Comi - 2008-8-15 14:33:00
日志附件
[CODE]
2008-08-15,14:18:01
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<Alcmtr><; ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"> []
<hxgame-update><; C:\Program Files\hxupdate\hxgame-update.exe> []
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [File is missing]
<{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll> [File is missing]
<{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll> [File is missing]
<{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [File is missing]
<{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll> [File is missing]
<{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\ilkojvux.dll> []
<{00050005-0005-0005-0005-00050005BB15}><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing]
<{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll> [File is missing]
<{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll> []
<{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll> [File is missing]
<{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll> [File is missing]
<ilkojvux.dll><C:\WINDOWS\system32\ilkojvux.dll> []
<cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing]
<adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> [File is missing]
<bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll> []
<avicapwm.dll><C:\WINDOWS\system32\avicapwm.dll> [File is missing]
<imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
[启动飞速土豆]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\启动飞速土豆.lnk --> C:\PROGRA~1\Tudou\飞速TU~1\TudouVa.exe [土豆网]><N>
==================================
服务
[0D3B6 / 0D3B6][Stopped/Disabled]
<C:\WINDOWS\system32\0D3B6.exe><Application Service>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Google Updater Service / gusvc][Stopped/Disabled]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[P4P Service / P4P Service][Stopped/Disabled]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Qvod Terminal / Qvod Terminal][Stopped/Disabled]
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
<C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>
==================================
驱动程序
[5n92wac / 5n92wacg][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\5n92wacg.sys><>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atksgt / atksgt][Stopped/Disabled]
<system32\DRIVERS\atksgt.sys><N/A>
[c / c][Stopped/Disabled]
<\??\C:\WINDOWS\system32\c><N/A>
[cafesvr / cafesvr][Stopped/Disabled]
<\??\C:\WINDOWS\system32\cafesvr><N/A>
[fhzl / fhzl][Stopped/Disabled]
<\??\C:\WINDOWS\system32\drivers\fhzl.ahc><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hlkbd / hlkbd][Running/Boot Start]
<\SystemRoot\system32\drivers\hlkbd.sys><N/A>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[IGALIVE / IGALIVE][Stopped/Disabled]
<\??\C:\Program Files\IGALIVE\IGALIVE.sys><N/A>
[IIS Manager / IIS Manager ][Stopped/Disabled]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[lirsgt / lirsgt][Stopped/Disabled]
<system32\DRIVERS\lirsgt.sys><N/A>
[Nessery / Nessery][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Nessery.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\51冒险岛055免安装客户端\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Manual Start]
<\??\D:\51冒险岛055免安装客户端\npkcusb.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sfkhlakf / sfkhlakf][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\sfkhlakf.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SWW / SWW][Stopped/Manual Start]
<\??\C:\Documents and Settings\Administrator\桌面\wg\SWW.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><N/A>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[zlh0c3y6rz / zlh0c3y6rz][Stopped/Boot Start]
<\SystemRoot\system32\drivers\zlh0c3y6rz.sys><N/A>
[zwurpm / zwurpm][Stopped/Disabled]
<\??\C:\WINDOWS\system32\zwurpm><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[AddTask Class]
{6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[BitComet]
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, (Signed) Koos>
[DLoader Class]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{06926B30-424E-4F1C-8EE3-543CD96573DC} <, >
[]
{070CA17A-4BD2-4612-83B4-32B1B9159B48} <, >
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
{0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQ\QQLive\QQLiveInstaller.dll, (Signed) >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\Program Files\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, (Signed) Koos>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[AddTask Class]
{6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[]
{6FE2FC9F-1203-4688-8764-2D2314579F84} <, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[DLoader Class]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
附件: SREngLOG.log (2008-8-15 14:39:43, 54.58 K)
该附件被下载次数 118
[CODE]
2008-08-15,14:18:01
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<Alcmtr><; ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"> []
<hxgame-update><; C:\Program Files\hxupdate\hxgame-update.exe> []
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [File is missing]
<{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll> [File is missing]
<{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll> [File is missing]
<{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [File is missing]
<{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll> [File is missing]
<{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\ilkojvux.dll> []
<{00050005-0005-0005-0005-00050005BB15}><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing]
<{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll> [File is missing]
<{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll> []
<{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll> [File is missing]
<{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<lweurqhx.dll><C:\WINDOWS\system32\lweurqhx.dll> [File is missing]
<ilkojvux.dll><C:\WINDOWS\system32\ilkojvux.dll> []
<cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing]
<adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> [File is missing]
<bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<certmgrkd.dll><C:\WINDOWS\system32\certmgrkd.dll> []
<avicapwm.dll><C:\WINDOWS\system32\avicapwm.dll> [File is missing]
<imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
[启动飞速土豆]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\启动飞速土豆.lnk --> C:\PROGRA~1\Tudou\飞速TU~1\TudouVa.exe [土豆网]><N>
==================================
服务
[0D3B6 / 0D3B6][Stopped/Disabled]
<C:\WINDOWS\system32\0D3B6.exe><Application Service>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Google Updater Service / gusvc][Stopped/Disabled]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[P4P Service / P4P Service][Stopped/Disabled]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Qvod Terminal / Qvod Terminal][Stopped/Disabled]
<C:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
<C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>
==================================
驱动程序
[5n92wac / 5n92wacg][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\5n92wacg.sys><>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atksgt / atksgt][Stopped/Disabled]
<system32\DRIVERS\atksgt.sys><N/A>
[c / c][Stopped/Disabled]
<\??\C:\WINDOWS\system32\c><N/A>
[cafesvr / cafesvr][Stopped/Disabled]
<\??\C:\WINDOWS\system32\cafesvr><N/A>
[fhzl / fhzl][Stopped/Disabled]
<\??\C:\WINDOWS\system32\drivers\fhzl.ahc><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hlkbd / hlkbd][Running/Boot Start]
<\SystemRoot\system32\drivers\hlkbd.sys><N/A>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[IGALIVE / IGALIVE][Stopped/Disabled]
<\??\C:\Program Files\IGALIVE\IGALIVE.sys><N/A>
[IIS Manager / IIS Manager ][Stopped/Disabled]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[lirsgt / lirsgt][Stopped/Disabled]
<system32\DRIVERS\lirsgt.sys><N/A>
[Nessery / Nessery][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Nessery.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\51冒险岛055免安装客户端\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Manual Start]
<\??\D:\51冒险岛055免安装客户端\npkcusb.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sfkhlakf / sfkhlakf][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\sfkhlakf.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SWW / SWW][Stopped/Manual Start]
<\??\C:\Documents and Settings\Administrator\桌面\wg\SWW.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><N/A>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[zlh0c3y6rz / zlh0c3y6rz][Stopped/Boot Start]
<\SystemRoot\system32\drivers\zlh0c3y6rz.sys><N/A>
[zwurpm / zwurpm][Stopped/Disabled]
<\??\C:\WINDOWS\system32\zwurpm><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[AddTask Class]
{6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[BitComet]
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, (Signed) Koos>
[DLoader Class]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{06926B30-424E-4F1C-8EE3-543CD96573DC} <, >
[]
{070CA17A-4BD2-4612-83B4-32B1B9159B48} <, >
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
{0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQ\QQLive\QQLiveInstaller.dll, (Signed) >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
{2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\Program Files\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, (Signed) Koos>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[AddTask Class]
{6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[]
{6FE2FC9F-1203-4688-8764-2D2314579F84} <, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[DLoader Class]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)