[CODE]
2008-05-31,00:34:26
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <AutoKill><C:\Documents and Settings\Administrator\桌面\USBkill-v4.0\USBkill-v4.0\USBkill-v4.0\usbkill.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><d:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"F:\系统文件\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <Storm2Set><; C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv>  [北京暴风网际科技有限公司]
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><F:\系统文件\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[BoBoTurbo / BoBoTurbo][Running/Auto Start]
  <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe><广州易播信息科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
  <C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
==================================
驱动程序
[000cd631 / 000cd631][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000cd631.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2A6.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
==================================
浏览器加载项
[QQCycloneHelper Class]
  {01443AD9-0FD1-40FD-9C87-E93D1494C233} <F:\旋窝\QQIEHelper02.dll, 腾讯公司>
[Thunder Browser Helper]
  {01443ADA-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\9899\Thunder.exe, Thunder Networking Technologies,LTD>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[QQCycloneHelper Class]
  {01443AD9-0FD1-40FD-9C87-E93D1494C233} <F:\旋窝\QQIEHelper02.dll, 腾讯公司>
[Thunder Browser Helper]
  {01443ADA-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[QvodCtrl Class]
  {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
[&使用超级旋风下载]
  <F:\旋窝\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <F:\旋窝\getAllurl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Tencent Traveler4.0; Windows NT 5.1; SV1; QQDownload 1.7)

==================================
正在运行的进程
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1792 / Administrator][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [VM, 4.2.711.31]
[PID: 1820 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 1896 / SYSTEM][C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe]  [广州易播信息科技有限公司, 1, 4, 1011, 2]
[PID: 1960 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9136]
[PID: 184 / SYSTEM][C:\Program Files\QvodPlayer\QvodTerminal.exe]  [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
[PID: 224 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1904 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1804 / Administrator][E:\Program Files\Tencent\qq\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 2004 / Administrator][F:\2008传美\qq\QQ.exe]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQBaseClassInDll.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQHelperDll.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\BasicCtrlDll.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [F:\2008传美\qq\MSIMG32.dll]  [N/A, ]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [F:\2008传美\qq\FinePlus.dll]  [N/A, ]
    [F:\2008传美\qq\fphelper.dll]  [N/A, ]
    [F:\2008传美\qq\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [F:\2008传美\qq\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [F:\2008传美\qq\QQAPI.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\LoginCtrl.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\LoginCtrlRes.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQRes.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQMainFrame.dll]  [N/A, ]
    [F:\2008传美\qq\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\2008传美\qq\QQPlugin.dll]  [N/A, ]
    [F:\2008传美\qq\UnReadMsgMgr.dll]  [N/A, ]
    [F:\2008传美\qq\CQQApplication.dll]  [N/A, ]
    [F:\2008传美\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\2008传美\qq\NewSkin.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\MailSummary.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQSpace.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\vbscript.dll]  [N/A, ]
    [F:\2008传美\qq\encode.dll]  [Microsoft Corporation, 5.6.0.8825]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\2008传美\qq\QQKnowledgeSearch.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\OEMApplication.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQGroupMng.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQAvatar.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\2008传美\qq\QQAllInOne.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [F:\2008传美\qq\CameraDll.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQSysMsgMng.dll]  [N/A, ]
    [F:\2008传美\qq\UserDefinedHead.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQConfigPlugin.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQCustomFace.dll]  [N/A, ]
    [F:\2008传美\qq\QRingMng.dll]  [N/A, ]
    [F:\2008传美\qq\QQPet.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\LongConnection.dll]  [TENCENT, 8,0,776,1805]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [F:\2008传美\qq\BQQApplication.dll]  [N/A, ]
    [F:\2008传美\qq\PersonalDesktop.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\CommercesMng.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [F:\2008传美\qq\QQSceneMng.dll]  [N/A, ]
    [F:\2008传美\qq\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 0, 1, 10]
    [F:\2008传美\qq\QQLiveQMng.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\QQMagicFace.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\GroupConnection.dll]  [TENCENT, 8,0,776,1805]
    [F:\2008传美\qq\ImageOle.dll]  [TENCENT, 8,0,776,1805]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 1692 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [F:\旋窝\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1688 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 3552 / Administrator][F:\系统文件\TT浏览器3.8\bin\TTraveler.exe]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTUtilWidget.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [F:\系统文件\TT浏览器3.8\bin\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [F:\系统文件\TT浏览器3.8\bin\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [F:\系统文件\TT浏览器3.8\bin\detoured.dll]  [Microsoft Corporation, Express Version 2.1 Build_216]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [F:\系统文件\TT浏览器3.8\bin\TTStore.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\sqlite3.dll]  [N/A, ]
    [F:\系统文件\TT浏览器3.8\bin\PlatformWidget.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTMainFrame.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTMBrowser.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTabMgr.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTPluginMng.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\Plugins\3TTWeather\TTWeather.dll]  [TODO: <公司名>, 1.0.0.1]
    [F:\系统文件\TT浏览器3.8\bin\TTSkin.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\vbscript.dll]  [Microsoft Corporation, 5.7.0.16535]
    [F:\系统文件\TT浏览器3.8\bin\FavoriteLogical.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTHtmlApp.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTFilter.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TTNetwork.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\UpdateUtil.dll]  [N/A, ]
    [F:\系统文件\TT浏览器3.8\bin\TTSidebar.dll]  [Tencent, 4, 3, 0, 65]
    [F:\系统文件\TT浏览器3.8\bin\TSupport.dll]  [TENCENT Inc., 1, 2, 11, 201]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3592 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX03.594\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX03.594\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  www.cike007.cn
127.0.0.1  www.exiao01.com
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  up.22x44.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1792, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1688, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

删去启动文件：
C:\WINDOWS\system32\msdmo.dll
删除驱动程序：
000cd631.sys
\??\C:\WINDOWS\system32\Drivers\000cd631.sys

建议用XDelBox删除。
删除重启后使用SREng修复或者金山清理。

建议用清理软件，清理下电脑上的垃圾文件。IE缓存，和没用注册表。