[CODE]

2009-07-14,13:24:16

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe">  [(Verified)Nero AG]
    <DAEMON Tools Lite><; "D:\DAEMON Tools\daemon.exe">  [(Verified)DAEMON Tools Code Signing Services]
    <H/PC Connection Agent><; "D:\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <PC Suite Tray><; "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
    <PPLiveVA><; C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0>  [File is missing]
    <PPS Accelerator><; D:\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
    <QQ2009><; "D:\QQ\Bin\QQ.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <WangWang><; "D:\WangWang\WangWang.exe">  [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <nod32kui><D:\ESET\nod32kui.exe /WAITSERVICE>  [Eset ]
    <MemEmpty><C:\Documents and Settings\Administrator\My Documents\MemEmpty.exe /h>  [www.jpexe.com]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <Microsoft Pinyin IME Migration><; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <NeroFilterCheck><; C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe>  [(Verified)Nero AG]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [File is missing]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [File is missing]
    <SoundMan><; soundman.exe>  [Avance Logic, Inc.]
    <SunJavaUpdateSched><; "C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Bonjour 服务 / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <D:\ESET\nod32krn.exe><Eset>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[amon / amon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ecxtolv / ecxtolv][Running/Boot Start]
  <\SystemRoot\system32\drivers\fjwee.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[nod32drv / nod32drv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\nod32drv.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Protector / Protector][Running/System Start]
  <system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\QQ\Tencent\QQPhotoDraw.dll, (Signed) TENCENT>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Java Plug-in 1.6.0_12]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[PowerCommit Control]
  {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} <C:\WINDOWS\DOWNLO~1\POWERE~1.OCX, (Signed) CSII>
[Java Plug-in 1.6.0_12]
  {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_12.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <D:\WangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[&U使用纳米机器人下载并收藏]
  <D:\NamiRobot\Data\du.html, N/A>
[&使用快车(FlashGet)下载]
  <, >
[&使用快车(FlashGet)下载全部链接]
  <, >
[使用迅雷下载]
  <D:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\QQ\Bin\AddEmotion.htm, N/A>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MAXTHON 2.0)

==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 968][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1164][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1204][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll]  [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1464][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1540][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1584][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe]  [N/A, ]
[PID: 1592][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]  [Nokia, 7, 1, 108, 0]
    [D:\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 1, 154, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [D:\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 7, 1, 69, 0]
    [D:\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 1, 21, 0]
    [C:\Documents and Settings\Administrator\My Documents\垃圾清理\垃圾清理\Erasext.dll]  [, 1.0.1.2]
    [C:\Documents and Settings\Administrator\My Documents\垃圾清理\垃圾清理\ERASER.dll]  [, 0.0.1.2]
    [D:\ESET\nodshex.dll]  [N/A, ]
    [D:\WinRAR\rarext.dll]  [, ]
    [D:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [D:\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll]  [Autodesk, 17.2.56.0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Common Files\Nero\DSFilter\NeVideo.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll]  [Nero AG, 1,3,4, 207]
    [C:\WINDOWS\system32\mpg2splt.ax]  [, ]
    [C:\Program Files\Common Files\Nero\DSFilter\NeMP4Splitter.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\PROGRA~1\COMMON~1\uusee\UFDeMux.ax]  [uusee, 2, 0, 0, 6]
    [C:\Program Files\Common Files\Nero\DSFilter\NeFLVSplitter.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\DSFilter\NeSplitter.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\DSFilter\NeOggSplitter.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\DSFilter\NeSubpicture.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\DSFilter\NeResize.ax]  [Nero AG, 5, 1, 4, 3]
    [C:\Program Files\Common Files\Nero\DSFilter\NeVideoHD.ax]  [Nero AG, 5, 1, 4, 3]
[PID: 1712][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.120.4]
    [C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
[PID: 1736][C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\opends60.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlsort.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\ums.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\PROGRA~1\MICROS~2\MSSQL\binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 1948][D:\ESET\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [D:\ESET\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_dmon.dll]  [N/A, ]
    [D:\ESET\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [D:\ESET\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_upd.dll]  [N/A, ]
[PID: 2016][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CNQU110.DLL]  [CANON INC., 1, 0, 3, 4]
    [C:\WINDOWS\system32\CNQL1213.DLL]  [CANON INC., 1.0.4.0]
[PID: 488][D:\ESET\nod32kui.exe]  [Eset , 2, 70, 39 ]
    [D:\ESET\nod32rui.dll]  [N/A, ]
    [D:\ESET\pu_amon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pu_dmon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_dmon.dll]  [N/A, ]
    [D:\ESET\pu_emon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_emon.dll]  [N/A, ]
    [D:\ESET\pu_imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [D:\ESET\pu_nod32.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pu_upd.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_upd.dll]  [N/A, ]
[PID: 1392][C:\Documents and Settings\Administrator\My Documents\MemEmpty.exe]  [www.jpexe.com, 1.00]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 1384][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1944][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2116][D:\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 5, 1250]
    [D:\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 250]
    [D:\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 414]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [D:\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4106]
    [D:\Maxthon2\MxExt.dll]  [N/A, ]
    [D:\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 9]
    [D:\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1267]
    [D:\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [D:\Maxthon2\Modules\MxGuardian\MxGuardian.dll]  [Maxthon International ltd., 1, 0, 0, 666]
    [D:\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 302]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
    [D:\Maxthon2\MxFav.dll]  [Maxthon International ltd., 2, 0, 0, 11]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\PROGRA~1\MICROS~2\MSSQL\BINN\SQLCTR80.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [D:\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 6, 0, 4, 42]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 2196][D:\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.8.6.600]
    [D:\Thunder\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [D:\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 10, 72]
    [D:\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 3, 2, 325]
    [D:\Thunder\Program\mp.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Thunder\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 3, 2, 28]
    [D:\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]
    [D:\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
    [D:\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [D:\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [D:\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 12, 30]
    [D:\Thunder\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 25]
    [D:\Thunder\Program\zlib1.dll]  [, 1.2.3]
    [D:\Thunder\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 43]
    [D:\Thunder\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 13]
    [D:\Thunder\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 29]
    [D:\Thunder\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 3, 2, 2, 35]
    [D:\Thunder\Program\dl_peer_id.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 3]
    [D:\Thunder\Program\xl_stat.dll]  [, 1, 1, 2, 6]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
    [D:\Thunder\Program\emule.dll]  [, 1, 1, 2, 32]
    [D:\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [D:\Thunder\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1,1,2,13]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [D:\Thunder\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,37]
    [D:\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 4, 0, 2, 28]
    [D:\Thunder\Program\stream.dll]  [Thunder Networking Technologies,LTD, 2, 1, 2, 397]
    [D:\Thunder\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1,1,2,18]
    [D:\Thunder\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,23]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 3, 4, 10, 117]
    [D:\Thunder\Components\InMedia\iEmbed19.dll]  [Thunder Networking Technologies,LTD, 3, 4, 10, 117]
    [D:\Thunder\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 2, 7, 61]
    [D:\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 5, 0, 90]
    [D:\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [D:\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Thunder\Program\imdt.dll]  [Thunder Networking Technologies,LTD, 1.2.0.21]
    [D:\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 2, 1, 5, 99]
    [D:\Thunder\Components\Security\ConfigManager.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
    [D:\Thunder\Components\Security\SafeManager.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
    [D:\Thunder\Components\Security\SafeStatistic.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\Thunder\Program\XLNetU.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [D:\Thunder\Components\Community\audioCtrl.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
    [D:\Thunder\Components\Community\xlaudio.dll]  [, 1, 0, 2, 4]
    [D:\Thunder\Program\xldcsubtask.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
    [D:\Thunder\Program\xlvdt.dll]  [Thunder Networking Technologies,LTD, 1.0.2.6]
    [D:\Thunder\Program\emule_id.dll]  [, 1, 0, 2, 11]
    [D:\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 7, 87]
    [D:\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
    [D:\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
    [D:\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
    [D:\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 14, 120]
    [D:\Thunder\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 4, 0, 0, 38]
    [D:\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
    [D:\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [D:\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [D:\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Thunder\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [D:\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 19]
[PID: 476][D:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 776][D:\sreng2\SRE500abb5b.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [D:\ESET\pr_imon.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 488, D:\ESET\NOD32KUI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1392, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MEMEMPTY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1392, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MEMEMPTY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2220, D:\ESET\NOD32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 476, D:\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        D:\搜狗输~1\411~1.237\PinyinRepair.exe
[已启用] AppleSoftwareUpdate.job
        C:\Program Files\Apple Software Update\SoftwareUpdate.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

更新一下

不知道您到底遇到了什么问题呢？在日志里暂时没有发现重要的问题啊！

NOD32之前总报两个文件有病毒，重启后也删不掉
但是生成日志的时候，我用IceSword把那两个文件都删了。
我怕还有问题。
多谢了，可以安心了，弄了我好几天都没祛掉

C:\windows\system32\drivers\fjwee.sys
疑似梅勒斯
找到压缩发上来
点我右下角的引用就知道怎么发了
SRENG编辑-启动项目-服务-驱动程序-勾选隐藏微软的XXX，然后执行删除：
[ecxtolv / ecxtolv][Running/Boot Start]
  <\SystemRoot\system32\drivers\fjwee.sys><N/A>

两个病毒文件我已经通过IceSword删除了，但是用SRENG找到了那个项，已经删除
万分感谢