[CODE]

2007-03-17,03:27:27

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"C:\KAV2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <Anti-Spy Tools><C:\Program Files\ast\AST.exe -min>  [DSW Lab]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KASTask><C:\Program Files\Kingsoft Antispy\KASTask.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <RavRuneip><C:\WINDOWS\System32\RacvSvc.EXE pubgotwycg.dll,HFanMa>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kvmxbma.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <0CCE6E12-C2EC-56CD+1A62-AE3FD6EF56E6}><>  [N/A]
    <{158A147F-1FC4-24FC-BC43-FA5B345D45D1}><C:\WINDOWS\System32\pjaman.dll>  [N/A]
    <{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\System32\rsjzapm.dll>  []
    <{2D47B341-43DF-4563-753F-345FFA3157D2}><C:\WINDOWS\System32\kvmxbma.dll>  []
    <{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\System32\avzxamn.dll>  []
    <{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\System32\raqjapi.dll>  []
    <{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\System32\kawdbzy.dll>  []
    <{26650011-3344-6688-4899-345FABCD1562}><C:\WINDOWS\System32\ratbbpi.dll>  []
    <{2A1247C1-53DA-FF43-ABD3-345F323A48D2}><C:\WINDOWS\System32\avwgbmn.dll>  []
    <{37D81718-1314-5200-2597-587901018073}><C:\WINDOWS\System32\kaqhczy.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
    <WinlogonNotify: DfLogon><LogonDll.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Fetion><; C:\Program Files\China Mobile\Fetion\Fetion.exe>  [China Mobile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; ?矵?
?矵?    ?矵?
?
⒌?>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <nwiz><; nwiz.exe /install>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <RavMon><; C:\Program Files\rising\rav\RavMon.exe>  [rising]
    <RavTimer><; C:\Program Files\rising\rav\RavTimer.exe>  [rising]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <WebThunder><; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]

==================================
启动文件夹
[DuDu下载加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DuDu下载加速器.lnk --> C:\PROGRA~1\DuDu\DDDCLI~1\DuDuAcc.exe [DuDu]><N>

==================================
服务
[2FF1344E / 2FF1344E][Stopped/Auto Start]
  <C:\WINDOWS\System32\D8524495.EXE -k><Microsoft Corporation>
[DFServEx / DFServEx][Running/Auto Start]
  <C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe><Hyper Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[KAVBootC / KAVBootC][Stopped/Disabled]
  <System32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[New0 / New0][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

续1
==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[AliAntiFish Class]
  {38938D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Alisoft\Toolbar\assist\yangling.dll, Alibaba>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft Antispy\IEBuddy.DLL, Kingsoft Corporation>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[DDDMon Class]
  {6BDE1669-B490-48E3-B668-456314F2D6C3} <C:\Program Files\DuDu\DddClient\dddiemon.dll, >
[]
  {A1626E66-B26B-C628-A1DF-BDACCFA26EE1} <C:\Program Files\Common Files\Relive.dll, N/A>
[assist]
  {FE3FCAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Alisoft\Toolbar\Assist\yassist.dll, Alibaba>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[]
  {3DB9F45E-AA74-4373-A466-C18A9F1C500D} <C:\Program Files\DuDu\DddClient\DuDuAcc.exe, DuDu>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[淘宝工具条]
  {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} <C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll, Alibaba>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.11.17.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\System32\msnetobj.dll, Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用DuDu 加速器下载]
  <res://C:\Program Files\DuDu\DddClient\dddmext.dll/202, N/A>
[&使用DuDu 加速器下载全部链接]
  <res://C:\Program Files\DuDu\DddClient\dddmext.dll/203, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2007\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\system32\LogonDll.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 764 / SYSTEM][C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe]  [Hyper Technologies Inc., 4.20.020.0613]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 872 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
[PID: 972 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 1004 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 1164 / SYSTEM][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2007, 8, 13, 78]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 8, 30, 130]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\KAV2007\KAVQuara.DLL]  [Kingsoft Corporation, 2007, 6, 15, 4]
    [C:\KAV2007\KAVDevC.dll]  [Kingsoft Corporation, 2007, 7, 20, 12]
[PID: 1248 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 1456 / yz][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 1748 / yz][C:\KAV2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 8, 15, 289]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\KAV2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 3, 20, 48]
    [C:\KAV2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]

续2
[C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 1904 / yz][C:\Program Files\ast\AST.exe]  [DSW Lab, 1.8.5.14]
    [C:\Program Files\ast\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ast\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\Program Files\ast\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ast\common.dll]  [DSW Lab, 1.4.0.7]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
    [C:\Program Files\ast\AutoRun.dll]  [ DSW Lab, 2.2]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\Program Files\ast\EngineSDK.dll]  [DSW Lab, 2.2.1.23]
    [C:\Program Files\ast\FileAnalyser.dll]  [DSW Lab , 1.0.1.7]
    [C:\Program Files\ast\KillModule.dll]  [DSW Lab, 1.2.2.1]
    [C:\Program Files\ast\ManagerProcess.dll]  [DSW Lab, 1.3.4.1]
    [C:\Program Files\ast\ManagerService.dll]  [DSW Lab, 1.0.6.0]
    [C:\Program Files\ast\Monitor.dll]  [DSW Lab, 1.7.8.12]
    [C:\Program Files\ast\PortAssociate.dll]  [DSW Lab, 1.0.3.0]
    [C:\Program Files\ast\SSDT.dll]  [DSW Lab, 1.0.2.1]
    [C:\Program Files\ast\TIERepair.dll]  [Secward , 1.2.2.0]
    [C:\Program Files\ast\aScanCom.dll]  [DSW Lab, 2.1.1.27]
    [C:\Program Files\ast\smart.dll]  [DSW Lab, 1.0.0.17]
    [C:\Program Files\ast\tRubbishClear.dll]  [Secward , 1.5.2.2]
    [C:\Program Files\ast\tSecurityOptimize.dll]  [DSW Lab, 1.1.0.6]
    [C:\Program Files\ast\unarc.dll]  [DSW Lab, 1.2.5]
    [C:\Program Files\ast\zDiagnosticTool.dll]  [Secward , 1.2.1.0]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\Program Files\ast\MScaner.dll]  [DSW Lab, 1.0.0.11]
    [C:\Program Files\ast\SKEngine.dll]  [DSW Lab, 1.6.5.10]
    [C:\Program Files\ast\sm.dll]  [DSW Lab, 1.0.0.1]
[PID: 1952 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.3082]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 2004 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 32]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 3, 0, 0, 35]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 2, 0, 0, 18]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 20]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
[PID: 208 / yz][C:\KAV2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 8, 16, 967]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\KAV2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 8, 30, 130]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\AE263E5B.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 368 / yz][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 500 / yz][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 8, 9, 724]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\KAV2007\FiltList.dll]  [N/A, ]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhczy.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]

续3
[PID: 980 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
[PID: 1584 / yz][C:\Program Files\DuDu\DddClient\DuDuAcc.exe]  [DuDu, 3, 1, 0, 1]
    [C:\WINDOWS\System32\rsjzapm.dll]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\Program Files\DuDu\DddClient\dddskin.dll]  [dudu, 1, 0, 0, 1]
    [C:\Program Files\DuDu\DddClient\ddddl.dll]  [dudu, 3, 1, 0, 1]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 1608 / yz][C:\Program Files\DuDu\DddClient\dudupros.exe]  [DuDu, 3, 1, 0, 1]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 748 / yz][C:\WINDOWS\System32\rsjzasp.exe]  [N/A, ]
    [C:\WINDOWS\System32\kvmxbma.dll]  [N/A, ]
[PID: 2192 / yz][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
[PID: 3472 / yz][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll]  [Alibaba, 3, 5, 7, 1007]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\ysearch.dll]  [Alibaba, 3, 5, 8, 1008]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\alibtn.dll]  [Alibaba, 1, 5, 0, 1000]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\yasnoad.dll]  [Alibaba, 3, 5, 3, 1003]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\yzsNetProto.dll]  [Alibaba, 3, 5, 1, 1001]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\antivirus.dll]  [Alibaba, 1, 0, 0, 1000]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
    [C:\PROGRA~1\Alisoft\Toolbar\assist\yangling.dll]  [Alibaba, 3, 5, 0, 1000]
    [C:\Program Files\Kingsoft Antispy\IEBuddy.DLL]  [Kingsoft Corporation, 2007,08,16,41]
    [C:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL]  [Kingsoft Corporation, 2007,09,07,137]
    [C:\Program Files\Kingsoft Antispy\dump.dll]  [Kingsoft Corporation, 2006, 2, 16, 8]
    [C:\Program Files\Kingsoft Antispy\KANTray.dll]  [Kingsoft Corporation, 2007,09,05,133]
    [C:\Program Files\Kingsoft Antispy\KAVRepRecycle.dll]  [Kingsoft Corporation, 2007,09,06,13]
    [C:\Program Files\Kingsoft Antispy\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft Antispy\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft Antispy\KAVRep.dll]  [Kingsoft Corporation, 2007,09,06,13]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [C:\Program Files\DuDu\DddClient\dddiemon.dll]  [, 3, 1, 0, 1]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\Program Files\Alisoft\Toolbar\Assist\yassist.dll]  [Alibaba, 3, 5, 1, 1001]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\Program Files\Alisoft\WangWang\WangWangX4.dll]  [阿里巴巴软件(上海)有限公司, 1, 0, 0, 1]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\aliedit\aliedit.dll]  [, 1, 1, 0, 1]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 244 / yz][C:\Program Files\WinRAR\WinRAR.exe]  [Eugene Roshal, 3.30]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\System32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
[PID: 3592 / yz][C:\DOCUME~1\yz\LOCALS~1\Temp\Rar$EX00.812\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\avwgbmn.dll]  [N/A, ]
    [C:\Program Files\ast\AST.dll]  [DSW Lab, 1.0.0.5]
    [C:\KAV2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\WINDOWS\System32\pubgotwycg.dll]  [N/A, ]
    [C:\WINDOWS\System32\FREEWB.IME]  [Delphi Fan Studio, 3.3.001]
    [C:\WINDOWS\system32\kvmxbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxamn.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjapi.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\DOCUME~1\yz\LOCALS~1\Temp\Rar$EX00.812\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[G:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[I:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1904, C:\PROGRAM FILES\AST\AST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1904, C:\PROGRAM FILES\AST\AST.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 208, C:\KAV2007\KMAILMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 500, C:\KAV2007\KPFW32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1584, C:\PROGRAM FILES\DUDU\DDDCLIENT\DUDUACC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1608, C:\PROGRAM FILES\DUDU\DDDCLIENT\DUDUPROS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 748, C:\WINDOWS\SYSTEM32\RSJZASP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 244, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: C:\KAV2007\KASocket.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\ast\AST.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

http://forum.ikaka.com/topic.asp?board=28&artid=8362073去看看吧,

C:\WINDOWS\System32\RacvSvc.EXE pubgotwycg.dll,HFanMa
C:\WINDOWS\System32\D8524495.EXE
以上文件压缩加密123发给我qcqyt1983@163.com
谢谢了