[CODE]

2008-02-09,01:42:27

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[新浪UT Game]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\新浪UT Game.lnk --> C:\PROGRA~1\sina\UTGAME~1\UTGame.exe [新浪网技术（中国）有限公司]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\哑巴\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour 服务 / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\ineters.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod 督昢 / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\Jiangmin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"><>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
  <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[SonicStage Back-End Service / SonicStage Back-End Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe"><Sony Corporation>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[BsDeamon / BsDeamon][Running/System Start]
  <\??\D:\Jiangmin\AntiVirus\BsDeamon.sys><Jiangmin Co., Ltd.>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[KRegEx / KRegEx][Running/Auto Start]
  <\??\D:\Jiangmin\antivirus\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software - SysCall Services / KSysCall][Running/System Start]
  <\??\D:\Jiangmin\common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[Jiangmin Antivirus Software - System Monitor / KSysMon][Running/System Start]
  <\??\D:\Jiangmin\AntiVirus\KSysMon.sys><Jiangmin Co., Ltd.>
[Jiangmin Antivirus Software - File Tracer / KSysTrace][Running/System Start]
  <\??\D:\Jiangmin\AntiVirus\KSysTrace.sys><Jiangmin Co., Ltd.>
[KVFileGuard From Jiangmin / KVFileGuard][Running/Manual Start]
  <\??\D:\Jiangmin\AntiVirus\KVfg.sys><Jiangmin Co., Ltd.>
[KVRedir From Jiangmin / KVRedir][Running/System Start]
  <\??\D:\Jiangmin\AntiVirus\KVREDIR.SYS><Jiangmin Co., Ltd.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[Netpas Win32 Virtual Network Adapter / netpasadapter1][Stopped/Manual Start]
  <system32\DRIVERS\netpas.sys><Netpas>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[Jiangmin AntiVirus Software - System Guard / SysGuard][Running/Boot Start]
  <\SystemRoot\system32\Drivers\SysGuard.sys><Jiangmin Co., Ltd.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Invoke Class]
  {EC42C204-B7C5-4e0e-BF8F-690D278018C1} <C:\WINDOWS\system32\995a.dll, >
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\Jiangmin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, (Signed) Tencent Corporation>
[KVFileUpdate Class]
  {CA234A53-E68D-44D5-A07C-481C051D0C7B} <C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {001CF5E9-4000-4287-8E58-1770E7FB0B07} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[]
  {0C7C23EF-A848-485B-873C-0ED954731014} <, >
[]
  {0E0A0CA7-FB0E-44AB-AEBA-6025B0F530A0} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, >
[UTPKES Control]
  {94BE7FE8-CF75-4FD3-8A41-9D5FE7135511} <c:\sdbocx\UTPKES.ocx, 广州科友科技股份有限公司>
[]
  {9963387B-212E-4643-B207-82DAEA0E713D} <, >
[]
  {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} <, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(739).dll, ShenZhen Thunder Networking Technologies Ltd.>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, (Signed) Tencent Corporation>
[]
  {C5E87A05-F463-4841-B19E-DD3EC3862368} <, >
[]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <, >
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D2517915-48CE-4286-970F-921E881B8C5C} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <, >
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Computer, Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {EE12D60D-AD9A-4095-B839-3BE6862679FD} <, >
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.739.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(739).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, (Signed) RealNetworks, Inc.>
[RegisterHelper Class]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <D:\Jiangmin\AntiVirus\UrlGuard.dll, (Signed) Jiangmin Co., Ltd.>
[使用快车(FlashGet2)下载]
  <C:\Program Files\FlashGetX\FGX_LINK.HTM, N/A>
[使用快车(FlashGet2)下载全部链接]
  <C:\Program Files\FlashGetX\FGX_ALL.HTM, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 500 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
[PID: 956 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
[PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
[PID: 1580 / 哑巴][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [D:\Jiangmin\AntiVirus\KsPec.dll]  [Jiangmin Co., Ltd., 1, 0, 8, 317]
    [D:\Jiangmin\common\KvTrust.dll]  [Jiangmin Co., Ltd., 10, 0, 8, 326]
    [D:\Jiangmin\common\KvTools.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 1224]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\Jiangmin\common\KvTrustInit.dll]  [Jiangmin Co., Ltd., 11, 0, 8, 327]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8456]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8456]
    [D:\Jiangmin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 2, 0, 7, 1018]
    [D:\Jiangmin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [E:\浩方对战平台\FNWar3.dll]  [上海浩方在线信息技术有限公司, 4. 8. 3. 0]
[PID: 1708 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.0.28.0]
[PID: 1720 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,4,12]
[PID: 1808 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8456]
[PID: 1864 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe]  [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
[PID: 2000 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 776 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1324 / 哑巴][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
[PID: 1380 / 哑巴][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 2, 0, 9]
[PID: 1436 / 哑巴][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 7.7.0.43]
    [C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 7.7.0.30]
    [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 7.7.0.43]
    [C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.5 (861)]
    [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 7, 8, 118, 0]
[PID: 1552 / 哑巴][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6, 0, 0, 20]
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 0, 012]
[PID: 1568 / 哑巴][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2248 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 7.7.0.43]
    [C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 7.7.0.30]
    [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 7.7.0.43]
[PID: 3140 / 哑巴][C:\Program Files\Tencent\TT\bin\TTraveler.exe]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTUtilWidget.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\TT\bin\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\TT\bin\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\TT\bin\TTStore.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\sqlite3.dll]  [N/A, ]
    [C:\Program Files\Tencent\TT\bin\PlatformWidget.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTMainFrame.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTMBrowser.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTabMgr.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTPluginMng.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\Plugins\3TTWeather\TTWeather.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
    [C:\Program Files\Tencent\TT\bin\TTSkin.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\FavoriteLogical.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TSupport.dll]  [TENCENT Inc., 1, 2, 11, 201]
    [C:\Program Files\Tencent\TT\bin\TTHtmlApp.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTFilter.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\TTNetwork.dll]  [Tencent, 4, 7, 0, 10]
    [C:\Program Files\Tencent\TT\bin\UpdateUtil.dll]  [N/A, ]
    [D:\Jiangmin\AntiVirus\UrlGuard.dll]  [Jiangmin Co., Ltd., 1, 0, 8, 204]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [D:\Jiangmin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 8, 514]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\Jiangmin\AntiVirus\KVAddrDb.dll]  [Jiangmin Co., Ltd., 11, 0, 7, 1015]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 3776 / 哑巴][E:\浩方对战平台\GameClient.exe]  [上海浩方在线信息技术有限公司, 4.8.3.530]
    [E:\浩方对战平台\GameShell.dll]  [上海浩方在线信息技术有限公司, 4.8.3.0]
    [E:\浩方对战平台\Proxy.dll]  [上海浩方在线信息技术有限公司, 4.8.0.0]
    [E:\浩方对战平台\MFC42.DLL]  [Microsoft Corporation, 6.02.4131.0]
    [E:\浩方对战平台\MeteorCheck.dll]  [N/A, ]
    [E:\浩方对战平台\ComCtrlLib.dll]  [上海浩方在线信息技术有限公司, 4.8.1.0]
    [E:\浩方对战平台\SkinPlusPlusDLL.dll]  [上海浩方在线信息技术有限公司, 4.8.1.0]
    [E:\浩方对战平台\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [E:\浩方对战平台\GameData.dll]  [上海浩方在线信息技术有限公司, 4.8.1.0]
    [E:\浩方对战平台\UserAvatar.dll]  [上海浩方在线信息技术有限公司, 4.8.0.0]
    [E:\浩方对战平台\IShowSocket.dll]  [上海浩方在线信息技术有限公司, 4.8.0.0]
    [E:\浩方对战平台\SystemInfo.dll]  [N/A, ]
    [E:\浩方对战平台\HFIM.dll]  [上海浩方在线信息技术有限公司, 4.8.3.0]
    [E:\浩方对战平台\EzImClientModule.dll]  [SNDA, 1.0.0.13]
    [E:\浩方对战平台\UDPStream.dll]  [SNDA, 1.0.0.5]
    [E:\浩方对战平台\NetLib.dll]  [SNDA, 1.0.0.5]
    [E:\浩方对战平台\UserData.dll]  [N/A, ]
    [E:\浩方对战平台\UserList.dll]  [N/A, ]
    [E:\浩方对战平台\UserAccount.dll]  [N/A, ]
    [E:\浩方对战平台\HFUShell.dll]  [上海浩方在线信息技术有限公司, 1.0.0.12]
    [E:\浩方对战平台\SDUCore.dll]  [Shanda Networking Co.,Ltd, 1.0.0.11]
    [E:\浩方对战平台\HFWordCheck.dll]  [上海浩方在线信息技术有限公司, 1.0.0.4]
    [E:\浩方对战平台\GameRes.dll]  [上海浩方在线信息技术有限公司, 4.8.3.0]
    [E:\浩方对战平台\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\浩方对战平台\RICHED20.dll]  [Microsoft Corporation, 5.30.23.1205]
    [E:\浩方对战平台\AdsManager.dll]  [上海浩方在线信息技术有限公司, 4.8.0.0]
    [D:\Jiangmin\AntiVirus\UrlGuard.dll]  [Jiangmin Co., Ltd., 1, 0, 8, 204]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [D:\Jiangmin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 8, 514]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\Jiangmin\AntiVirus\KVAddrDb.dll]  [Jiangmin Co., Ltd., 11, 0, 7, 1015]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
    [E:\浩方对战平台\FNWar3.dll]  [上海浩方在线信息技术有限公司, 4. 8. 3. 0]
    [E:\浩方对战平台\GHDx8.dll]  [, 1, 8, 5, 8]
    [E:\浩方对战平台\GGWAR3.dll]  [, 1, 8, 2, 22]
[PID: 1344 / 哑巴][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\c9a.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]
    [D:\Jiangmin\AntiVirus\UrlGuard.dll]  [Jiangmin Co., Ltd., 1, 0, 8, 204]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 717]
    [D:\Jiangmin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 8, 514]
    [C:\WINDOWS\system32\kvinstall.dll]  [Jiangmin Co.,Ltd, 2, 0, 7, 831]
    [D:\Jiangmin\AntiVirus\KVAddrDb.dll]  [Jiangmin Co., Ltd., 11, 0, 7, 1015]
[PID: 2700 / 哑巴][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\浩方对战平台\FNWar3.dll]  [上海浩方在线信息技术有限公司, 4. 8. 3. 0]
[PID: 2408 / 哑巴][C:\DOCUME~1\哑巴\LOCALS~1\Temp\Rar$EX00.813\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 2068 / 哑巴][C:\DOCUME~1\哑巴\LOCALS~1\Temp\Rar$EX00.813\SREd15a9870.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [E:\浩方对战平台\FNWar3.dll]  [上海浩方在线信息技术有限公司, 4. 8. 3. 0]
    [C:\DOCUME~1\哑巴\LOCALS~1\Temp\Rar$EX00.813\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,4,12]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1380, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2408, C:\DOCUME~1\哑巴\LOCALS~1\TEMP\RAR$EX00.813\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]