第一
这个SMSS我也听说过但是在WINDOW下并没有SMSS这个执行文件
第二
在网上找了好多资料没一个说的和我的一样
第三
可是进程中明明是有两个SMSS进程卡巴杀不掉 而且老是探出CSRSS删了以后就又出来了
所以很奇怪 难道是SMSS变种了吗？

症状：如果使用卡巴杀的话 有时会自动重起 另外杀的时候发现被感染的文件非常多 包括包风．千千都被感染一下子删完了 另外中毒后第一次打不开桌面 我是重起后进安全里杀了一下又回到正常模式杀 但是大家都知道根本杀不掉 网上的手动杀 SMSS跟我的症状也似乎不一样
所以在这里请教大家帮帮忙 机子上有比较重要的文件不想重装系统了另外我实在是没分了 真的麻烦大家浪费点时间帮我看看 谢谢了


我　不知道对不对哦我也不太清楚是不是病毒进程
例如conime.exe这个不是系统进程　而是用户的
两个小写的ＳＭＳＳ而不是一个大写一个小写

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; .NET CLR 2.0.50727)

window/system2/com下面没有发现这两个执行文件........
另外补充一下我被感染以后删掉了所有播放器...
还有开机就发现csrss开始作怪．．．
连删几次就会重起

API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

这是卡巴报的病毒名称：
trojan program:
Trojan-Downloader.Win32.Agent.gbr
文件目录
C/windows/system32/EsEnt/csrss.exe
但是现在问题是EsEnt文件家被保护了　我根本打不开

怎么上传啊　大哥．．．我不太会．．．

[CODE]

2008-05-24,14:45:23

System Repair Engineer 2.6.8.980
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe">  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><c:\windows\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
    <IFEO[Your Image File Name Here without a path]><ntsd -d>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\Coopen.scr>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><; "C:\Program Files\360Safebox\safeboxTray.exe" /r>  [File is missing]
    <ApacheTomcatMonitor><; "D:\Tomcat 5.5\bin\tomcat5w.exe" //MS//Tomcat5>  [Apache Software Foundation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools-1033><; "D:\toolcd\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [File is missing]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [File is missing]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [File is missing]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [File is missing]
    <MyWebSearch Plugin><; rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF>  [File is missing]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [File is missing]
    <SunJavaUpdateSched><; "D:\Java\jre1.5.0_09\bin\jusched.exe">  [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <system><; "C:\WINDOWS\system32\system.exe">  [File is missing]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Auto Start]
  <C:\WINDOWS\system\lsass.exe><(File is missing)>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><(File is missing)>
[Kaspersky Anti-Virus 7.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
[Task Card / Dutification][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k Dutification-->%SystemRoot%\System32\rclymv.dll><N/A>
[jakatf / jakatf][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k jakatf-->%SystemRoot%\System32\zhtfes.dll><N/A>
[jzkqbh / jzkqbh][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k jzkqbh-->%SystemRoot%\System32\xdgjdv.dll><N/A>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[MSSQL$SA / MSSQL$SA][Running/Auto Start]
  <d:\MICROS~1\MSSQL$SA\binn\sqlservr.exe -sSA><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <D:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[OracleOraDb10g_home1TNSListener / OracleOraDb10g_home1TNSListener][Stopped/Disabled]
  <D:\oracle\product\10.1.0\db_1\BIN\TNSLSNR ><(File is missing)>
[SAKURAWAR4NEWC Drivers Auto Removal (pr2ahwwc) / pr2ahwwc][Stopped/Disabled]
  <C:\WINDOWS\system32\pr2ahwwc.exe svc><GameBridge>
[Remouters Access Auto / RpcServer][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k RpcServer-->%SystemRoot%\System32\yvfzvx.dll><N/A>
[SQLAgent$SA / SQLAgent$SA][Stopped/Manual Start]
  <d:\MICROS~1\MSSQL$SA\binn\sqlagent.exe -i SA><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <D:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
  <C:\WINDOWS\system32\smlogsvc.exe><Microsoft Corporation>
[Apache Tomcat / Tomcat5][Running/Auto Start]
  <"D:\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5><Apache Software Foundation>
[TCP/IP NetBIOS Help / LnHosts][Running/Auto Start]
  <C:\WINDOWS\system32\Rules\smss.exe><N/A>

==================================
驱动程序
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[d344bus / d344bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d344bus.sys><>
[d344prt / d344prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d344prt.sys><>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hid7906 / hid7906][Stopped/Manual Start]
  <system32\drivers\hid7906.sys><Compuware Corporation>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[jdy#hook / jdy#hook][Stopped/Manual Start]
  <\??\D:\娱乐\游戏\简单游\hknm.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[LYFX / LYFX][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\LYFX.ahc><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[O2MDRDR / O2MDRDR][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\o2media.sys><O2Micro>
[O2SDRDR / O2SDRDR][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\o2sd.sys><O2Micro>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[SAKURAWAR4NEWC Synchronization Driver (ps6ahwwc) / ps6ahwwc][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ps6ahwwc.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>

[USB 视频设备(WDM) / usbvideo][Stopped/Manual Start]
  <System32\Drivers\usbvideo.sys><Microsoft Corporation>
[Remote Access IP ARP Driver / Wanarp][Running/Manual Start]
  <system32\DRIVERS\wanarp.sys><Microsoft Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\娱乐\游戏\简单游\qmnms.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\xunlei\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\下载软件\tools\BitCometBHO_1.1.3.12.dll, BitComet>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\xunlei\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.5.0_09]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\xunlei\Thunder.exe, Thunder Networking Technologies,LTD>
[Web Anti-Virus statistics]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Java Plug-in 1.5.0_09]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[RavOnline Class]
  {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[Java Plug-in 1.5.0_09]
  {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\xunlei\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <D:\xunlei\Components\InMedia\peerid.dll, >
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\tools\PPLive\SYNACA~1.OCX, N/A>
[ThunderServer.WebThunder]
  {1DE5794D-B609-4A3E-9E40-22594D5BEAAC} <C:\Program Files\tools\Thunder\ComDlls\Faker.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DataCtrl Class]
  {25560540-9571-4D7B-9389-0F166788785A} <C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL, N/A>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\WinCHM\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\下载软件\tools\BitCometBHO_1.1.3.12.dll, BitComet>
[Fun Web Products HTML Menu]
  {3DC201FB-E9C9-499C-A11F-23C360D7C3F8} <C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\xunlei\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[番茄工具条3.21]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[JetCar.Netscape]
  {69C7BEA7-0A70-4291-81ED-405D19AEE270} <C:\Program Files\tools\Thunder\ComDlls\Faker.dll, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\xunlei\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\xunlei\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
  {88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XSL Template 5.0]
  {88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[Java Plug-in 1.5.0_09]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[RavOnline Class]
  {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[ScreenSaverInstaller Class]
  {9FF05104-B030-46FC-94B8-81276E4E27DF} <C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL, N/A>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl COM Module]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5711.41.764.dll, ShenZhen Thunder Networking Technologies Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\娱乐\QQ\QzoneMusic.dll, 腾讯科技>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[RevealTrans]
  {E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[QQIEHelper.QQRightClick]
  {E654770F-10E4-47BC-A309-4CAD96A096E6} <C:\Program Files\tools\Thunder\ComDlls\Faker.dll, >
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <D:\娱乐\QQ\Timwp.dll, TENCENT>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\xunlei\Components\DownAndPlay\DapPlayer3.0.5712.71.764.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&Search]
  <http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000, N/A>

[&使用BitComet下载]
  <res://D:\下载软件\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\下载软件\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\下载软件\BitComet.exe/AddVideo.htm, N/A>
[使用迅雷下载]
  <D:\xunlei\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\xunlei\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[查看当前站点排名]
  <http://alexa.chinaz.com/alexa.htm, N/A>
[添加到QQ表情]
  <D:\娱乐\QQ\AddEmotion.htm, N/A>
[转换为现有 PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\阅读器7。0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 1160 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1280 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1292 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1476 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1680 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1740 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1804 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 452 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4820]
    [D:\xunlei\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\xunlei\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\xunlei\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
    [D:\xunlei\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\rar\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\Eplus\eppshell.dll]  [N/A, ]
[PID: 660 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\zhtfes.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 872 / SYSTEM][d:\MICROS~1\MSSQL$SA\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\MICROS~1\MSSQL$SA\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1492 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\yvfzvx.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1520 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1612 / SYSTEM][C:\WINDOWS\system32\EsEnt\services.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / SYSTEM][D:\Tomcat 5.5\bin\tomcat5.exe]  [Apache Software Foundation, 2.0.3.0]
    [D:\Java\jre1.5.0_09\bin\client\jvm.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [D:\Java\jre1.5.0_09\bin\hpi.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [D:\Java\jre1.5.0_09\bin\verify.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [D:\Java\jre1.5.0_09\bin\java.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [D:\Java\jre1.5.0_09\bin\zip.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\Java\jre1.5.0_09\bin\net.dll]  [Sun Microsystems, Inc., 5.0.90.3]
[PID: 2520 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 268 / SYSTEM][C:\WINDOWS\system32\Rules\smss.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntsvc.ocx]  [Microsoft, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 420 / SYSTEM][C:\WINDOWS\system32\Rules\services.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3136 / SYSTEM][C:\WINDOWS\system32\Rules\csrss.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 4104 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Internet Explorer\MSIMG32.dll]  [FunWebProducts.com, 1, 0, 0, 5]
    [D:\xunlei\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\WINDOWS\system32\TPHANDLE.dll]  [江苏科建教育软件有限责任公司, 5, 0, 10, 10]
    [D:\下载软件\tools\BitCometBHO_1.1.3.12.dll]  [BitComet, 20070312]
    [D:\Java\jre1.5.0_09\bin\ssv.dll]  [Sun Microsystems, Inc., 5.0.90.3]
    [D:\xunlei\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\xunlei\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
    [D:\xunlei\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll]  [Kaspersky Lab, 7.0.5.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl]  [Kaspersky Lab, 7.0.0.125]
    [D:\xunlei\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[PID: 68956 / Administrator][D:\xunlei\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.12.493]
    [D:\xunlei\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\xunlei\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 6, 66]
    [D:\xunlei\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 311]
    [D:\xunlei\Program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\xunlei\Program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\xunlei\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 13]
    [D:\xunlei\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\xunlei\Program\emule_id.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [D:\xunlei\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
    [D:\xunlei\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
    [D:\xunlei\Program\xl_stat.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 3]
    [D:\xunlei\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 9]
    [D:\xunlei\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\xunlei\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [D:\xunlei\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\xunlei\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 18]
    [D:\xunlei\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
    [D:\xunlei\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
    [D:\xunlei\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,20]
    [D:\xunlei\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 2, 6, 2, 12]
    [D:\xunlei\Program\stream.dll]  [Thunder Networking Technologies,LTD, 2, 1, 2, 359]
    [D:\xunlei\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [D:\xunlei\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
    [D:\xunlei\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,15]
    [D:\xunlei\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 24]

[D:\xunlei\Components\InMedia\iEmbed16.dll]  [Thunder Networking Technologies,LTD, 3, 4, 7, 103]
    [D:\xunlei\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 1, 5, 41]
    [D:\xunlei\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\xunlei\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [D:\xunlei\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 38]
    [D:\xunlei\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [D:\xunlei\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\xunlei\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 79]
    [D:\xunlei\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 79]
    [D:\xunlei\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
    [D:\xunlei\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
    [D:\xunlei\Components\XLSoftBase\XLSoftwareBase.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 3]
    [D:\xunlei\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 59]
    [D:\xunlei\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
    [D:\xunlei\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [D:\xunlei\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\xunlei\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\xunlei\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 12, 108]
    [D:\xunlei\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [D:\xunlei\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 4]
    [D:\xunlei\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [D:\xunlei\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\xunlei\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [D:\xunlei\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\xunlei\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [D:\xunlei\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
[PID: 77928 / Administrator][D:\rar\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 78884 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.188\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.8.980]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 79312 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.188\SRE4c3524b9.EXE]  [Smallfrogs Studio, 2.6.8.980]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]

==================================
文件关联
.TXT  Error. [UltraEdit.txt]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  Error. [UltraEdit.ini]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  2.joppnqq.com
127.0.0.1  1.joppnqq.com
127.0.0.1  1.jopenqc.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  3.joppnqq.com
127.0.0.1  www.868wg.com
127.0.0.1  ilove.com
127.0.0.1  www.tomwg.com
127.0.0.1  www.22aaa.com
127.0.0.1  new.749571.com
127.0.0.1  cao.kv8.info
127.0.0.1  171817.171817.com
127.0.0.1  down.malasc.cn
127.0.0.1  nx.51ylb.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  www.333292.com
127.0.0.1  up.22x44.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  c3.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  d1.163500.net

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1676, D:\TOMCAT 5.5\BIN\TOMCAT5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 268, C:\WINDOWS\SYSTEM32\RULES\SMSS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3136, C:\WINDOWS\SYSTEM32\RULES\CSRSS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 68956, D:\XUNLEI\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 77928, D:\RAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 78884, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.188\SRENGLDR.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]