‹‹ 上一主题 | 下一主题 ››
发新话题
打印

求救高手,小弟估计是中了机器狗病毒了

逍遥公子

中级会员

Rank: 7Rank: 7Rank: 7

积分
166 
威望
0 点 
金币
101 枚 
银币
645 枚 
1楼 发表于 2007-12-16 23:18 只看该作者

求救高手,小弟估计是中了机器狗病毒了

这是我的sreng
[CODE]

2007-12-11,23:49:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <IME JPN 2007 Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
    <TBMonEx><; C:\WINDOWS\system\36Otray.exe>  []
    <kawdcaz><C:\WINDOWS\system32\kawdcaz.exe>  []
    <inudhya><; C:\WINDOWS\system\1a.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kawdfzy.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{9E32FA58-3453-FA2D-BC49-F340348ACCE9}><C:\WINDOWS\system32\rsmyipm.dll>  []
    <{AC87A354-ABC3-DEDE-FF33-3213FD7447CA}><C:\WINDOWS\system32\kvdxjma.dll>  []
    <{5A321487-4977-D98A-C8D5-6488257545A5}><C:\WINDOWS\system32\kapjezy.dll>  []
    <{2A57CAD1-412F-9547-713F-9641FA3FC7A2}><C:\WINDOWS\system32\okmhbzy.dll>  []
    <{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll>  []
    <{B859245F-345D-BC13-AC4F-145D47DA34FB}><C:\WINDOWS\system32\avzxkmn.dll>  []
    <{7960356A-458E-DE24-BD50-268F589A56A7}><C:\WINDOWS\system32\avwlgmn.dll>  []
    <{5598FF45-DA60-F48A-BC43-10AC47853D55}><C:\WINDOWS\system32\rarjepi.dll>  []
    <{68907901-1416-3389-9981-372178569986}><C:\WINDOWS\system32\kawdfzy.dll>  []
    <{1FA10261-B890-F432-A453-69F1023513F1}><C:\WINDOWS\system32\gjcsayc.dll>  []
    <{78847374-8323-FADC-B443-4732ABCD3787}><C:\WINDOWS\system32\sidjgzy.dll>  []
    <{B6F775C3-A965-444B-B784-E52EE2DE9028}><C:\WINDOWS\system32\ryhpflsyflsy.dll>  [Microsoft Corporation]
    <{24909874-8982-F344-A322-7898787FA742}><C:\WINDOWS\system32\swjqbzc.dll>  []
    <{678A7521-FA87-34AB-34C2-4893F3AD34C6}><C:\WINDOWS\system32\swrcezc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
    <IFEO[ACKWIN32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
    <IFEO[ANTI-TROJAN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
    <IFEO[APVXDWIN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
    <IFEO[AUTODOWN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
    <IFEO[AVCONSOL.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
    <IFEO[AVE32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
    <IFEO[AVGCTRL.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
    <IFEO[AVKSERV.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]
    <IFEO[AVNT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
    <IFEO[AVP.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
    <IFEO[AVP32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
    <IFEO[AVPCC.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
    <IFEO[AVPDOS32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE]
    <IFEO[AVPM.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
    <IFEO[AVPTC32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
    <IFEO[AVPUPD.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
    <IFEO[AVSCHED32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
    <IFEO[AVWIN95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
    <IFEO[AVWUPD32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
    <IFEO[BLACKD.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
    <IFEO[BLACKICE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
    <IFEO[CFIADMIN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
    <IFEO[CFIAUDIT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
    <IFEO[CFINET.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
    <IFEO[CFINET32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
    <IFEO[CLAW95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
    <IFEO[CLAW95CF.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
    <IFEO[CLEANER.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
    <IFEO[CLEANER3.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
    <IFEO[DVP95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
    <IFEO[DVP95_0.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
    <IFEO[ECENGINE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE]
    <IFEO[EGHOST.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
    <IFEO[ESAFE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
    <IFEO[EXPWATCH.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
    <IFEO[F-AGNT95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
    <IFEO[F-PROT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
    <IFEO[F-PROT95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
    <IFEO[F-STOPW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
    <IFEO[FESCUE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
    <IFEO[FINDVIRU.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
    <IFEO[FP-WIN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
    <IFEO[FPROT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
    <IFEO[FRW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
    <IFEO[IAMAPP.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
    <IFEO[IAMSERV.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
    <IFEO[IBMASN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
    <IFEO[IBMAVSP.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
    <IFEO[ICLOAD95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
    <IFEO[ICLOADNT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
    <IFEO[ICMON.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
    <IFEO[ICSUPP95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
    <IFEO[ICSUPPNT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
    <IFEO[IFACE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
    <IFEO[IOMON98.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
    <IFEO[JEDI.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
    <IFEO[KAVPFW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe]
    <IFEO[KAVsvc.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe]
    <IFEO[KAVSvcUI.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
    <IFEO[KVFW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe]
    <IFEO[KVwsc.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
    <IFEO[KWatchUI.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]
    <IFEO[LOCKDOWN2000.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
    <IFEO[Logo1_.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
    <IFEO[Logo_1.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
    <IFEO[LOOKOUT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
    <IFEO[LUALL.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAILMON.EXE]
    <IFEO[MAILMON.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
    <IFEO[MOOLIVE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
    <IFEO[MPFTRAY.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
    <IFEO[N32SCANW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
    <IFEO[NAVLU32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
    <IFEO[NAVNT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
    <IFEO[navw32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
    <IFEO[NAVWNT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
    <IFEO[NISUM.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.exe]
    <IFEO[NMain.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
    <IFEO[NORMIST.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
    <IFEO[NUPGRADE.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
    <IFEO[NVC95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
    <IFEO[PAVCL.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
    <IFEO[PAVSCHED.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
    <IFEO[PAVW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
    <IFEO[PCCWIN98.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
    <IFEO[PCFWALLICON.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
    <IFEO[PERSFW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
    <IFEO[PFW.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
    <IFEO[RAV7.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
    <IFEO[RAV7WIN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe]
    <IFEO[RAVmon.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe]
    <IFEO[RAVmonD.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe]
    <IFEO[RAVtimer.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe]
    <IFEO[Rising.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
    <IFEO[SAFEWEB.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE]
    <IFEO[SCAN32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
    <IFEO[SCAN95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
    <IFEO[SCANPM.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
    <IFEO[SCRSCAN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
    <IFEO[SERV95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
    <IFEO[SMC.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
    <IFEO[SPHINX.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
    <IFEO[SWEEP95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE]
    <IFEO[TBSCAN.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE]
    <IFEO[TCA.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
    <IFEO[TDS2-98.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
    <IFEO[TDS2-NT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE]
    <IFEO[THGUARD.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe]
    <IFEO[TrojanHunter.exe]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
    <IFEO[VET95.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
    <IFEO[VETTRAY.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
    <IFEO[VSCAN40.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
    <IFEO[VSECOMR.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
    <IFEO[VSHWIN32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE]
    <IFEO[VSSTAT.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE]
    <IFEO[WEBSCANX.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
    <IFEO[WFINDV32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
    <IFEO[ZONEALARM.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
    <IFEO[_AVP32.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
    <IFEO[_AVPCC.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
    <IFEO[_AVPM.EXE]><C:\WINDOWS\system\36Otray.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe]
    <IFEO[修复工具.exe]><C:\WINDOWS\system\36Otray.exe>  []

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[RAS Asynchronous Media Driver / AsyncMac][Running/Auto Start]
  <system32\DRIVERS\comint32.sys><N/A>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[comint32 / comint32][Running/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\comint32.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookHelp / HookHelp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\HookHelp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oarem / oarem][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\oarem.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 国风因特软件(北京)有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 436 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 792 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 860 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 1024 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 1284 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\rsmyipm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\okmhbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjgzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\ryhpflsyflsy.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\swjqbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcezc.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrmshelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrtlhelp.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件(北京)有限公司, 2.5.1.1003]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[PID: 1356 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
[PID: 1836 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\addrtlhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrmshelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[PID: 1976 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsmyipm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\okmhbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]

    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjgzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\swjqbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcezc.dll]  [N/A, ]
    [C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[PID: 760 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 2428 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\System32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\System32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\System32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 2824 / Administrator][C:\Maxthon-mumayi-DIY\Maxthon.exe]  [psgl, 1+2DIY]
    [C:\Maxthon-mumayi-DIY\maxzlib.dll]  [, 1.2.3]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsmyipm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\okmhbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjgzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\swjqbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcezc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPTIP.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMETIP.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMECFM.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMPS.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
[PID: 2972 / Administrator][C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPDAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMLD.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMMP.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\MAPI32.dll]  [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMPS.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[PID: 3720 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[PID: 1156 / Administrator][C:\Program Files\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.5.421]
    [C:\Program Files\Thunder\Program\ThunderEx.dll]  [, 1, 2, 2, 18]
    [C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrtlhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrmshelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 0, 52]
    [C:\Program Files\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 20, 2, 200]
    [C:\Program Files\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 20, 2, 200]
    [C:\Program Files\Thunder\Program\streammedialib.dll]  [, 1, 3, 2, 100]
    [C:\Program Files\Thunder\Program\al.dll]  [, 1, 0, 1, 2]
    [C:\Program Files\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 11]
    [C:\Program Files\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 3]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 3, 2, 16]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Thunder\Program\iTargetAD.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [C:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcezc.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\WINDOWS\system32\swjqbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjgzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\okmhbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsmyipm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\Program Files\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 20]
    [C:\Program Files\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 20]
    [C:\Program Files\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 16]
    [C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll]  [深圳市迅雷网络技术有限公司, 1, 3, 1, 4]
[PID: 2360 / Administrator][C:\WINDOWS\system\36Otray.exe]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
[PID: 1124 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrTLhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDWMI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrMShelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDDHYI32.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdcaz.dat]  [N/A, ]
    [C:\WINDOWS\system32\IMJP12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\imjp12k.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMJKAPI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPPRED.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\avzxkmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcezc.dll]  [N/A, ]
    [C:\WINDOWS\system32\swjqbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjgzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\gjcsayc.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\okmhbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsmyipm.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjepi.dll]  [N/A, ]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
    C:\WINDOWS\system32\qdshm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
    C:\WINDOWS\system32\qdshm.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[D:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[E:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[F:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe

==================================
HOSTS 文件
127.0.0.1       localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2824, C:\MAXTHON-MUMAYI-DIY\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2824, C:\MAXTHON-MUMAYI-DIY\MAXTHON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1156, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1156, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2360, C:\WINDOWS\SYSTEM\36OTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2360, C:\WINDOWS\SYSTEM\36OTRAY.EXE]
levis,李维斯

收藏10个帖子点亮QQ新图标,超酷!点击下面按钮即可 收藏到QQ书签

TOP

花花紫公主

中级会员

Rank: 7Rank: 7Rank: 7

积分
297 
威望
0 点 
金币
196 枚 
银币
1010 枚 
2楼 发表于 2007-12-16 23:18 只看该作者
先用这个工具修复下~然后再扫描SREng2的日志上来~



  
附件

TOP

基斯

中级会员

Rank: 7Rank: 7Rank: 7

积分
224 
威望
0 点 
金币
146 枚 
银币
783 枚 
3楼 发表于 2007-12-16 23:18 只看该作者
恩,谢谢!

TOP

易建联

中级会员

Rank: 7Rank: 7Rank: 7

积分
180 
威望
0 点 
金币
114 枚 
银币
660 枚 
4楼 发表于 2007-12-16 23:18 只看该作者
首先下载2#工具修复
根据SREng扫描日志请按照如下步骤,尝试删除和修复

1.建议使用XDelBox删除以下文件:(XDelBox1.6下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\system32\rarjepi.dll
c:\windows\system32\qdshm.dll
c:\windows\system32\addrmshelp.dll
c:\windows\system32\addrtlhelp.dll
c:\windows\system32\avwghmn.dll
c:\windows\system32\avwlgmn.dll
c:\windows\system32\avzxkmn.dll
c:\windows\system32\gjcsayc.dll
c:\windows\system32\kapjezy.dll
c:\windows\system32\kawdcaz.dat
c:\windows\system32\kawdfzy.dll
c:\windows\system32\kvdxjma.dll
c:\windows\system32\msprint32d.dll
c:\windows\system32\okmhbzy.dll
c:\windows\system32\rsmyipm.dll
c:\windows\system32\ryhpflsyflsy.dll
c:\windows\system32\sidjgzy.dll
c:\windows\system32\swjqbzc.dll
c:\windows\system32\swrcezc.dll
c:\windows\system32\upxdnd.dll
c:\windows\system32\gddhyi32.dll
c:\windows\system32\gdwmi32.dll
c:\windows\system32\kawdfzy.dll
; c:\windows\system\1a.exe
c:\windows\system32\kawdcaz.exe
c:\windows\msprint32d.exe
c:\windows\upxdnd.exe
c:\progra~1\3721\helper.dll,rundll32
c:\windows\\systemroot\system32\drivers\oarem.sys
c:\windows\system32\drivers\comint32.sys
c:\windows\system32\drivers\comint32.sys
c:\progra~1\3721\autolive.dll
c:\AutoRun.inf
c:\ntldr.exe
d:\AutoRun.inf
d:\ntldr.exe
e:\AutoRun.inf
e:\ntldr.exe

TOP

runlinmo

中级会员

Rank: 7Rank: 7Rank: 7

积分
123 
威望
0 点 
金币
67 枚 
银币
557 枚 
5楼 发表于 2007-12-16 23:18 只看该作者
U盘病毒专杀工具
http://www.usbcleaner.cn/download.htm
升级杀软全盘查杀

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题