HijackThis_zww汉化版扫描日志 V1.99.1
保存于      16:52:43, 日期 2007-8-2
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\kav2007\KAVStart.exe
C:\WINDOWS\System32\ctfmon.exe
E:\kav2007\KPFW32.EXE
E:\kav2007\KMailMon.EXE
E:\kav2007\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yayad\AdPop.Exe
C:\!WNM\wnb.exe
C:\Documents and Settings\lzjian\桌面\HijackThis1[1].99.1\HijackThis1991zww.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: KAVAntiFishing - {55302805-482E-470E-8A57-6795A1487F90} - E:\kav2007\KAVAFish.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [KavStart] "E:\kav2007\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "E:\kav2007\KPFW32.EXE"
O8 - IE右键菜单中的新增项目: &使用超级旋风下载 - e:\Program Files\Tencent\QQDownload\geturl.htm
O8 - IE右键菜单中的新增项目: &使用超级旋风下载全部链接 - e:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - e:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 金山毒霸反钓鱼... - E:\kav2007\KAF\ShowSet.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - I:\haofang\haofang\HFGameOPT\GameClient.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O11 - Options group: [TBH] 中文搜搜
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{145EDCBB-1B82-4563-B50F-7EB7976586E8}: NameServer = 202.96.128.86,202.96.128.166
O20 - AppInit_DLLs: wdbpri.dll
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - E:\kav2007\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - E:\kav2007\KWatch.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[CODE]

2007-08-02,16:58:46

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <KavPFW><"E:\kav2007\KPFW32.EXE">  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"E:\kav2007\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><qjepri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\System32\mycpri.dll>  []
    <{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll>  []
    <{C1351752-5628-1547-FFAB-BADC13512AFC}><C:\WINDOWS\System32\ztlpri.dll>  []
    <{813AF41A-21B1-131B-1BFC-D2A90DF4A2B8}><C:\WINDOWS\System32\xygpri.dll>  []
    <{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\qjepri.dll>  []
    <{425AB2F3-234A-7469-2F43-E341713ABFA4}><C:\WINDOWS\System32\wgdpri.dll>  []
    <{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\System32\wldpri.dll>  []
    <{6A65498A-7653-9801-1647-987114AB7F46}><C:\WINDOWS\System32\zxfpri.dll>  []
    <{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\System32\wdbpri.dll>  []
    <{212BC423-3713-224D-3F55-32B35C62B112}><C:\WINDOWS\System32\tlmpri.dll>  []
    <{759AFD5B-159F-ACD8-954C-ACD545FA6587}><C:\WINDOWS\System32\jzgpri.dll>  []
    <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll>  []
    <{3FFAB213-ABCF-F421-FBA1-3FA352343213}><C:\WINDOWS\System32\wscpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"E:\kav2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
  <E:\kav2007\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[KNetWch / KNetWch][Running/System Start]
  <\??\E:\kav2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Ad Engine]
  {077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <E:\kav2007\KAVAFish.DLL, Kingsoft Corporation>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <I:\haofang\haofang\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[&使用超级旋风下载]
  <e:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <e:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <e:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[金山毒霸反钓鱼...]
  <E:\kav2007\KAF\ShowSet.htm, N/A>

==================================
正在运行的进程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 808 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 892 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 912 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1212 / lzjian][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8195]
    [C:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8195]
    [C:\WINDOWS\System32\nvshell.dll]  [, ]
    [C:\!WNM\WNMKEY.DLL]  [N/A, ]
    [E:\WinRAR\rarext.dll]  [N/A, ]
    [E:\kav2007\KAVEXT.DLL]  [Kingsoft Corporation, 2007, 6, 21, 29]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 1668 / lzjian][E:\kav2007\KAVStart.exe]  [Kingsoft Corporation, 2007, 7, 5, 278]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [E:\kav2007\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [E:\kav2007\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [E:\kav2007\PopSprt3.dll]  [Kingsoft Corporation, 2007, 3, 20, 48]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]

[PID: 1704 / lzjian][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
[PID: 1716 / lzjian][E:\kav2007\KPFW32.EXE]  [Kingsoft Corporation, 2007, 7, 4, 721]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [E:\kav2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [E:\kav2007\FiltList.dll]  [N/A, ]
    [E:\kav2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [E:\kav2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1888 / lzjian][E:\kav2007\KMailMon.EXE]  [Kingsoft Corporation, 2007, 4, 6, 956]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [E:\kav2007\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2007, 1, 15, 30]
    [E:\kav2007\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [E:\kav2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [E:\kav2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [E:\kav2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 6, 20, 124]
    [E:\kav2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 228 / SYSTEM][E:\kav2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 244 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8195]
[PID: 328 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1944 / lzjian][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [e:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Yayad\AdCore.dll]  [CDM, 1.0.0.1]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [Tencent, 5, 0, 1, 17]
    [E:\kav2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [E:\kav2007\KAScript.DLL]  [Kingsoft Corporation, 2007, 3, 6, 75]
    [E:\kav2007\KAEPlat.DLL]  [Kingsoft Corp., 2007, 6, 19, 64]
    [E:\kav2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [E:\kav2007\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 6, 20, 124]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\!WNM\WNMKEY.DLL]  [N/A, ]
[PID: 3324 / lzjian][C:\!WNM\wnb.exe]  [N/A, ]
    [C:\!WNM\WNMKEY.DLL]  [N/A, ]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 3800 / lzjian][I:\下载\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\wdbpri.dll]  [N/A, ]
    [E:\kav2007\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\kav2007\KASocket.dll]  [Kingsoft Corporation, 2007, 3, 18, 241]
    [C:\!WNM\WNMKEY.DLL]  [N/A, ]
    [C:\DOCUME~1\lzjian\LOCALS~1\Temp\mnso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wscpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tlmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xygpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztlpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [I:\下载\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1716, E:\KAV2007\KPFW32.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1888, E:\KAV2007\KMAILMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3324, C:\!WNM\WNB.EXE]

==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: E:\kav2007\KASocket.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]