各位给帮忙帮忙，单位上一个同事在别处拷贝回一个文件，然后就中毒5台机器。 Excel 文件打不开，一双击旁边就会出现一个 Excel 图标，后缀是.exe.exe。重新格的机器，然后再拷回文件还是出现这个病毒。各位帮帮小弟吧，我是什么方法都试了，专杀也用了，安全模式下也用了，还是不行。谢谢大家~~~~~~~~··

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

下载最新版本的SRENG工具：http://www.kztechs.com/sreng/download.html
操作方法可以看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx
1 下载的是压缩包，必须解压缩后再运行。
2 运行SREng***.EXE
3 选择主界面左边的：智能扫描=》扫描=》保存报告
4 把报告保存后，将日志以附件形式上传。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <Explorer><C:\WINDOWS\system32\drivers\suchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <KAV50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss>  [File is missing]
    <OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <KuGou><C:\Program Files\KuGou\KuGou2008\KuGoo.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{950D1600-DE4A-448D-93B4-7BAE5A7A8052}><950D1600.dll>  [N/A]
    <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll>  [N/A]
    <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll>  [N/A]
    <{14F7F80A-0FE7-4A24-83CC-639D42BE410C}><14F7F80A.dll>  [N/A]
    <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll>  [N/A]
    <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll>  [N/A]
    <{D7C79813-9233-4AE0-832C-99B2E8019673}><D7C79813.dll>  [N/A]
    <{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}><FFAE967F.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{06EA0A93-F850-4155-B819-BD0D9B5F25EE}><06EA0A93.dll>  [N/A]
    <{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll>  [N/A]
    <{DB2D9172-BDCF-432E-8AF3-8D2688F850DE}><DB2D9172.dll>  [N/A]
    <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll>  [N/A]
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  [N/A]
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\jzdvdrsm.dll>  []
    <{F8E07BB2-7A19-4057-80F1-E14646E630B4}><F8E07BB2.dll>  [N/A]
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  [N/A]
    <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  [N/A]
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  [N/A]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A]
    <{133AEAC9-9C88-4905-864C-38BBA312D9B0}><133AEAC9.dll>  [N/A]
    <{E44343AD-3605-4282-AC8F-2E41C2F5F398}><E44343AD.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <jzdvdrsm.dll><C:\WINDOWS\system32\jzdvdrsm.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.exe]
    <IFEO[AVP.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><ntsd -d>  [N/A]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KLBLMain / KLBLMain][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000><Kaspersky Lab>
[卡巴斯基网络代理 / klnagent][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe"><Kaspersky Lab>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[CdaC15BA / CdaC15BA][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><N/A>
[f28907d / f28907d][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\f28907d.sys><N/A>
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
  <System32\Drivers\FTCkillfile.sys><N/A>
[FTCProtect / FTCProtect][Stopped/Manual Start]
  <System32\Drivers\FTCProtect.sys><N/A>
[FTCProTime / FTCProTime][Stopped/Manual Start]
  <System32\Drivers\FTCProTime.sys><N/A>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Klif / Klif][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/Boot Start]
  <\SystemRoot\system32\Drivers\klmc.sys><Kaspersky Lab>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[ViBus / ViBus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[ShowBarEx Class]
  {921E9F11-9DE0-4EC9-8C6C-E038A34AA37C} <C:\PROGRA~1\STOCK0~1\STOCK0~1.DLL, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[证券工具]
  {DF917FDD-793C-4159-8269-757DB3AD4FAE} <C:\PROGRA~1\STOCK0~1\STOCK0~1.DLL, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[ShowBarEx Class]
  {921E9F11-9DE0-4EC9-8C6C-E038A34AA37C} <C:\PROGRA~1\STOCK0~1\STOCK0~1.DLL, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\DapCtrl1.5.578.28.824.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, (Signed) Adobe Systems, Inc.>
[证券工具]
  {DF917FDD-793C-4159-8269-757DB3AD4FAE} <C:\PROGRA~1\STOCK0~1\STOCK0~1.DLL, >
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.578.69.823.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, (Signed) Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

正在运行的进程
[PID: 608 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2524]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1276 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2524]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1576 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 53, 3723, 0]
    [C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1812 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll]  [Kaspersky Lab, 5.0.200.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.27]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 74]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\CHENHU5.IME]  [chenhu, 5.8]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 1988 / Administrator][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6,0,6000,82]
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 6000, 007]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
[PID: 2020 / Administrator][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 2, 0, 44]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
[PID: 2028 / Administrator][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\KCAStub.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MSVCP61.dll]  [Kaspersky Lab, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\qbstorage.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\report.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\nfio.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsploc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klsecur.dll]  [Kaspersky Lab, 5.0.225.0]
[PID: 2036 / Administrator][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 0, 1, 26]
[PID: 248 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
[PID: 276 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 440 / SYSTEM][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MSVCP61.dll]  [Kaspersky Lab, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klsecur.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsa.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsbl.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\xorio_ex.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\startups.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_client.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\l_llio.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\avp_iont.dll]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avp1.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\avpgs.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\cab.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\dtreg.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ichk2.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ichstrms.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\klonacci.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\wdiskio.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\klondemi.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mailmsg.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\memmodsc.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\memscan.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\msoe.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\nfio.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\ntfsstrm.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\report.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\sfdb.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\winreg.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\AVS.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\CheckTool.DLL]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\xmlparse.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\xmltok.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsbloc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\OnDemand.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsblp.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\QBackup.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\qbstorage.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\OnAccess.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\mcproxy.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\mcpr.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\mailapplayer.dll]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\mchk.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\SubjPlugin.dll]  [Kaspersky Lab, 5.0.225.0]
[PID: 556 / SYSTEM][C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe]  [Kaspersky Lab, 5.0.0474.0]
    [C:\Program Files\Kaspersky Lab\NetworkAgent\klstfix.dll]  [Kaspersky Lab, 5.0.0474.0]
    [C:\Program Files\Kaspersky Lab\NetworkAgent\klcsn.dll]  [Kaspersky Lab, 5.0.0474.0]
    [C:\Program Files\Kaspersky Lab\NetworkAgent\kltrace.dll]  [Kaspersky Lab, 5.0.0474.0]
    [C:\Program Files\Kaspersky Lab\NetworkAgent\FSSync.dll]  [Kaspersky Lab, 5.0.0474.0]
    [C:\Program Files\Kaspersky Lab\NetworkAgent\klsecur2.dll]  [Kaspersky Lab, 5.0.0474.0]
[PID: 804 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1072 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4024 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
[PID: 3020 / Administrator][C:\WINDOWS\system32\drivers\suchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
[PID: 216 / Administrator][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.9.466]
    [C:\Program Files\Thunder Network\Thunder\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 15]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 4, 62]
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 0, 2, 307]
    [C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]

[C:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll]  [, 1, 0, 2, 11]
    [C:\Program Files\Thunder Network\Thunder\Program\ptl.dll]  [Thunder Networking Technologies, LTD, 1, 0, 2, 12]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\fs.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p.dll]  [, 1, 0, 2, 12]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\p2sp.dll]  [, 1, 0, 2, 13]
    [C:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll]  [, 1, 0, 2, 12]
    [C:\Program Files\Thunder Network\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 9]
    [C:\Program Files\Thunder Network\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [C:\Program Files\Thunder Network\Thunder\Program\stream.dll]  [, 2, 0, 2, 308]
    [C:\Program Files\Thunder Network\Thunder\Program\al.dll]  [, 1, 1, 2, 9]
    [C:\Program Files\Thunder Network\Thunder\Program\emule_id.dll]  [, 1, 0, 2, 6]
    [C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 4, 5, 21]
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 34]
    [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 24]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed16.dll]  [Thunder Networking Technologies,LTD, 3, 4, 7, 103]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 1, 5, 41]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 5, 0, 16]
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
    [C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 77]
    [C:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 77]
    [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
    [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
    [C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\XLSoftwareBase.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 3]
    [C:\Program Files\Thunder Network\Thunder\Plugins\GouGouTop\GouGouTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
    [C:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scr_ch_pg.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MSVCP61.dll]  [Kaspersky Lab, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 5, 82]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll]  [Thunder Networking Technologies,LTD, 3, 1, 4, 76]
    [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 18]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 74]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.27]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 11, 106]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 3]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 29]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [C:\WINDOWS\system32\CHENHU5.IME]  [chenhu, 5.8]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
[PID: 1344 / Administrator][C:\Program Files\Thunder Network\Thunder\Components\InMedia\ThunderMinisite.exe]  [Thunder Networking Technologies,LTD, 1, 0, 4, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scr_ch_pg.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MSVCP61.dll]  [Kaspersky Lab, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll]  [Thunder Networking Technologies,LTD, 3, 1, 4, 76]
[PID: 5012 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 11084 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\PROGRA~1\STOCK0~1\STOCK0~1.DLL]  [, 7, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.27]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 74]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 18]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scr_ch_pg.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\scrch_ag.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kltrace.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\MSVCP61.dll]  [Kaspersky Lab, 6.00.0000]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\klcsc.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\FSSync.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\pr_remote.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prloader.dll]  [Kaspersky Lab, 5.0.225.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\prkernel.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\prstring.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\pr_server.ppl]  [Kaspersky Lab, 5.0.225.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus for workstation 5\tempfile.ppl]  [Kaspersky Lab, 5.0.225.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xmvsource.dll_1_work]  [XunLei, 1, 0, 0, 5]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 24180 / Administrator][C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 24156 / Administrator][C:\Documents and Settings\Administrator\桌面\SRE70eaa1b9.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzdvdrsm.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2020, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2028, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\KWSPROD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2036, C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 440, C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5\KAVMM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 556, C:\PROGRAM FILES\KASPERSKY LAB\NETWORKAGENT\KLNAGENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3020, C:\WINDOWS\SYSTEM32\DRIVERS\SUCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3020, C:\WINDOWS\SYSTEM32\DRIVERS\SUCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 216, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1344, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 24180, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

大家帮忙给看看吧，麻烦各位管理，版主及各位高手

...
文件是修复不了的了

下载大蜘蛛ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

下载后放到C:\WINDOWS那里

然后就全盘查杀吧

确保全盘查杀的过程中不开任何软件

例如迅雷等等

大蜘蛛杀完之后

再扫一份日志上来

下载System Repair Engineer(Sreng)
http://www.kztechs.com/sreng/download.html

解压缩到C:\WINDOWS

运行SRengLdr.exe→智能扫描→扫描

等扫描完成,保存日志(LOG格式)

日志以附件上传

（点击我回的贴的右下角的“引用”或比较大的“回复”，然后就应该知道怎么以附件发了）

1.建议使用XDelBox(下载地址：http://bbs.ikaka.com/attachment.aspx?attachmentid=446806）
删除以下文件：（使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，按住shift键选第一个和最后一个文件路径，这样就全选了，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备）

C:\WINDOWS\system32\drivers\suchost.exe
C:\WINDOWS\system32\jzdvdrsm.dll
C:\WINDOWS\system32\drivers\CDAC15BA.SYS
C:\WINDOWS\system32\f28907d.sys

2.启动项目 －－ 注册表之如下项删除：
  <Explorer><C:\WINDOWS\system32\drivers\suchost.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{950D1600-DE4A-448D-93B4-7BAE5A7A8052}><950D1600.dll>  [N/A]
    <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll>  [N/A]
    <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll>  [N/A]
    <{14F7F80A-0FE7-4A24-83CC-639D42BE410C}><14F7F80A.dll>  [N/A]
    <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll>  [N/A]
    <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll>  [N/A]
    <{D7C79813-9233-4AE0-832C-99B2E8019673}><D7C79813.dll>  [N/A]
    <{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}><FFAE967F.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{06EA0A93-F850-4155-B819-BD0D9B5F25EE}><06EA0A93.dll>  [N/A]
    <{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll>  [N/A]
    <{DB2D9172-BDCF-432E-8AF3-8D2688F850DE}><DB2D9172.dll>  [N/A]
    <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll>  [N/A]
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  [N/A]
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\jzdvdrsm.dll>  []
    <{F8E07BB2-7A19-4057-80F1-E14646E630B4}><F8E07BB2.dll>  [N/A]
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  [N/A]
    <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  [N/A]
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  [N/A]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A]
    <{133AEAC9-9C88-4905-864C-38BBA312D9B0}><133AEAC9.dll>  [N/A]
    <{E44343AD-3605-4282-AC8F-2E41C2F5F398}><E44343AD.dll>  [N/A]

3.启动项目 －－ 服务－－ 驱动程序之如下项删除:
SREng-在"启动项目->服务－>驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后，点"删除服务"，点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):

[CdaC15BA / CdaC15BA][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><N/A>
[f28907d / f28907d][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\f28907d.sys><N/A>

4.运行下载的删除映像劫持工具,清除检测到的所有映像劫持项：
http://bbs.ikaka.com/attachment.aspx?attachmentid=429561

5.用下载的“清理临时文件工具ATF-Cleaner-cn”，全选所有项目，点击“立即清理”
下载：http://bbs.ikaka.com/attachment.aspx?attachmentid=447126
用W i n d o w s 清理助手 ，清理系统。
W i n d o w s 清理助手 下载：http://www.arswp.com/