[CODE]
2005-04-01,08:46:03
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KavPFW><"D:\Kingsoft\Kingsoft Internet Security 2008\kpfw32.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
    <金山清理专家实时保护><"D:\Kingsoft Antispy\monitor\kastray.exe">  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Publisher]
    <JMB36X IDE Setup><C:\WINDOWS\JM\JMInsIDE.exe>  []
    <JMB36X Configure><C:\WINDOWS\system32\JMRaidSetup.exe boot>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <KavStart><"D:\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <FixCamera><C:\WINDOWS\FixCamera.exe>  []
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
N/A

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727)

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Basic Service / kaccore][Running/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <D:\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"D:\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"D:\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Qvod Terminal / Qvod Terminal][Stopped/Manual Start]
  <D:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>

==================================
驱动程序
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\D:\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, Adobe Systems Incorporated>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <D:\KINGSO~1\KASBrowserShield.DLL, Kingsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <D:\KINGSO~1\IEBuddyExt.DLL, Kingsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <D:\KINGSO~1\IEBuddyExt.DLL, Kingsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <D:\KINGSO~1\IEBuddy.dll, Kingsoft Corporation>
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <D:\AliWangWang\AliIMX.dll, Alibaba software (Shanghai) Corporation.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5809.132.(277).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, Adobe Systems, Inc.>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <D:\KINGSO~1\KASBrowserShield.DLL, Kingsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5890.247.(276).dll, Thunder Networking Technologies,LTD>

==================================
正在运行的进程
[PID: 632 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
[PID: 1716 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [D:\Kingsoft\Kingsoft Internet Security 2008\ktaskbar.dll]  [Kingsoft Corporation, 2009,01,13,731]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1812 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.1.1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1884 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
[PID: 504 / Administrator][C:\WINDOWS\FixCamera.exe]  [, 1, 0, 0, 9]
[PID: 540 / Administrator][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 5, 0]
[PID: 1296 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336 / Administrator][D:\Kingsoft Antispy\monitor\kastray.exe]  [Kingsoft Corporation, 2009,03,16,269]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\KAC\Service\kacctl.dll]  [Kingsoft Corporation, 2009,02,05,458]
    [D:\Kingsoft Antispy\monitor\kaspop.dll]  [Kingsoft Corporation, 2009,03,17,270]
[PID: 396 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
[PID: 480 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2304 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2364 / Administrator][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
[PID: 2884 / SYSTEM][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe]  [Kingsoft Corporation, 2009,03,30,520]
    [C:\Program Files\Kingsoft\KAC\Service\corehelper.dll]  [Kingsoft Corporation, 2009,02,16,473]
    [D:\Kingsoft Antispy\kutltproxy.dll]  [Kingsoft Corporation, 2009,01,09,199]
    [D:\Kingsoft Antispy\proxy\regmonitorproxy.dll]  [Kingsoft Corporation, 2009,02,23,243]
[PID: 3232 / Administrator][D:\Kingsoft Antispy\monitor\kudiskmon.exe]  [Kingsoft Corporation, 2008,12,05,106]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
[PID: 3004 / Administrator][E:\求求\QQ.exe]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQBaseClassInDll.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQHelperDll.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\BasicCtrlDll.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [E:\求求\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\求求\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\求求\QQAPI.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\LoginCtrl.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\LoginCtrlRes.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQRes.dll]  [TENCENT, 8,0,776,1805]
    [E:\求求\QQMainFrame.dll]  [N/A, ]
    [E:\求求\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
    [E:\求求\QQPlugin.dll]  [N/A, ]
    [E:\求求\UnReadMsgMgr.dll]  [N/A, ]
    [E:\求求\CQQApplication.dll]  [N/A, ]
    [E:\求求\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\求求\NewSkin.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\MailSummary.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQSpace.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [E:\求求\msdmo.dll]  [, ]
    [E:\求求\QQKnowledgeSearch.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\OEMApplication.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQGroupMng.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQAllInOne.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [E:\求求\CameraDll.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQPet.dll]  [TENCENT, 8,0,777,1805]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\求求\QRingMng.dll]  [N/A, ]
    [E:\求求\UserDefinedHead.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQCustomFace.dll]  [N/A, ]
    [E:\求求\QQConfigPlugin.dll]  [TENCENT, 8,0,777,1805]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\求求\ImageOle.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQLiveQMng.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\LongConnection.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQAvatar.dll]  [N/A, ]
    [E:\求求\PhoneAPI.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\求求\GroupConnection.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\BQQApplication.dll]  [N/A, ]
    [E:\求求\QQSysMsgMng.dll]  [N/A, ]
    [E:\求求\CommercesMng.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\PersonalDesktop.dll]  [TENCENT, 8,0,777,1805]
    [E:\求求\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [E:\求求\P2PFile\vqqsdl.dll]  [Tencent Technology (Shenzhen) Company Limited, 5, 0, 0, 6]
    [E:\求求\QQSceneMng.dll]  [N/A, ]
    [E:\求求\AddrSearch.dll]  [Tencent, 2, 3, 10, 12]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
[PID: 3640 / Administrator][E:\求求\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
[PID: 2112 / Administrator][E:\创鸿软件\webcasting\webcasting.exe]  [, 4.6.5.1761]
    [E:\创鸿软件\webcasting\JESION.DLL]  [N/A, ]
    [E:\创鸿软件\webcasting\VALIDPARSE.DLL]  [创鸿软件, 5.0.0.0]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\WINDOWS\system32\msjetoledb40.dll]  [, ]
    [C:\WINDOWS\system32\midas.dll]  [Borland Software Corporation, 6.0.10.157]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.2093]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
[PID: 3860 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [D:\KINGSO~1\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,12,11,149]
    [D:\KINGSO~1\IEBuddy.dll]  [Kingsoft Corporation, 2008,12,11,149]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
    [D:\KINGSO~1\IEBuddyExt.DLL]  [Kingsoft Corporation, 2009,01,13,205]
    [D:\KINGSO~1\kis.dll]  [Kingsoft Corporation, 2008,08,12,55]
    [D:\KINGSO~1\KANTray.dll]  [Kingsoft Corporation, 2008,06,24,415]
    [D:\KINGSO~1\kaeinfolog.dll]  [Kingsoft Corporation, 2008,12,12,60]
    [D:\KINGSO~1\KAVAFish.DLL]  [Kingsoft Corporation, 2009,03,30,287]
    [D:\KINGSO~1\kacc.dll]  [Kingsoft Corporation, 1, 0, 0, 7]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.2093]
[PID: 1420 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
[PID: 2532 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.016\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [D:\KINGSO~1\iebuddy2.dll]  [Kingsoft Corporation, 2009,01,13,204]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.016\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.016\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    858656.com
127.0.0.1    my123.com
127.0.0.1    8749.com
127.0.0.1    4199.com
127.0.0.1    7379.com
127.0.0.1    7255.com
127.0.0.1    3448.com
127.0.0.1    7939.com
127.0.0.1    8009.com
127.0.0.1    piaoxue.com
127.0.0.1    kzdh.com
127.0.0.1    about.blank.la
127.0.0.1    6781.com
127.0.0.1    7322.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1568, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1716, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 504, C:\WINDOWS\FIXCAMERA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 396, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2112, E:\创鸿软件\WEBCASTING\WEBCASTING.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

高手给看下  在线等···

日志以附件的方式上传，这样贴上来，看起来很费劲。。。