启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><"D:\KAV2007\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <EOUApp><C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe>  [Intel Corporation]
    <IntelWireless><C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless>  [Intel Corporation]
    <iResearchiClick><"C:\PROGRA~1\IRESEA~1\iClick\iResearchiClick.exe" -d 150>  [iResearch]
    <SoundMan><; SOUNDMAN.EXE>  [N/A]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IntelZeroConfig><C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe>  [Intel Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <QQDoctor><"D:\QQ\QQDoctor\QQDoctor.exe" /fork>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\windows\downlo~1\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
    <WinlogonNotify: IntelWireless><C:\Program Files\Intel\Wireless\Bin\LgNotify.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\羿风\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\羿风\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[EvtEng / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[kusn33sd / kusn33sd][Stopped/Auto Start]
  <C:\windows\system32\kusn33sd.exe -j><Microsoft Corporation>
[OwnershipProtocol / OwnershipProtocol][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe><Intel Corporation>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[System Event loader / sysloader][Stopped/Auto Start]
  <"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><Microsoft>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\windows\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[34429125 / 34429125][Stopped/Manual Start]
  <\??\C:\windows\system32\Drivers\34428890.sys><N/A>
[360IceBreaker / 360IceBreaker][Stopped/Manual Start]
  <\??\C:\windows\system32\drivers\360IceBreaker.sys><N/A>
[49218 / 49218][Stopped/Manual Start]
  <\??\C:\windows\system32\Drivers\49203.sys><Driver>
[7yl5zihb / 7yl5zihb0][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\7yl5zihb0.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\windows\system32\drivers\acpidisk.sys><N/A>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件（北京）有限公司>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Smart card reader 2000 service / ft2k][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[hyq59hi / hyq59hi][Running/Auto Start]
  <\??\C:\windows\system32\drivers\hyq59hi.sys><N/A>
[hyusnk2 / hyusnk23][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hyusnk23.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ivvykx4 / ivvykx45][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ivvykx45.sys><N/A>
[Intel Wireless Connection Agent Miniport for Win XP / IWCA][Running/Manual Start]
  <system32\DRIVERS\iwca.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nod32drv / nod32drv][Stopped/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\qq\npkcrypt.sys><N/A>
[npkcusb / npkcusb][Stopped/Auto Start]
  <\??\D:\qq\npkcusb.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[rfphpf / rfphpf][Running/System Start]
  <2 - 系统找不到指定的文件。
><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Disabled]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[WLAN 传输 / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SSCFS / SSCFS][Running/Boot Start]
  <\SystemRoot\system32\drivers\sscfs.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
  <\??\C:\windows\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>
[zxrzsz0 / zxrzsz02][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zxrzsz02.sys><N/A>
[khkiqf / khkiqf][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\khkiqf.sys><N/A>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

浏览器加载项
[browser Class]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\oY0Xr8Mc0Q.dll, Microsoft Corporation>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PaiditEdit Class]
  {110D36B4-DA6C-4A2B-B160-44109802C707} <C:\WINDOWS\system32\PAIDIT~1.DLL, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\windows\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\windows\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\windows\system32\KvDown.ocx, dreamersoft>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <F:\Program Files\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\windows\system32\Msjava.dll, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PaiditEdit Class]
  {110D36B4-DA6C-4A2B-B160-44109802C707} <C:\WINDOWS\system32\PAIDIT~1.DLL, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <D:\PPLive\SYNACA~2.OCX, Synacast>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <F:\Program Files\DownAndPlay\DapPlayer3.0.11.17.dll, ShenZhen Thunder Networking Technologies Ltd.>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[KvScan Control]
  {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\windows\KVSCAN~1\KvKill.ocx, jiangmin>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Documents and Settings\羿风\桌面\专杀与快捷\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\Program Files\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {80BF4636-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, N/A>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\windows\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\windows\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360safe\safemon\safemon.dll, >
[3721]
  {B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\windows\downlo~1\CnsMin.dll, 国风因特软件（北京）有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\windows\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\windows\system32\3DShowVM.ocx, QQ>
[browser Class]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\oY0Xr8Mc0Q.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\windows\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\windows\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, N/A>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\windows\system32\KvDown.ocx, dreamersoft>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用Web迅雷下载]
  <F:\Program Files\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <F:\Program Files\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>

正在运行的进程
[PID: 1044][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\windows\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.1]
    [C:\windows\system32\winlib .dll]  [N/A, ]
    [C:\windows\system32\kusn433sd3.dll]  [Microsoft Corporation, ]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\loader.dll]  [Microsoft, 3.0.2]
    [C:\Program Files\Intel\Wireless\Bin\LgNotify.dll]  [Intel Corporation, 9, 0, 2, 10]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1184][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1092][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe]  [Intel, 9, 0, 2, 10]
    [C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll]  [Meetinghouse Data Communications, 3, 0, 0, 60]
    [C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 9, 0, 2, 10]
    [C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 9, 0, 2, 10]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL]  [N/A, ]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
[PID: 2888][C:\windows\system32\dgd4bs.exe]  [N/A, ]
    [C:\windows\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\windows\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2664][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3908][C:\windows\explorer.exe]  [Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]
    [C:\windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\windows\system32\kusn433sd3.dll]  [Microsoft Corporation, ]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\windows\downlo~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.6]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 4076][C:\windows\system32\dgd4bs.exe]  [N/A, ]
    [C:\windows\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\windows\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3100][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_3027.dll]  [Microsoft Corporation, 3, 0, 1, 0]
    [C:\windows\downlo~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.6]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 932][D:\杀毒软件\日志扫描\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\3721\cnsm.dll]  [北京三七二一科技有限公司, 2.5.5.1008]
    [C:\windows\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [D:\KAV2007\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

禁用服务和驱动程序
kusn33sd / kusn33sd
System Event loader / sysloader
Wireless Service / WZCSRVC

34429125 / 34429125
49218 / 49218
7yl5zihb / 7yl5zihb0
acpidisk / acpidisk
hyq59hi / hyq59hi
hyusnk2 / hyusnk23
ivvykx4 / ivvykx45
rfphpf / rfphpf
SSCFS / SSCFS(可疑)
zxrzsz0 / zxrzsz02
khkiqf / khkiqf

删除浏览器加载项
browser Class
Info cache