机子最近中毒，主页被www.kzdh.com 篡改，卡巴和ewido都查不出病毒，请高手帮帮忙。
2006-12-19,20:10:29

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
(eReader.exe)(; ) [N/A]
(msnmsgr)(; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background) [Microsoft Corporation]
(updateMgr)("D:\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1) [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(KAVPersonal50)("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize) [Kaspersky Lab]
(SunJavaUpdateSched)(C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe) [N/A]
(Apoint)(C:\Program Files\Apoint\Apoint.exe) [(Verified)Alps Electric Co., Ltd.]
(Dell QuickSet)(C:\Program Files\Dell\QuickSet\quickset.exe) [N/A]
(IgfxTray)(C:\WINDOWS\system32\igfxtray.exe) [(Verified)Intel Corporation]
(HotKeysCmds)(C:\WINDOWS\system32\hkcmd.exe) [(Verified)Intel Corporation]
(ISUSPM Startup)(C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup) [InstallShield Software Corporation]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(MSConfig)(C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto) [(Verified)Microsoft Corporation]
(dla)(C:\WINDOWS\system32\dla\tfswctrl.exe) [Sonic Solutions]
(MSPY2002)(C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC) [(Verified)N/A]
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
(IMSCMIG40W)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log) [Microsoft Corporation]
(System)(C:\Program Files\Common Files\System\Updaterun.exe) [N/A]
(IntelWireless)(; C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless) [Intel Corporation]
(!AVG Anti-Spyware)("D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized) [Anti-Malware Development a.s.]
(TkBellExe)(; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(Acrobat Assistant 7.0)(; "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe") [Adobe Systems Inc.]
(DAEMON Tools-1033)(; "D:\D-Tools\daemon.exe" -lang 1033) [DAEMON'S HOME]
(DVDLauncher)(; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe") [CyberLink Corp.]
(ISUSScheduler)(; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start) [InstallShield Software Corporation]
(NeroFilterCheck)(; C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({57B86673-276A-48B2-BAE7-C6DBB3020EB8})(d:\AVG Anti-Spyware 7.5\shellexecutehook.dll) [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
(WinlogonNotify: IntelWireless)(C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) [Intel Corporation]




--------------------------------------------------------------------------------



启动文件夹

[卡巴斯基反黑客]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\卡巴斯基反黑客.lnk --) C:\PROGRA~1\KASPER~1\KASPER~2\KAVPF.exe [Kaspersky Lab])(N)



--------------------------------------------------------------------------------



服务

[Adobe LM Service / Adobe LM Service]
("C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe")(Adobe Systems)
[Application Management / AppMgmt]
(C:\WINDOWS\system32\svchost.exe -k netsvcs--)%SystemRoot%\System32\appmgmts.dll)(N/A)
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
(d:\AVG Anti-Spyware 7.5\guard.exe)(Anti-Malware Development a.s.)
[EvtEng / EvtEng]
(C:\Program Files\Intel\Wireless\Bin\EvtEng.exe)(Intel Corporation)
[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[COM+ Error Report / Investor]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\bglzn.dll)(Microsoft Corporation)
[kavsvc / kavsvc]
("C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe")(Kaspersky Lab)
[LightScribeService Direct Disc Labeling Service / LightScribeService]
("C:\Program Files\Common Files\LightScribe\LSSrvc.exe")()
[NICCONFIGSVC / NICCONFIGSVC]
(C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe)(Dell Inc.)
[RegSrvc / RegSrvc]
(C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe)(Intel Corporation)
[Spectrum24 Event Monitor / S24EventMonitor]
(C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe)(Intel Corporation)
[IPSEC Client / SOCEESe]
(C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\PBJXS.DLL,Export 1087)(N/A)
[WLANKEEPER / WLANKEEPER]
(C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe)(Intel? Corporation)


浏览器加载项

[Thunder Browser Helper]
{0005A87C-D626-4B3A-84F9-1D9571695F55} (d:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD)
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD)
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} (C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions)
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} (D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (d:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (D:\QQ\QQ.EXE, TENCENT)
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (D:\FLASHGET\flashget.exe, FlashGet.com)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} (D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (D:\FlashGet\fgiebar.dll, Amaze Soft)
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (C:\WINDOWS\opuc.dll, Microsoft Corporation)
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (C:\WINDOWS\system32\muweb.dll, Microsoft Corporation)
[Java Plug-in 1.4.2_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} (C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.)
[Java Plug-in 1.4.2_03]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.)
[DRDLCtlView Class]
{DF85A113-76ED-4D25-9107-01E5C6F98D6A} (C:\WINDOWS\drdlctl.ocx, )
[Thunder Browser Helper]
{0005A87C-D626-4B3A-84F9-1D9571695F55} (d:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD)
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD)
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} (D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} (C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484F-8273-0445EE161910} (D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.)
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (D:\FlashGet\fgiebar.dll, Amaze Soft)
[&使用快车(FlashGet)下载]
(D:\FLASHGET\jc_link.htm, N/A)
[&使用快车(FlashGet)下载全部链接]
(D:\FLASHGET\jc_all.htm, N/A)
[&使用迅雷下载]
(d:\Thunder\Program\geturl.htm, N/A)
[&使用迅雷下载全部链接]
(d:\Thunder\Program\getallurl.htm, N/A)
[Convert link target to Adobe PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[Convert link target to existing PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[Convert selected links to Adobe PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A)
[Convert selected links to existing PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A)
[Convert selection to Adobe PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[Convert selection to existing PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[Convert to Adobe PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[Convert to existing PDF]
(res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[上传到QQ网络硬盘]
(D:\QQ\AddToNetDisk.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)
[导出当前页到超星阅览器(&A)]
(D:\SSREADER36\ss_all.htm, N/A)
[导出选中部分到超星阅览器(&S)]
(D:\SSREADER36\ss_select.htm, N/A)
[添加到QQ自定义面板]
(D:\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\QQ\SendMMS.htm, N/A)

正在运行的进程

[PID: 552][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Intel\Wireless\Bin\LgNotify.dll] [Intel Corporation, 9, 0, 1, 0]
[PID: 1080][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1488][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1536][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 9, 0, 1, 12]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[PID: 1568][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 9, 0, 1, 41]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[PID: 1608][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] [Intel? Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 9, 0, 1, 54]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 9, 0, 1, 7]
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 9, 0, 1, 1]
[PID: 1672][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 424][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1632][C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 9, 0, 1, 45]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 9, 0, 1, 54]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 9, 0, 1, 7]
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] [Intel Corporation, 9, 0, 1, 31]
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 9, 0, 1, 1]
[C:\Program Files\Intel\Wireless\Bin\ZcSvcCHS.dll] [Intel Corporation, 9, 0, 1, 44]
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] [N/A, N/A]
[PID: 1936][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 1.1.1.1]
[D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[d:\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] [Kaspersky Lab, 5.0.388.1]
[d:\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.08a]
[PID: 2008][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] [, 1.0.21.1]
[PID: 2032][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 252][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] [Intel, 9, 0, 1, 33]
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] [Meetinghouse Data Communications, 3, 0, 0, 40]
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 1, 22]
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 1, 14]
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] [N/A, N/A]
[PID: 764][C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe] [Dell Inc., 1, 0, 0, 1]
[PID: 820][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 9, 0, 1, 10]
[PID: 1768][C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] [N/A, N/A]
[PID: 1944][C:\Program Files\Apoint\Apoint.exe] [Alps Electric Co., Ltd., 5.5.101.141]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.4]
[C:\Program Files\Apoint\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.104.252]
[C:\Program Files\Apoint\EzAuto.dll] [Alps Electric Co., Ltd., 5.5.1.85]
[C:\Program Files\Apoint\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.5.1.64]
[PID: 1972][C:\Program Files\Apoint\Apntex.exe] [Alps Electric Co., Ltd., 5.5.1.19]
[C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.4]
[PID: 200][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\Program Files\Dell\QuickSet\quickset.exe] [, 1, 0, 0, 1]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]
[PID: 1428][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4020]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.4020]
[PID: 628][C:\WINDOWS\system32\dla\tfswctrl.exe] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.08a]
[PID: 712][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
[d:\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.08a]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.08a]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]
[PID: 724][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A]
[PID: 864][D:\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[D:\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 884][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[PID: 972][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe] [Kaspersky Lab, 1.8.0.180]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll] [BCGSoft Ltd, 5, 84, 0, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll] [Kaspersky Lab, 1.5.0.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll] [BCGSoft Ltd, 5, 84, 0, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll] [Kaspersky Lab, 5.0.201.1]
[PID: 2904][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2912][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3052][D:\Downloads\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]

HOSTS 文件

127.0.0.1 localhost
210.22.194.144 www.dxy.cn

重新启动电脑，自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）




运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
COM+ Error Report
IPSEC Client
，选择“删除服务”
点“设置”选择“否”


关闭所有浏览窗口以及一些不必要的程序
运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
C:\Program Files\Common Files\System\Updaterun.exe


显示隐藏文件
删除：
C:\WINDOWS\system32\bglzn.dll
C:\WINDOWS\SYSTEM32\WBEM\PBJXS.DLL
C:\Program Files\Common Files\System\Updaterun.exe

楼主日志不全,请重新扫描,多分两次复制上来

2006-12-20,13:32:58

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe>  [N/A]
    <Apoint><C:\Program Files\Apoint\Apoint.exe>  [(Verified)Alps Electric Co., Ltd.]
    <Dell QuickSet><C:\Program Files\Dell\QuickSet\quickset.exe>  [N/A]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <IntelWireless><; C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless>  [Intel Corporation]
    <!AVG Anti-Spyware><"D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Acrobat Assistant 7.0><; "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <DAEMON Tools-1033><; "D:\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
    <WinlogonNotify: IntelWireless><C:\Program Files\Intel\Wireless\Bin\LgNotify.dll>  [Intel Corporation]

==================================
启动文件夹
[卡巴斯基反黑客]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\卡巴斯基反黑客.lnk --> C:\PROGRA~1\KASPER~1\KASPER~2\KAVPF.exe [Kaspersky Lab]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <d:\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[EvtEng / EvtEng]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[COM+ Error Report / Investor]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\bglzn.dll><Microsoft Corporation>
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[LightScribeService Direct Disc Labeling Service / LightScribeService]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><>
[NICCONFIGSVC / NICCONFIGSVC]
  <C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe><Dell Inc.>
[RegSrvc / RegSrvc]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[IPSEC Client / SOCEESe]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\PBJXS.DLL,Export 1087><N/A>
[WLANKEEPER / WLANKEEPER]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.1.0.1 / AegisP]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[APPDRV / APPDRV]
  <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\d:\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cercsr6 / cercsr6]
  <C:\WINDOWS\SYSTEM32\DRIVERS\cercsr6.SYS><Adaptec, Inc.>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[drvmcdb / drvmcdb]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[HSFHWICH / HSFHWICH]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Wireless Connection Agent Miniport for Win XP / IWCA]
  <system32\DRIVERS\iwca.sys><Intel Corporation>
[Kl1 / Kl1]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[Klpf / Klpf]
  <\SystemRoot\System32\drivers\Klpf.sys><KL>
[Klpid / Klpid]
  <\SystemRoot\System32\drivers\Klpid.sys><KL>
[mdmxsdk / mdmxsdk]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
[npkcrypt / npkcrypt]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[OMCI / OMCI]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[sscdbhk5 / sscdbhk5]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SigmaTel C-Major Audio / STAC97]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tfsnboio / tfsnboio]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[U3sHlpDr / U3sHlpDr]
  <\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>
[Conexant Setup API / UIUSys]
  <system32\drivers\UIUSys.sys><N/A>

浏览器加载项
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <d:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FLASHGET\flashget.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in 1.4.2_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.>
[DRDLCtlView Class]
  {DF85A113-76ED-4D25-9107-01E5C6F98D6A} <C:\WINDOWS\drdlctl.ocx, >
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <d:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[&使用快车(FlashGet)下载]
  <D:\FLASHGET\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\FLASHGET\jc_all.htm, N/A>
[&使用迅雷下载]
  <d:\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder\Program\getallurl.htm, N/A>
[Convert link target to Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
  <res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <D:\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <D:\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Intel\Wireless\Bin\LgNotify.dll]  [Intel Corporation, 9, 0, 1, 0]
[PID: 1080][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1488][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1536][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe]  [Intel Corporation, 9, 0, 1, 12]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
[PID: 1568][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe]  [Intel Corporation , 9, 0, 1, 41]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
[PID: 1600][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe]  [Intel? Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 9, 0, 1, 45]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 9, 0, 1, 54]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 9, 0, 1, 7]
    [C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll]  [Intel Corporation, 9, 0, 1, 31]
    [C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll]  [Intel Corporation, 9, 0, 1, 31]
    [C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll]  [Intel Corporation, 9, 0, 1, 1]
[PID: 1748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [D:\Adobe\Acrobat 7.0\Distillr\adistres.dll]  [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1520][C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe]  [Intel Corporation, 9, 0, 1, 45]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 9, 0, 1, 45]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 9, 0, 1, 54]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 9, 0, 1, 7]
    [C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll]  [Intel Corporation, 9, 0, 1, 31]
    [C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll]  [Intel Corporation, 9, 0, 1, 31]
    [C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll]  [Intel Corporation, 9, 0, 1, 1]
    [C:\Program Files\Intel\Wireless\Bin\ZcSvcCHS.dll]  [Intel Corporation, 9, 0, 1, 44]
    [C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL]  [N/A, N/A]
[PID: 1860][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [d:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\system32\dla\tfswshx.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 1.1.1.1]
    [D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]

[PID: 232][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe]  [Intel, 9, 0, 1, 33]
    [C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll]  [Meetinghouse Data Communications, 3, 0, 0, 40]
    [C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 1, 22]
    [C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL]  [N/A, N/A]
[PID: 276][C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe]  [N/A, N/A]
[PID: 284][C:\Program Files\Apoint\Apoint.exe]  [Alps Electric Co., Ltd., 5.5.101.141]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.4]
    [C:\Program Files\Apoint\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.104.252]
    [C:\Program Files\Apoint\EzAuto.dll]  [Alps Electric Co., Ltd., 5.5.1.85]
    [C:\Program Files\Apoint\EzLaunch.DLL]  [Alps Electric Co., Ltd., 5.5.1.64]
[PID: 328][C:\Program Files\Dell\QuickSet\quickset.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, N/A]
[PID: 356][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.4020]
[PID: 544][C:\WINDOWS\system32\dla\tfswctrl.exe]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
[PID: 684][C:\Program Files\Common Files\System\Updaterun.exe]  [N/A, N/A]
[PID: 712][D:\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [D:\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 860][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\Program Files\Apoint\Apntex.exe]  [Alps Electric Co., Ltd., 5.5.1.19]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.4]
[PID: 992][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe]  [Kaspersky Lab, 1.8.0.180]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCB59.dll]  [BCGSoft Ltd, 5, 84, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\perfiloc.dll]  [Kaspersky Lab, 1.5.0.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\BCGCBRes.dll]  [BCGSoft Ltd, 5, 84, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\wcswmi.dll]  [Kaspersky Lab, 5.0.201.1]
[PID: 1288][C:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [, 1.0.21.1]
[PID: 1388][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1472][C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe]  [Dell Inc., 1, 0, 0, 1]
[PID: 132][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe]  [Intel Corporation, 9, 0, 1, 10]
[PID: 3112][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3264][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2564][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [d:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\system32\dla\tfswshx.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 1.1.1.1]
    [D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, N/A]
[PID: 4032][D:\Downloads\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
210.22.194.144 www.dxy.cn

==================================