机子疑似中了病毒，请高手看看下面的扫描报告，因为我没有最新版的 SRENG，所以用老版本的扫描的，改了系统时间

****
2008-04-12,23:54:50
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <miniqqlive><; "C:\Program Files\Tencent\QQLive\MiniQQLive.exe">  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Avance Logic, Inc.]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe">  [(Verified)Kaspersky Lab]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <BluetoothAuthenticationAgent><; rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Kaspersky Internet Security / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><Kaspersky Lab>
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\DOCUME~1\SOMEON~1\LOCALS~1\Temp\13308421_res.tmp><N/A>
[BoBoTurbo / BoBoTurbo][Stopped/Auto Start]
  <C:\WINDOWS\system32\boboturbo\boboturbo.exe><广州易播信息科技有限公司>
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
  <D:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Uplive Service / kaccore][Stopped/Auto Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Qvod Terminal / Qvod Terminal][Stopped/Manual Start]
  <d:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[c / c][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\c><N/A>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
  <system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Motorola Inc. USB Device / MotDev][Stopped/Manual Start]
  <system32\DRIVERS\motodrv.sys><Motorola Inc>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  <system32\DRIVERS\motmodem.sys><Motorola>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[490281 / 490281][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web 流量保护状态]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, Kaspersky Lab>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, Kaspersky Lab>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[QQMusicCreator Class]
  {6927992D-6A89-4549-8A32-95901BF5D920} <, N/A>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <C:\PROGRA~1\Tencent\QQLive\QQLive.ocx, Tencent>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(941).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\SOMEON~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, CCTV.COM>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.941.dll, ShenZhen Thunder Networking Technologies Ltd.>
[QvodCtrl Class]
  {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <d:\Program Files\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(942).dll, Xunlei Networking Technologies,LTD>
["添加到反广告"]
  <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 664 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516 / someonefly][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1804 / someonefly][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.02]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 1820 / someonefly][D:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [D:\Program Files\360safe\live.dll]  [360.cn, 1, 0, 1, 1028]
[PID: 1856 / someonefly][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 2036 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 324 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.2832]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 2128 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3288 / someonefly][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll]  [Kaspersky Lab, 8.0.0.454]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prkernel.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\params.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\pxstub.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\tempfile.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\nfio.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\fsdrvplg.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\fssync.dll]  [Kaspersky Lab, 8.0.5.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\basegui.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\thpimpl.ppl]  [Kaspersky Lab, 8.0.0.454]
    [c:\program files\kaspersky lab\kaspersky internet security 2009\winreg.ppl]  [Kaspersky Lab, 8.0.0.454]
[PID: 1208 / someonefly][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3920 / someonefly][D:\sreng2\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [D:\sreng2\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1       1.jopenkk.com
127.0.0.1       1.jopenqc.com
127.0.0.1       1.joppnqq.com
127.0.0.1       2.joppnqq.com
127.0.0.1       3.joppnqq.com
127.0.0.1       d.93se.com
127.0.0.1       ilove.com
127.0.0.1       llboss.com
127.0.0.1       tp.shpzhan.cn
127.0.0.1       wg.47255.com
127.0.0.1       www.22aaa.com
127.0.0.1       www.333292.com
127.0.0.1       www.868wg.com
127.0.0.1       www.cike007.cn
127.0.0.1       www.exiao01.com
127.0.0.1       www.tomwg.com
127.0.0.1       xx.exiao01.com
127.0.0.1       xxx.j41m.com
127.0.0.1       xxx.m111.biz
127.0.0.1       xxx.mmma.biz
127.0.0.1       xxx.vh7.biz
127.0.0.1       yu.8s7.net
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1804, C:\WINDOWS\SOUNDMAN.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
****

[ 本帖最后由 someonefly 于 2008-9-15 17:44 编辑 ]

SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软项目" 然后将下面名称的服务删除（选中有问题的服务后，点"删除服务"，点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[Background Intelligent Transfer Service / BITS]    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\DOCUME~1\SOMEON~1\LOCALS~1\Temp\13308421_res.tmp>

SREng-启动项目->服务－驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务）(不能删除就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[490281 / 490281]    <>
[c / c]    <\??\C:\WINDOWS\system32\c>

下列文件若在就删除
c:\docume~1\someon~1\locals~1\temp\13308421_res.tmp
c:\windows\system32\c

下载附件解压后双击导入注册表,修复服务项

[ 本帖最后由 kkllmnmn 于 2008-9-13 05:41 编辑 ]

谢谢 搞定了