"w,f0p0z$Fj
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
_)AYj#j7t6ZZA     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]wB4n [)EE9pd
    [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
CeG'\+wH     [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]G y@7|*O9E8bIe)L
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]2_$` S)|'@OEl;Z
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]g7Eix"dR+}
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]9sD?$xYL8R/V
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]8F0E4Jp h
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
x {&~8s_!Z     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
^ z7a)zU H U%d P{     [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]1l"|1K/~a
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.50.5.0]
9^u~\Q     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2082]r;]S"@#F:YR
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
q4E!l Fmop{     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
`7m/G,x*w"~2~Jfy     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
;E,m!n1un7Y bLr     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
Hl[0w5j%g     [E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
'}@"lk-q R     [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)];u)vd;yw5o J2}w
[PID: 1716 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.05]
oTB7\3L-K [PID: 1740 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
%Q mkPA f ko [PID: 1988 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]x {J9Dq7lUt
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]AL'O"Lyu
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
m|H S%f     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
hA&YS,ju"m%y-y&J [PID: 1224 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]a1a9j&M/o%o3I?+m
[PID: 1048 / Administrator][E:\不可乱动\Tencent\QQ\QQExp\QQExp.exe]  [TENCENT, 7, 0, 225, 1651]
$zj7p+G ?4m [PID: 1996 / Administrator][E:\不可乱动\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]t'M3o9P&y
[PID: 1284 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
_%~ib(JTE:L     [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]"|(vwI| RY9y
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]F q/S XM`H.Hf
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]%E+IujCG l/Y:i.E;W
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
!Q5Qx,q} w-Xdl     [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)].Q;qj&BEg^$|
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0].v j1Y*y&Z)D2N*V
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
)?U)o1Y/C     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]Z.s"q#[7NGj^+I
    [E:\不可乱动\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
8S+YV?#Df     [E:\不可乱动\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
iSq{2N*o6`c     [E:\不可乱动\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]6b3wP5q)T ]S$Kgv
    [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]:l l4w,q.H%T'g
    [E:\不可乱动\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
FYN H1z(Kt     [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001] m*Wi [.@-G
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
!k X.ed;llTzH     [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
&h-|#LS6a     [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]E{&L9ga
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125](p1{E)P3Y'D
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
vz.A K*[.? y'}     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
NgK{`q     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42] {`#R4f:pV
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
E9X_m,of$c     [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]7eK |'?;s9}V#Rg
[PID: 280 / Administrator][D:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
C(a5lr*dc%OO T     [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [IW0o9bNv
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
%_{h9W?L)H1X     [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]k5[5k*g-a&i
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]:m m;?UD:r
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
sd~b#f;y\     [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
9zA:y h GcO !?{~ T3}:{
==================================xY9A+b{+o ['F:S
文件关联
Zp3f2?o .TXT  Error. [C:\WINDOWS\notepad.exe %1]
G|/q5yJ0a*L:k] .EXE  OK. ["%1" %*]
lU:M"NPU .COM  OK. ["%1" %*]M8gxW,f
.PIF  OK. ["%1" %*]!k5W$m)IgW
.REG  OK. [regedit.exe "%1"]7\pZ Xv;`h
.BAT  OK. ["%1" %*]Q$EtY6n#p3?!|
.SCR  OK. ["%1" /S]
^'g1z8\@u&s .CHM  Error. ["hh.exe" %1]
[J'@;ew9e .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]7rG%a u |:X
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]9t mBjx,`t2j
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]4^y,Yj|2cCv
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
&la$j*V Qo9rd1? .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
i}u;N9i5e'eB^/j ~ .LNK  OK. [{00021401-0000-0000-C000-000000000046}] J"ZY| R!^;j
#{V\4r1n
==================================B6Un ~lXu{:SR
Winsock 提供者
tu:e^l-D!R N/A
4I^-t9U-aF
}^rX+fP ==================================H"m;|6e u j;s
Autorun.inf
:d4K8L&|9v g N/A
S(^1u A8S-U*Z
/j$s,Jr boE*{ ==================================
;uVBc6j,M HOSTS 文件3V8z }ye!B(k
127.0.0.1       localhostV/s;NJ2JM
OlC(Y3Bk1C+b#W)D
==================================g3V^ MU
进程特权扫描&gk N$]~E*f
特殊特权被允许: SeLoadDriverPrivilege [PID = 1716, C:\WINDOWS\SOUNDMAN.EXE]B|,mdvi yF
特殊特权被允许: SeLoadDriverPrivilege [PID = 1048, E:\不可乱动\TENCENT\QQ\QQEXP\QQEXP.EXE]M;bOhEk$C ^-K'Zb
uf$~)I ?G4L@
==================================
R#h G3M@"G0h2K API HOOKr8d+y/D0bZ"l+iq
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
&Y6^af }l3ho8b/A RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
)LV$ei7_ RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)+V B FM2P"@FK
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)Vw ypd1Dp
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
f"Ub$eX\+[ f!dM)T:vzig
==================================
e/x]Cs6@v0h v#f 隐藏进程H/gzce0K&y7Ui
N/A
$r5I8w&v8qh!tw g 8jy}9T VPM6w/u
================================== vuZ(i%O;d;^$h
c'F)b.z3P3cTd

%t]6U"zCS+B u"z [/CODE]

sibusia 发表于 2008-5-29 23:19

麻烦您再给看看 谢谢

红桃jacker 发表于 2008-5-30 00:10

报告看不出来啥问题,也请其他网友补充.-R@5r5q.ky7}z

QC%Ejg2l 建议在sreng/启动里面把这些都修复掉:,o?{bQ8]!?
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
4UZp!fX     <load><>  [N/A]oHY|'}o:w(k#ib hP
    <run><>  [N/A]
1ifLF3q8h 2rr;ndcnT1`
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
'u2T;ZI4R$LmU7VX     <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
d1i,QoE Iv     <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]"w's^SP'bRf3T]+_
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
G p!C'I$i     <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
Z@8A4Ca?3{ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
4j%Q M e!cC t(u4pD,a     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]~g*\T!b9aJC(v
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]3S:|c(FSPq,YU
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher] xUTc_
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] dMJ}V }6~`(m
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
dA+Or#wmEzS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
$ro.?W%t!_,cA Jq3a     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
JX6~p-Kx"gm%w [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
9o5{)ogY     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]6B)`;r amYm3dE7yc
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}](t.KJ;q6]X7@
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
6Z5M;g u9}^#fm1I+a [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]C;j@%m-B^B&G;y
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
,tKhNi ^ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
IM0L}:|WN1t%[     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
P9R"g S1v~g$Cw.A!|x [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2@$~rMY'F;T     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]bY5M:C ]"f-PLO7i
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]qTj;]:KO k
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]'eZ{"~^g2z
Bp7d&ny(q7K/^/I|

](n?}qa 启动项建议保留:///输入法图标,声卡图标.PG:FTFR?0@7NP)m
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] QU M&y^Cx#l5dv
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component 4u-g'aI GN
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"O$s.k'm wL'u
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]+hO~P'C(S
:QP xq@vp_n
楼主的kb是卸载了还是禁止了启动?

sibusia 发表于 2008-5-30 16:12

kb指卡巴么? k1x6J#[%x/u
另外 你都没办法了。。难道真的就没办法了么。。。

红桃jacker 发表于 2008-5-30 20:32

浏览器+载项:t_%R`t'A$M(]3W @&|
[Active Desktop Mover]fMtiR-V6]R,do
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
(k O+S-P X,{k [Microsoft Terminal Services Client Control (redist)]
)s-Q#u @ R K/q   {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
*Y,VY(}nk [Microsoft Terminal Services Client Control (redist)] z E+o9nc'vDZ
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>+])M(P@? C n0D/Z
修复掉,rUBI1t0E

pe\`v mBW2] [IeHelper Class]*w,ToY S2X4P#H
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <, N/A>0r7`X`{m8_#c
[InstallHelper Class]W @b,|L|1D
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <, N/A>
X%hy mF ? 也对这2插件怀疑
mh }t [3X3y'G |'u!iJ%L%b
建议先上[url]www.360safe.com[/url] 下载老周的360卫士,扫描一下,最后看情况楼主自己决定来卸载360卫士

sibusia 发表于 2008-5-31 03:14

话说 修复 没有那个按钮啊。。或者说我没找到额。。 E)sAK ~&G7fT7N
另外 我家有360啊。。

爱丽舍 发表于 2008-6-1 21:47

先试试windows清理助手,有绿色版的mc7yb$yF,GhcK ka
文件关联错误项没修复好
h-pdn*_SkV &i:D{2z![(`)`z
一般驱动中标记N/A的都加点小心:
UvBe2qA [DBKDRVR54 / DBKDRVR54][Stopped/Manual Start]S0czB1I;Tw8q5@!]:kk
  <\??\D:\CE\dbk32.sys><N/A>b&~+X Y#~XX
[kmsinput / kmsinput][Stopped/Manual Start]M,Qi~&D J9gO
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
Bz8y1H(zWC
dJ?@"P%ByrU 浏览器加载项太多了,用hijackthis扫描下,把09项全部修复掉,08项保留必要的下载工具即可

sibusia 发表于 2008-6-6 05:55

额 斑竹 你说的修复是不是删除啊??

页: [1]

Powered by Discuz! Archiver 7.0.0  © 2001-2009 Comsenz Inc.