[CODE]

2009-07-29,23:24:52

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - ¹ÜÀíÈ¨ÏÞÓÃ»§ - ÍêÕû¹¦ÄÜ

ÒÔÏÂÄÚÈÝ±»Ñ¡ÖÐ£º
    ËùÓÐµÄÆô¶¯ÏîÄ¿£¨°üÀ¨×¢²á±í¡¢Æô¶¯ÎÄ¼þ¼Ð¡¢·þÎñµÈ£©
    ä¯ÀÀÆ÷¼ÓÔØÏî
    ÕýÔÚÔËÐÐµÄ½ø³Ì£¨°üÀ¨½ø³ÌÄ£¿éÐÅÏ¢£©
    ÎÄ¼þ¹ØÁª
    Winsock Ìá¹©Õß
    Autorun.inf
    HOSTS ÎÄ¼þ
    ½ø³ÌÌØÈ¨É¨Ãè
    ¼Æ»®ÈÎÎñ
    API HOOK
    Òþ²Ø½ø³Ì


Æô¶¯ÏîÄ¿
×¢²á±í
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Antispy ARP><E:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <KavStart><"E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
    <360Safebox><; "C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><"E:\360°²È«ÎÀÊ¿\360safe\safemon\360tray.exe" /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <ä¯ÀÀÆ÷×Ô¶¨Òå×é¼þ><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Í¨Ñ¶²¾ 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows ×ÀÃæ¸üÐÂ><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

==================================
Æô¶¯ÎÄ¼þ¼Ð
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>
[Utility Tray]
  <C:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\Utility Tray.lnk --> C:\WINDOWS\system32\sistray.exe [Silicon Integrated Systems Corporation]><N>

==================================
·þÎñ
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[BoBoTurbo / BoBoTurbo][Running/Auto Start]
  <C:\WINDOWS\system32\boboturbo\boboturbo.exe><¹ãÖÝÒ×²¥ÐÅÏ¢¿Æ¼¼ÓÐÏÞ¹«Ë¾>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <E:\±©·ç\Storm Codec\stormliv.exe /asservice><±±¾©±©·çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹«Ë¾>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start]
  <E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\KSWebShield.exe><Kingsoft Corporation>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus XEngine Service / KxEServ][Running/Auto Start]
  <C:\Program Files\Common Files\Kingsoft\CommonService\kxeserv.exe><Kingsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
  <"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>

==================================
Çý¶¯³ÌÐò
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360°²È«ÖÐÐÄ>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[BFSDRV / BFSDRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360°²È«ÖÐÐÄ>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360°²È«ÖÐÐÄ>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><Ææ»¢Íø>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360°²È«ÖÐÐÄ>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[KAVAPIM / KAVAPIM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\kavapim.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVFM / KAVFM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\kavfm.sys><Kingsoft Corporation>
[KAVPM / KAVPM][Running/Boot Start]
  <\SystemRoot\system32\drivers\kavpm.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KAVUTY / KAVUTY][Running/Boot Start]
  <\SystemRoot\system32\drivers\kavuty.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[S3chipid / S3chipid][Stopped/Manual Start]
  <\??\C:\DOCUME~1\USER\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys><N/A>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360°²È«ÖÐÐÄ>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315][Stopped/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\E:\DNF\TesSafe.sys><TENCENT>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>

==================================
ä¯ÀÀÆ÷¼ÓÔØÏî
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQÐý·ç\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[AddTask Class]
  {24F06550-65E3-4D1C-8CFE-839C296B5530} <E:\ÐÂ½¨ÎÄ¼þ¼Ð\eREAD6.0\IEeREAD.dll, N/A>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <E:\ÐÂ½¨ÎÄ¼þ¼Ð\eREAD6.0\WebHook.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll, (Signed) 360.CN>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) ÖÐ¹ú¹¤ÉÌÒøÐÐ>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Æô¶¯Ñ¸À×5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[ÐÅÏ¢¼ìË÷(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[kt88]
  {{DD1A363E-7803-4d06-923D-367BEE305F94} <http://Www.kt88.net, N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {41564D57-9980-0010-8000-00AA00389B71} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) ÌÚÑ¶¿Æ¼¼£¨ÉîÛÚ£©ÓÐÏÞ¹«Ë¾>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQÐý·ç\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[AddTask Class]
  {24F06550-65E3-4D1C-8CFE-839C296B5530} <E:\ÐÂ½¨ÎÄ¼þ¼Ð\eREAD6.0\IEeREAD.dll, N/A>
[DHTML Edit Control Safe for Scripting]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\DHTMLED.OCX, (Signed) Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\BT\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll, (Signed) Kingsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <E:\ÐÂ½¨ÎÄ¼þ¼Ð\eREAD6.0\WebHook.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin19.dll, (Signed) ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360°²È«ÎÀÊ¿\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5814.165.(171).dll, (Signed) ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[WebVGPlayer Class]
  {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\Program Files\KT88\VGPlayer.dll, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5814.165.(171).dll, (Signed) ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll, (Signed) 360.CN>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) ÖÐ¹ú¹¤ÉÌÒøÐÐ>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) ÌÚÑ¶¿Æ¼¼£¨ÉîÛÚ£©ÓÐÏÞ¹«Ë¾>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[ReportEngine Control]
  {EA8E5DF3-7E85-4286-B07A-11650AE4ED5E} <c:\taxClient\ReportEngineM.ocx, stdsoft>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.428.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.58130.251.(170).dll, (Signed) ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&Ê¹ÓÃBitCometÏÂÔØ]
  <res://E:\BT\BitComet\BitComet.exe/AddLink.htm, N/A>
[&Ê¹ÓÃBitCometÏÂÔØÈ«²¿Á´½Ó]
  <res://E:\BT\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&Ê¹ÓÃBitCometÏÂÔØ±¾Ò³ÊÓÆµ]
  <res://E:\BT\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&Ê¹ÓÃ³¬¼¶Ðý·çÏÂÔØ]
  <D:\QQÐý·ç\geturl.htm, N/A>
[&Ê¹ÓÃ³¬¼¶Ðý·çÏÂÔØÈ«²¿Á´½Ó]
  <D:\QQÐý·ç\getAllurl.htm, N/A>
[&Ê¹ÓÃ³¬¼¶Ðý·çÏÂÔØ±¾Ò³ÊÓÆµ]
  <D:\QQÐý·ç\geturlflv.htm, N/A>
[Ê¹ÓÃiTudouÏÂÔØ½ÚÄ¿]
  <E:\Program Files\Tudou\iTudou\iTudou_Link.HTM, N/A>
[Ê¹ÓÃÑ¸À×ÏÂÔØ]
  <E:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[Ê¹ÓÃÑ¸À×ÏÂÔØÈ«²¿Á´½Ó]
  <E:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[µ¼³öµ½ Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Ìí¼Óµ½QQ±íÇé]
  <D:\QQ\AddEmotion.htm, N/A>

==================================
ÕýÔÚÔËÐÐµÄ½ø³Ì
[PID: 656 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 956 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1112 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1224 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1372 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1392 / USER][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\ktaskbar.dll]  [Kingsoft Corporation, 2009,03,11,790]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 20]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 16]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL]  [Kingsoft Corporation, 2008,07,09,459]
    [D:\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [D:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1740 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzll4pi.dll]  [Hewlett-Packard Company, 60.061.243.00]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll]  [Hewlett-Packard Corporation, 60.061.243.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1816 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1848 / SYSTEM][C:\WINDOWS\system32\boboturbo\boboturbo.exe]  [¹ãÖÝÒ×²¥ÐÅÏ¢¿Æ¼¼ÓÐÏÞ¹«Ë¾, 1, 4, 1011, 2]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1940 / SYSTEM][E:\±©·ç\Storm Codec\stormliv.exe]  [±±¾©±©·çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹«Ë¾, 3, 8, 3, 15]
    [E:\±©·ç\Storm Codec\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 2004 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe]  [N/A, ]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 292 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.130.3]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 348 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe]  [HP, 10, 1, 1, 6]
[PID: 412 / SYSTEM][C:\Program Files\CyberLink\Shared Files\RichVideo.exe]  [, 2.0.0929  ]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 904 / USER][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.45]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 924 / USER][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3924]
[PID: 976 / USER][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
[PID: 964 / USER][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.130.3]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1164 / USER][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 1036 / USER][E:\Program Files\Kingsoft\Antiarp\KASArp.EXE]  [Kingsoft Corporation, 2008,01,24,160]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [E:\Program Files\Kingsoft\Antiarp\kantiarpdevc.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [E:\Program Files\Kingsoft\Antiarp\NetConfig.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 1204 / USER][C:\WINDOWS\system32\sistray.exe]  [Silicon Integrated Systems Corporation, 0.0.0.3720]
    [C:\WINDOWS\system32\SiSApCom.dll]  [Silicon Integrated Systems Corporation, 0.0.0.3720]
    [C:\WINDOWS\system32\SiSBase.dll]  [Silicon Integrated Systems Corporation, 6.14.10.3720]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 2320 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
[PID: 2732 / USER][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
[PID: 1928 / USER][E:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 0, 2082]
    [E:\Program Files\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 107]
    [E:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 351]
    [E:\Program Files\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4030]
    [E:\Program Files\Maxthon2\MxExt.dll]  [N/A, ]
    [E:\Program Files\Maxthon2\MxUI.dll]  [Maxthon International, 3, 2, 2, 16]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kwsui.dll]  [Kingsoft Corporation, 2009,07,01,132]
    [E:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [E:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [E:\Program Files\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 92]
    [E:\Program Files\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1187]
    [E:\Program Files\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.1.0.2303]
[PID: 3296 / USER][C:\Program Files\Real\RealPlayer\RealPlay.exe]  [RealNetworks, Inc., 11.0.0.446]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll]  [RealNetworks, Inc., 7.0.2.49]
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.1.71]
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  [RealNetworks, Inc., 0.1.1.45]
    [C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll]  [RealNetworks, Inc., 6.0.14.0]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.10.45]
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  [RealNetworks, Inc., 0.1.1.45]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll]  [RealNetworks, Inc., 7.0.1.70]
    [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll]  [RealNetworks, Inc., 7.0.1.45]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
    [C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  [ , 10.0.1.64]
[PID: 3520 / USER][E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 5.8.14.706]
    [E:\Program Files\Thunder Network\Thunder\Program\BugReport.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 4, 1, 20]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [E:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 3, 11, 75]
    [E:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 4, 2, 341]
    [E:\Program Files\Thunder Network\Thunder\Program\mp.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 5]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\Program Files\Thunder Network\Thunder\Program\XLCrypto.dll]  [N/A, ]
    [E:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 4, 2, 34]
    [E:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]
    [E:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 5, 2, 25]
    [E:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 1, 1, 13]
    [E:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 12, 30]
    [E:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 1, 2, 30]
    [E:\Program Files\Thunder Network\Thunder\Program\zlib1.dll]  [, 1.2.3]
    [E:\Program Files\Thunder Network\Thunder\Program\emule_shell.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 12]
    [E:\Program Files\Thunder Network\Thunder\Program\p2sp_pd.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 2, 0, 2, 46]
    [E:\Program Files\Thunder Network\Thunder\Program\fs.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 1, 2, 20]
    [E:\Program Files\Thunder Network\Thunder\Program\ptl.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 2, 3, 57]
    [E:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 1, 2, 4]
    [E:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 9]
    [E:\Program Files\Thunder Network\Thunder\Program\p2sp.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 1, 2, 69]
    [E:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 44]
    [E:\Program Files\Thunder Network\Thunder\Program\p2p.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1,1,2,51]
    [E:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1,1,2,13]
    [E:\Program Files\Thunder Network\Thunder\Program\xldc.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 4, 0, 2, 28]
    [E:\Program Files\Thunder Network\Thunder\Program\stream.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 2, 1, 2, 1046]
    [E:\Program Files\Thunder Network\Thunder\Program\p2p_network_com.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 25]
    [E:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1,1,2,19]
    [E:\Program Files\Thunder Network\Thunder\Program\bt_shell.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 8]
    [E:\Program Files\Thunder Network\Thunder\Program\al.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1,1,2,35]
    [E:\Program Files\Thunder Network\Thunder\Program\media_data.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 7]
    [E:\Program Files\Thunder Network\Thunder\Program\sl.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.2.2]
    [E:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 4, 35]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [E:\Program Files\Thunder Network\Thunder\Components\youyou\Youyou.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.1.0.2]
    [E:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3.0.2.18]
    [E:\Program Files\Thunder Network\Thunder\Program\XLI18N.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 1]
    [E:\Program Files\Thunder Network\Thunder\Components\Community\VipResource.dll]  [N/A, ]
    [E:\Program Files\Thunder Network\Thunder\Program\http.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.2.5]
    [E:\Program Files\Thunder Network\Thunder\Components\Community\XLCP.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.2.6]
    [E:\Program Files\Thunder Network\Thunder\Components\Community\XLUser.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.2.8]
    [E:\Program Files\Thunder Network\Thunder\Components\Community\XLBlog.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.2.10]
    [E:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 4, 12, 125]
    [E:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed22.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 4, 12, 125]
    [E:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 2]
    [E:\Program Files\Thunder Network\Thunder\Program\xldcsubtask.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 16]
    [E:\Program Files\Thunder Network\Thunder\Program\emule_id.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 12]
    [E:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 2, 1, 9, 113]
    [E:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 1]
    [E:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 6, 21]
    [E:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 1]
    [E:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 5, 1, 24]
    [E:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 2, 20, 108]
    [E:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKSAV\ThunderKSAV.dll]  [N/A, ]
    [E:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderKSAV\bin\XLScan.dll]  [Kingsoft Corporation, 2007,09,27,2]
    [E:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 1, 9, 28]
    [E:\Program Files\Thunder Network\Thunder\Components\Search\GGTipsRule.dll]  [N/A, ]
    [E:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 2, 4, 26]
    [E:\Program Files\Thunder Network\Thunder\Plugins\Xmp\XmpVip.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.0.4]
    [E:\Program Files\Thunder Network\Thunder\Plugins\NetGame\XLNetGame.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 2]
    [E:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrThunderHost.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.1.0.21]
    [E:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrKernel.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.1.0.15]
    [E:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.0.0.12]
    [E:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrUpdate.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1.1.0.12]
    [E:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 18]
    [E:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 4, 27]
    [E:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 3, 0, 3, 137]
    [E:\Program Files\Thunder Network\Thunder\Components\Tips\XLSkin.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 1, 3]
    [E:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 4, 0, 1, 42]
    [E:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 3, 5]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 30]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 0, 16]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 2, 0, 22]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 4, 1, 6]
    [E:\Program Files\Thunder Network\Thunder\Program\bt_kernel.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 10]
    [E:\Program Files\Thunder Network\Thunder\Program\emule_kernel.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 2, 2, 58]
    [E:\Program Files\Thunder Network\Thunder\Program\bd.dll]  [ÉîÛÚÊÐÑ¸À×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾, 1, 0, 2, 20]
[PID: 1408 / USER][C:\Documents and Settings\USER\×ÀÃæ\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 1048 / USER][C:\Documents and Settings\USER\×ÀÃæ\SREbaaa45ae.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [E:\360°²È«ÎÀÊ¿\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1020]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,06,15,929]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Program Files\Kingsoft\Kingsoft Internet Security 2008\webshield\kswebshield.dll]  [Kingsoft Corporation, 2009,07,09,136]
    [C:\WINDOWS\system32\GameLink.dll]  [www.Easy2Game.com, 17, 2, 6, 8]

==================================
ÎÄ¼þ¹ØÁª
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Ìá¹©Õß
Easy2Game-TCPChain
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-UDPChain
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-UDPChain
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-TCPChain
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-TCPFilter
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-UDPFilter
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-UDPFilter
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
Easy2Game-TCPFilter
    C:\WINDOWS\system32\GameLink.dll(www.Easy2Game.com, Easy2Game Service Provider)
xunyou over MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou
    C:\WINDOWS\system32\xunyount.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS ÎÄ¼þ
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  wg.47255.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
½ø³ÌÌØÈ¨É¨Ãè
ÌØÊâÌØÈ¨±»ÔÊÐí£º SeLoadDriverPrivilege [PID = 1928, E:\PROGRAM FILES\MAXTHON2\MAXTHON.EXE]
ÌØÊâÌØÈ¨±»ÔÊÐí£º SeLoadDriverPrivilege [PID = 1408, C:\DOCUMENTS AND SETTINGS\USER\×ÀÃæ\SRENGLDR.EXE]

==================================
¼Æ»®ÈÎÎñ
[ÒÑÆôÓÃ] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\410~1.230\PinyinRepair.exe 

==================================
API HOOK
N/A

==================================
Òþ²Ø½ø³Ì
N/A

==================================


[/CODE]