大家一定要帮帮我啊！！我已经要崩溃了！！（6月18日上午已解决）

陈-烈焰风暴

我今天闲着没事，就用优化大师和超级兔子把系统优化，清理了一下。然后更新了基础备份（我家是联想扬天的品牌机）然后把windows的系统界面调成了超经典的98样子，然后用优化大师优化了下开机速度（与那里很慢，那个XP界面的条得读30下才行），调成了20秒（比默认的快10秒）。。
备份完后，开机，就出现这个（下图，一点确定或取消，直接重启……把那个对话框放在那里不管，什么事没有）
我的启动项有COMODO和金山网盾…
我用360安全卫士弄了一下诊断，有诊断结果……希望大家爱帮帮我！我不想重装系统啊！！
各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2009-06-17  21:52:49
诊断平台: Microsoft Windows XP  Service Pack 3
IE版本: Internet Explorer V8.0.6001.18702 Build:86001
计算机物理内存:1.99GB - 当前可用内存:1.45GB
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://s.maxthon.com/
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.baidu.com/baidu?tn=yokcom_pg
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.baidu.com/baidu?tn=yokcom_pg
O1 - 未知 - Host: ------ 屏蔽迅雷看看广告 ------
O1 - 未知 - Host: 0.0.0.0 pubstat.sandai.net
O1 - 未知 - Host: 0.0.0.0 mcfg.sandai.net
O1 - 未知 - Host: 0.0.0.0 biz5.sandai.net
O1 - 未知 - Host: 0.0.0.0 float.sandai.net
O1 - 未知 - Host: 0.0.0.0 recommend.xunlei.com
O1 - 未知 - Host: 0.0.0.0 cl.kankan.xunlei.com
O1 - 未知 - Host: 0.0.0.0 211.94.190.80
O1 - 未知 - Host: 0.0.0.0 mtips.xunlei.com
O1 - 未知 - Host: 0.0.0.0 211.94.190.80
O1 - 未知 - Host: 0.0.0.0 mtips.xunlei.com
O1 - 未知 - Host: 0.0.0.0 adsresult.joywell.com.cn
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - D:\迅雷5特别版\Thunder\program\Thunder.exe
O9 - 未知 - Extra button: Research(HKLM) - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - 未知 - Extra button: @xpsp3res.dll,-20001(HKLM) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - 未知 - Options Group: International
O14 - 未知 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O18 - 未知 - Protocol: Microsoft Office InfoPath XML Mime Filter - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - 未知 - Protocol Icons: HKCR\http\shell\open\command - "D:\360浏览器\360\360se\360SE.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\https\shell\open\command - "D:\360浏览器\360\360se\360SE.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\htmlfile\shell\open\command - "D:\360浏览器\360\360se\360SE.exe" "%1"
O23 - 未知 - Service: Lenovo Upgrade Service.bis.release [为联想软件提供升级服务] - C:\Program Files\lenovo\LiveUpdate\liveupdate.exe - (not running)
O28 - 未知 - IELINK: C:\DOCUME~1\联想扬天\「开始~1\程序\附件\系统工具\INTERN~1.LNK -  -extoff
O28 - 未知 - IELINK: C:\DOCUME~1\联想扬天\「开始~1\程序\附件\系统工具\INTERN~2.LNK -  -extoff
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: cmdagent.exe [COMODO Internet Security] -
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: KSWebShield.exe [金山网盾  金山安全实验室出品] - D:\金山网盾\KSWebShieldSVC\KSWebShield.exe
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: kwstray.exe [金山网盾  金山安全实验室出品] - D:\金山网盾\KSWebShieldSVC\kwstray.exe /start
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: mdm.exe [debug除错管理用于调试应用程序和microsoft office中的microsoft script editor脚本编辑器。] - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
100 - 安全 - Process: mulservice.exe [MulService.Exe] - C:\PROGRA~1\LENOVO\MULTIR~1\mulservice.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: 360SE.exe [360安全浏览器] - D:\360浏览器\360\360se\360SE.exe
100 - 安全 - Process: cfp.exe [COMODO Internet Security] -
100 - 安全 - Process: 360Safe.exe [360安全卫士] - D:\360安全卫士\360safe\360Safe.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - D:\360安全卫士\360safe\safemon\360Tray.exe
100 - 安全 - Process: LiveUpdate360.exe [360升级加速器] - D:\360安全卫士\360safe\LiveUpdate360.exe
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://go.microsoft.com/fwlink/?LinkId=54896
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://go.microsoft.com/fwlink/?LinkId=54896
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块。] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\迅雷5特别版\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷5特别版\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [COMODO Internet Security] [COMODO Internet Security] "D:\COMODO Internet Security Installer\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: 使用迅雷下载 - D:\迅雷5特别版\Thunder\Program\GetUrl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - D:\迅雷5特别版\Thunder\Program\GetAllUrl.htm
O23 - 安全 - Service: cmdAgent [COMODO Internet Security Helper Service] - "D:\COMODO Internet Security Installer\Comodo\COMODO Internet Security\cmdagent.exe" - (running)
O23 - 安全 - Service: EventSystem [] - C:\WINDOWS\system32\es.dll - (running)
O23 - 安全 - Service: Kingsoft Antivirus WebShield Service [Kingsoft Antivirus WebShield Service] - D:\金山网盾\KSWebShieldSVC\KSWebShield.exe - (running)
O23 - 安全 - Service: mulservice [mulservice] - C:\PROGRA~1\LENOVO\MULTIR~1\mulservice.exe - (running)
O23 - 安全 - Service: Nla [Microsoft Windows Sockets 2.0 Service Provider] - C:\WINDOWS\System32\mswsock.dll - (running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (not running)
O23 - 安全 - Service: odserv [运行部分 Microsoft Office 诊断。] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - (not running)
O23 - 安全 - Service: SysmonLog [Performance Logs and Alerts Service] - C:\WINDOWS\system32\smlogsvc.exe - (not running)
O25 - 安全 - ABOUT: DesktopItemNavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationCanceled - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: OfflineInformation - res://ieframe.dll/offcancl.htm
O25 - 安全 - ABOUT: PostNotCached - res://ieframe.dll/repost.htm
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - D:\WinRAR\rarext.dll -  -  - 3.80.5.0 - 132608 - d7038db2328671dec944657d4218a3ae
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - D:\WinRAR\rarext.dll -  -  - 3.80.5.0 - 132608 - d7038db2328671dec944657d4218a3ae
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -
=======================================

=======================================
O41 - RRamdisk - Ramdisk Driver for win2k/xp/2k3 - C:\WINDOWS\system32\drivers\rramdisk.sys - (running) - Ramdisk Driver for win2k/xp/2k3 - gavotte - 3762a37c7ddd4afce6bd75aef790a920
O41 - sptd - sptd - C:\WINDOWS\system32\drivers\sptd.sys - (running) -  -  -
O41 - BlueletAudio - BlueletAudio - C:\WINDOWS\system32\DRIVERS\blueletaudio.sys - (not running) -  -  -
O41 - BlueletSCOAudio - BlueletSCOAudio - C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys - (not running) -  -  -
O41 - BT - BT - C:\WINDOWS\system32\DRIVERS\btnetdrv.sys - (not running) -  -  -
O41 - BTHidEnum - BTHidEnum - C:\WINDOWS\System32\Drivers\vbtenum.sys - (not running) -  -  -
O41 - BTHidMgr - BTHidMgr - C:\WINDOWS\System32\Drivers\BTHidMgr.sys - (not running) -  -  -
O41 - fstsys.sys - fstsys.sys - C:\WINDOWS\system32\fstsys.sys - (not running) -  -  -
O41 - SUCOP_TOOLS_SERVICE - SUCOP_TOOLS_SERVICE - D:\超级巡警工具箱\SucopDrv.sys - (not running) -  -  -
O41 - VComm - VComm - C:\WINDOWS\system32\DRIVERS\VComm.sys - (not running) -  -  -
O41 - VcommMgr - VcommMgr - C:\WINDOWS\System32\Drivers\VcommMgr.sys - (not running) -  -  -
=======================================
360Safe.exe=5.2.0.1006
AntiAdwa.dll=4.2.0.1002
AntiEng.dll=5.0.0.1002
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1003
live.dll=1.0.2.1005
=======================================
操作历史报告：
2009-06-05 22:21
清理恶评插件 - sysExp - A:\Temp\SVCHOST.EXE
2009-06-05 22:21
清理其它插件 - 迅雷看看相关插件 - C:\PROGRA~1\COMMON~1\THUNDE~1\KanKan\REALME~1.AX
清理其它插件 - 超级旋风下载组件 -
2009-06-13 12:45
清理其它插件 - 搜狗拼音语言栏支持模块 - D:\搜狗拼~1\SOGOUI~1\420~1.265\SogouTSF.dll
2009-06-17 09:06
清理其它插件 - 搜狗拼音语言栏支持模块 -
2009-06-17 17:06
清理其它插件 - 搜狗拼音语言栏支持模块 -
清理其它插件 - 视频音频分割器组件 -
清理其它插件 - 超级旋风下载组件 -
----------全面诊断修复历史----------
2009-06-01 18:32
O23 - 安全 - mulservice - C:\PROGRA~1\LENOVO\MULTIR~1\mulservice.exe
2009-06-05 22:18
R0 - 未知 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE起始页的默认页 - HKLM\Software\Microsoft\Internet Explorer\Main

小弟在此跪求了！请大家一定帮帮我啊！[:12:] [:13:]我会一直在线等消息的！
感谢大家帮助我！此外，我还总结出了一个道理
冷静才是硬道理!   只有做到这个，才能解除万难！我很有体会~
再次感谢大家！

[ 本帖最后由 陈-烈焰风暴 于 2009-6-21 20:30 编辑 ]

zhaotong

没有用过这样的软件，无法帮助，

陈-烈焰风暴

啊？？5555555555555555555555，我不要重装系统啊！（点背啊：备份点正好在这个错误的地方！555555555555）

陈-烈焰风暴

这个帖子解决前不能沉了啊！5555555555555555555555555，大家快帮帮我啊！

zhaotong

优化大师这类软件是否有回复功能的？
能不能用他回复以前的抄作？

陈-烈焰风暴

太多了…………我看不过来啊……

墨涵果果

系统不是有一键恢复吗？恢复一下也不费事啊。你搞得太乱了，想修正恐怕还不如恢复来得快。

陈-烈焰风暴

5555555555我恢复点建立在错误上！（已存在以上问题！我一键恢复过，没用！）5555555555

陈-烈焰风暴

我用SREng弄得诊断！
[2009-06-17,22:35:00
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <COMODO Internet Security><"D:\COMODO Internet Security Installer\Comodo\COMODO Internet Security\cfp.exe" -h>  [(Verified)"Comodo Security Solutions, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\INF\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[COMODO Internet Security Helper Service / cmdAgent][Running/Auto Start]
  <"D:\COMODO Internet Security Installer\Comodo\COMODO Internet Security\cmdagent.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start]
  <D:\金山网盾\KSWebShieldSVC\KSWebShield.exe><Kingsoft Corporation>
[lenovo live update / Lenovo Upgrade Service.bis.release][Stopped/Disabled]
  <C:\Program Files\lenovo\LiveUpdate\liveupdate.exe><新思软件技术有限公司>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"><Microsoft Corporation>
[mulservice / mulservice][Running/Auto Start]
  <C:\PROGRA~1\LENOVO\MULTIR~1\mulservice.exe><>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
==================================
驱动程序
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[BFSDRV / BFSDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><N/A>
[Bluetooth SCO Audio Service / BlueletSCOAudio][Stopped/Manual Start]
  <system32\DRIVERS\BlueletSCOAudio.sys><N/A>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><N/A>
[Bluetooth HID Enumerator / BTHidEnum][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><N/A>
[COMODO Internet Security Sandbox Driver / cmdGuard][Running/System Start]
  <System32\DRIVERS\cmdguard.sys><COMODO>
[COMODO Internet Security Helper Driver / cmdHlp][Running/System Start]
  <System32\DRIVERS\cmdhlp.sys><COMODO>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[fstsys.sys / fstsys.sys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\fstsys.sys><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[COMODO Internet Security Firewall Driver / Inspect][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\inspect.sys><COMODO>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Srramdisk Driver / RRamdisk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\rramdisk.sys><gavotte>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SUCOP_TOOLS_SERVICE / SUCOP_TOOLS_SERVICE][Stopped/Manual Start]
  <\??\D:\超级巡警工具箱\SucopDrv.sys><N/A>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><N/A>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\迅雷5特别版\Thunder\ComDlls\TDAtOnce_Now.dll, 深圳市迅雷网络技术有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5特别版\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360安全卫士\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷5特别版\Thunder\program\Thunder.exe, Xunlei Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\迅雷5特别版\Thunder\ComDlls\TDAtOnce_Now.dll, 深圳市迅雷网络技术有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\迅雷5特别版\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360安全卫士\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5特别版\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360安全卫士\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[使用迅雷下载]
  <D:\迅雷5特别版\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷5特别版\Thunder\Program\GetAllUrl.htm, N/A>

下楼还有！

陈-烈焰风暴

接上楼！
==================================
正在运行的进程
[PID: 496 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 572 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 836 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1112 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1212 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1288 / SYSTEM][D:\金山网盾\KSWebShieldSVC\KSWebShield.exe]  [Kingsoft Corporation, 2009,06,10,109]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kwssp.dll]  [Kingsoft Corporation, 2009,06,09,107]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
    [D:\金山网盾\KSWebShieldSVC\kxestat.dll]  [Kingsoft Corporation, 2009,06,15,24]
[PID: 1380 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1476 / 联想扬天][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
    [D:\迅雷5特别版\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5.0.8.179]
    [D:\迅雷5特别版\Thunder\ComDlls\TDAtOnce_Now.dll]  [深圳市迅雷网络技术有限公司, 1.2.6.148]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.4820]
    [D:\WinRAR\rarext.dll]  [N/A, ]
    [D:\COMODO Internet Security Installer\Comodo\COMODO Internet Security\cavshell.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 6.14.10.4820]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.4820]
[PID: 1624 / 联想扬天][D:\金山网盾\KSWebShieldSVC\kwstray.exe]  [Kingsoft Corporation, 2009,5,19,63]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
[PID: 2036 / 联想扬天][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
[PID: 400 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 412 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe]  [Microsoft Corporation, 7.10.3077]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.10.3077]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
[PID: 760 / SYSTEM][C:\PROGRA~1\LENOVO\MULTIR~1\mulservice.exe]  [, 2, 0, 0, 1]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1208 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\guard32.dll]  [N/A, ]
[PID: 2660 / 联想扬天][D:\360浏览器\360\360se\360SE.exe]  [360安全中心, 2, 2, 0, 1]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
    [D:\金山网盾\KSWebShieldSVC\KSWBC.dll]  [Kingsoft Corporation, 2009,06,09,107]
    [D:\金山网盾\KSWebShieldSVC\kwsui.dll]  [Kingsoft Corporation, 2009,06,15,114]
    [D:\360浏~1\360\360se\360\360core\360core.dll]  [, 1, 0, 0, 8]
    [D:\360浏~1\360\360se\360\searchcore\searchcore.dll]  [, 1, 0, 1, 4]
    [D:\360浏~1\360\360se\Plugin\Hidehelper\Hidehelper.dll]  [, 1, 0, 0, 1]
    [D:\360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1014]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.0.2654]
    [D:\搜狗拼音输入法\SogouInput\4.2.0.2654\Resource.dll]  [Sogou.com Inc., 4.2.0.2654]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [D:\迅雷5特别版\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 6.0.4.179]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 2884 / 联想扬天][D:\迅雷5特别版\Thunder\program\Thunder.exe]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\BugReportU.dll]  [深圳市迅雷网络技术有限公司, 1, 4, 1, 20]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\迅雷5特别版\Thunder\program\libexpat.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\liblua.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\XLGraphic.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\libpng13.dll]  [, 1.2.34]
    [D:\迅雷5特别版\Thunder\program\zlib1.dll]  [, 1.2.3]
    [D:\迅雷5特别版\Thunder\program\XLLuaRuntime.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\sqlite3.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\mini_unzip_dll.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\HookEx.dll]  [N/A, ]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
    [D:\金山网盾\KSWebShieldSVC\kwsui.dll]  [Kingsoft Corporation, 2009,06,15,114]
    [D:\迅雷5特别版\Thunder\Program\XLGUIPlatform.dll]  [TODO: <公司名>, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\ThunderStorage.dll]  [, 1, 0, 0, 2]
    [D:\迅雷5特别版\Thunder\program\XLWebDownload.dll]  [深圳市迅雷网络技术有限公司, 5.9.1.722]
    [D:\迅雷5特别版\Thunder\program\asyn_frame.dll]  [深圳市迅雷网络技术有限公司, 1, 4, 2, 34]
    [D:\迅雷5特别版\Thunder\program\mp.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 5]
    [D:\迅雷5特别版\Thunder\program\Thunders.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 4, 2, 343]
    [D:\迅雷5特别版\Thunder\program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 31]
    [D:\迅雷5特别版\Thunder\program\ptl.dll]  [Thunder Networking Technologies,LTD, 3, 2, 2, 60]
    [D:\迅雷5特别版\Thunder\program\dl_peer_id.dll]  [深圳市迅雷网络技术有限公司, 3, 1, 2, 4]
    [D:\迅雷5特别版\Thunder\program\xl_stat.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 7]
    [D:\迅雷5特别版\Thunder\program\fs.dll]  [深圳市迅雷网络技术有限公司, 1, 1, 2, 19]
    [D:\迅雷5特别版\Thunder\program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1,1,2,16]
    [D:\迅雷5特别版\Thunder\Components\SkinEngine\skinEngine.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\SkinEngine2.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\迅雷5特别版\Thunder\Components\GougouSearch\GougouSearch.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\Program\DllNewTask.DLL]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\Components\Config\ConfigPane.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\Components\FloatPanel\FloatPanel.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\XLGUIDevEnv.dll]  [TODO: <公司名>, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\program\GBLCategory.dll]  [Xunlei Networking Technologies,LTD, 5.9.1.922]
    [D:\迅雷5特别版\Thunder\Components\BaseCommunity\BaseCommunity.dll]  [Thunder Networking Technologies,LTD, 5.9.2.721]
    [D:\迅雷5特别版\Thunder\program\libjpeg6b.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\giflib4.dll]  [N/A, ]
    [D:\迅雷5特别版\Thunder\program\XLI18N.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 1]
    [D:\迅雷5特别版\Thunder\program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,55]
    [D:\迅雷5特别版\Thunder\program\stream.dll]  [ShenZhen Thunder Networking Technologies,Ltd., 2, 1, 2, 1047]
    [D:\迅雷5特别版\Thunder\program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 71]
    [D:\迅雷5特别版\Thunder\program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1,0,2,53]
    [D:\迅雷5特别版\Thunder\program\p2p_local_res.dll]  [深圳市迅雷网络技术有限公司, 1,1,2,18]
    [D:\迅雷5特别版\Thunder\program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,38]
    [D:\迅雷5特别版\Thunder\program\sl.dll]  [深圳市迅雷网络技术有限公司, 1.0.2.2]
    [D:\迅雷5特别版\Thunder\program\http.dll]  [Thunder Networking Technologies,LTD, 1.0.2.5]
    [D:\迅雷5特别版\Thunder\program\XLCP.dll]  [Thunder Networking Technologies,LTD, 1.0.2.6]
    [D:\迅雷5特别版\Thunder\program\XLUser.dll]  [Thunder Networking Technologies,LTD, 1.0.2.15]
    [D:\迅雷5特别版\Thunder\program\emule_shell.dll]  [, 1, 0, 2, 13]
    [D:\迅雷5特别版\Thunder\program\module_downloader.dll]  [, 1, 0, 2, 9]
    [D:\迅雷5特别版\Thunder\program\emule_id.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 12]
    [D:\迅雷5特别版\Thunder\program\bd.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 20]
[PID: 1348 / 联想扬天][G:\迅雷下载\软件\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
[PID: 1316 / 联想扬天][G:\迅雷下载\软件\SREeb1fbb23.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\guard32.dll]  [N/A, ]
    [D:\金山网盾\KSWebShieldSVC\kswebshield.dll]  [Kingsoft Corporation, 2009,06,04,99]
    [G:\迅雷下载\软件\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
------ 屏蔽迅雷看看广告 ------
0.0.0.0   pubstat.sandai.net
0.0.0.0   mcfg.sandai.net
0.0.0.0   biz5.sandai.net
0.0.0.0   float.sandai.net
0.0.0.0   recommend.xunlei.com
0.0.0.0   cl.kankan.xunlei.com
0.0.0.0    211.94.190.80
0.0.0.0   mtips.xunlei.com
0.0.0.0   211.94.190.80
0.0.0.0   mtips.xunlei.com
0.0.0.0   adsresult.joywell.com.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2884, D:\迅雷5特别版\THUNDER\PROGRAM\THUNDER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1348, G:\迅雷下载\软件\SRENGLDR.EXE]

==================================
计划任务
[已启用] User_Feed_Synchronization-{65D2D0C3-508D-4FCC-8331-42E3BE2AB97F}.job
        C:\WINDOWS\system32\msfeedssync.exe

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：NtCreateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：NtCreateProcessEx (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：NtDeleteFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：NtLoadDriver (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：NtSetInformationProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwCreateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwCreateProcessEx (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwDeleteFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwOpenFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ZwSetInformationProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateServiceW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：DeleteFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：DeleteFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：LoadLibraryA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：LoadLibraryW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：MoveFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：MoveFileExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：MoveFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：MoveFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CopyFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CopyFileExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CopyFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CopyFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：GetProcAddress (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ShellExecuteA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ShellExecuteEx (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ShellExecuteExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ShellExecuteExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)
入口点错误：ShellExecuteW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\guard32.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]