[CODE]

2008-09-02,23:05:37

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [奇虎网]
    <HBService><explore.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><mduaey.dll lensch.dll cupops.dll wllame.dll johandy.dll comboaus.dll biroas.dll eskisl.dll catower.dll,aaa.dll,HBmhly.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\yudyymvw.dll>  []
    <{E560642D-A32D-432c-9E7E-9A135CC37E0F}><C:\WINDOWS\system32\kbdgrms.dll>  []
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{DA56B183-A731-402b-9235-2CB8803E212D}><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <{A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9}><C:\WINDOWS\system32\nwapi32dj.dll>  []
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{00180018-0018-0018-0018-00180018BB15}><C:\WINDOWS\system32\mstimewd.dll>  []
    <{9FD45A54-9875-698F-E56E-65102358FDF9}><C:\WINDOWS\Fonts\apsghjba.dll>  []
    <{48691221-F05C-4AB4-B9D0-50D6D36CC27F}><C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987>  []
    <{730B78A6-9B9C-4C44-8645-1873BDCFD3B1}><730B78A6.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <yudyymvw.dll><C:\WINDOWS\system32\yudyymvw.dll>  []
    <kbdgrms.dll><C:\WINDOWS\system32\kbdgrms.dll>  []
    <dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll>  []
    <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll>  []
    <tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll>  []
    <nwapi32dj.dll><C:\WINDOWS\system32\nwapi32dj.dll>  []
    <xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll>  []
    <certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll>  []
    <lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll>  []
    <mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll>  []
    <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{b746f5d7-3fce-8413-8413-40df8e602a87}]
    <N/A><C:\WINDOWS\system32\gyvrkemuk\svchost.exe /t>  []

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Google Updater Service / gusvc][Stopped/Disabled]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>

==================================
驱动程序
[Service for Avance AC'97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver / DM9102][Running/Manual Start]
  <system32\DRIVERS\DM9PCI5.SYS><CNet Technology, Inc.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[iXPT / iXPT][Running/Manual Start]
  <\??\C:\WINDOWS\system32\iXPT.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\xunlei\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {48691221-F05C-4AB4-B9D0-50D6D36CC27F} <C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\xunlei\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\xunlei\Thunder.exe, Thunder Networking Technologies,LTD>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
  {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\xunlei\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Microsoft Office Template and Media Control]
  {02BCC737-B171-4746-94C9-0D8A0B2C0089} <E:\office\OFFICE11\IEAWSDC.DLL, (Signed) >
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, (Signed) Sohu.com Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, (Signed) Microsoft Corporation>
[]
  {166B1BCA-3F9C-11CF-8075-444553540000} <, >
[]
  {17492023-C23A-453E-A040-C7C580BBF700} <, >
[IESuperHelper]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC1} <C:\PROGRA~1\IESuper\iesuper.dll, N/A>
[]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <, >
[SSReaderPlug]
  {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\system32\ssreaderplug.dll, (Signed) 北京超星>
[]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[]
  {32D72994-45B9-42B5-8980-FB561D1BE2D0} <, >
[]
  {339C1EE2-1029-46B8-81F1-360217F26FC4} <, >
[]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <E:\office\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\xunlei\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {48691221-F05C-4AB4-B9D0-50D6D36CC27F} <C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987, N/A>
[]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, N/A>
[]
  {59BC54A2-56B3-44A0-93E5-432D58746E26} <, >
[]
  {5D73EE86-05F1-49ED-B850-E423120EC338} <, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[HanGamePluginCn18 Class]
  {61F5C358-60FB-4A23-A312-D2B556620F20} <C:\WINDOWS\downloaded program files\hangameplugincn18.dll, >
[]
  {6354ABE6-05F1-49ED-B850-E423120EC338} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\xunlei\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\xunlei\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[IETimeBehaviorFactory Class]
  {A4639D29-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation>
[IEAnimBehaviorFactory Class]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, (Signed) Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.63.(905).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[GlobalLink Chat Control]
  {AE93C5DF-A990-11D1-AEBD-5254ABDD2B69} <e:\Game\Share\GLChat.ocx, (Signed) GlobalLink>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[]
  {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, (Signed) Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, (Signed) Tencent Corporation>
[GLWebAvt Control]
  {C14D003A-DA41-4FEE-8204-62A94EAA29D1} <e:\Game\share\GLWebAvt.ocx, (Signed) >
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <, >
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <, >
[]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, >
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, N/A>
[]
  {ECF2E268-F28C-48D2-9AB7-8F69C11CCB71} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(905).dll, Xunlei Networking Technologies,LTD>
[IEDown Class]
  {F917534D-535B-416B-8E8F-0C04756C31A8} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <, >
[]
  {FFB2385E-E812-4091-8C12-2370DC67F769} <, >
[使用迅雷下载]
  <E:\xunlei\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\xunlei\Program\getallurl.htm, N/A>
[导出当前页到超星阅览器(&A)]
  <C:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <C:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 6.0.000]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll]  [Adobe Systems Incorporated., 6.0.0.2003051500]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1360 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [E:\xunlei\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [E:\xunlei\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [E:\xunlei\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [E:\xunlei\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\apsghjba.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
    [E:\yasuorar\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 1672 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
[PID: 1684 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
[PID: 392 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3912 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
[PID: 1828 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL]  [Microsoft Corporation, 3.00.8449]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1606, 6690]
    [E:\xunlei\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [E:\xunlei\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [E:\xunlei\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [E:\xunlei\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\Fonts\apsghjba.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
[PID: 1380 / Administrator][C:\WINDOWS\已释放的2.6.12.1018\SRE9d2c65c3.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\yudyymvw.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwapi32dj.dll]  [N/A, ]
    [C:\WINDOWS\system32\xolehlpjh.dll]  [N/A, ]
    [C:\WINDOWS\system32\certmgrkd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\tscfgwmijxsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\kbdgrms.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\imgutilhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\730B78A6.dll]  [N/A, ]
    [C:\WINDOWS\已释放的2.6.12.1018\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1   www.17l73.com
127.0.0.1   tl.17l73.com
127.0.0.1   chibi.17l73.com
127.0.0.1   wl.17l73.com
127.0.0.1   w2i.17l73.com
127.0.0.1   zhuxian.17l73.com
127.0.0.1   moyu.17l73.com
127.0.0.1   wow.17l73.com
127.0.0.1   158pkk1599.com
127.0.0.1   wangba8866.com
127.0.0.1   user.feistng.cn
127.0.0.1   user.comgome.cn
127.0.0.1   aboutdr.cn
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1  p.etimes888.com
127.0.0.1  hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 down.nihao29.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1   down.nihao29.cn
127.0.0.1   www.mzd020.cn
127.0.0.1   jzm015.cn
127.0.0.1   down.hs7yue.cn
127.0.0.1   new.doups.cn
127.0.0.1   w.qq-uc.cn
127.0.0.1   down.nihao69.cn
127.0.0.1   www.rty456.cn
127.0.0.1   www.werqwer.cn
127.0.0.1   www.jjyyzmj.cn
127.0.0.1   1.360-1.cn
127.0.0.1   5.360-5.cn
127.0.0.1   user1.23-16.net
127.0.0.1   user1.23-18.net
127.0.0.1   www.guccia.net
127.0.0.1   www.interoo.net
127.0.0.1   upa.netsool.net
127.0.0.1   pua.lianxiac.net
127.0.0.1   js.users.51.la
127.0.0.1   vip2.51.la
127.0.0.1   web.51.la
127.0.0.1   user1.23-21.net
127.0.0.1   www.skpoot.net
127.0.0.1   user1.kao-360.net
127.0.0.1   user1.23-22.net
127.0.0.1   www.keysooa.net

==================================
进程特权扫描
N/A

==================================
API HOOK
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x001354AC)

==================================
隐藏进程
N/A

==================================


[/CODE]