{A9BE2902-C447-420A-BB7F-A5DE921E6138} <d:\KAV6\KAIEPlus.DLL, >
[]
  {E1FC9760-7B95-49CD-80B9-8C9E41017B93} <d:\KAV6\KAVEXT.DLL, Kingsoft Corp.>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 512 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 960 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1052 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1268 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1460 / haofeng][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\WinRAR\rarext.dll]  [N/A, ]
    [d:\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.53.26.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [d:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [d:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [d:\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [d:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[PID: 1492 / SYSTEM][C:\WINDOWS\system32\crypserv.exe]  [Kenonic Controls Ltd., 5.4.0]
[PID: 1528 / SYSTEM][d:\KAV6\KAVSvc.EXE]  [kingsoft Antivirus, 2003, 11, 12, 70]
    [d:\KAV6\SvcComm.dll]  [kingsoft Antivirus, 2004, 7, 28, 1]
    [d:\KAV6\SvcTimer.DLL]  [Kingsoft, 2004.4.29.79]
    [d:\KAV6\KavComm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [d:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
    [d:\KAV6\KWatchFn2.dll]  [kingsoft Corporation, 2004, 8, 24, 25]
    [d:\KAV6\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [d:\KAV6\KAEPlat.DLL]  [Kingsoft Corp., 2005, 12, 29, 56]
    [d:\KAV6\KAEMem.DAT]  [Kingsoft, 2006, 4, 12, 13]
    [d:\KAV6\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 6, 15, 44]
    [d:\KAV6\KAVUtils.dll]  [Kingsoft Corp, 2004, 2, 12, 69]
    [d:\KAV6\KAVDlg.DLL]  [, 2004.7.20.81]
    [d:\KAV6\KAVLogFn.dll]  [, 2003, 11, 26, 16]
[PID: 1552 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
[PID: 1612 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1172 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1624 / haofeng][C:\Program Files\racer-han-cnc\racer.exe]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\rwxre.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\nspr4.dll]  [Netscape Communications Corporation, 4.5 Beta]
    [C:\Program Files\racer-han-cnc\xpcom.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\nss3.dll]  [Netscape Communications Corporation, 3.9.1]
    [C:\Program Files\racer-han-cnc\softokn3.dll]  [Netscape Communications Corporation, 3.9.1]
    [C:\Program Files\racer-han-cnc\gkgfx.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\xpcom_compat.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\racer-han-cnc\components\racer_base_comp.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\racer_base.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\kbdhook.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\components\pipnss.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\components\gklayout.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\components\jar50.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\components\xpcom_compat_c.dll]  [Mozilla Foundation, 1.7.3: 2007040220]
    [C:\Program Files\racer-han-cnc\components\racer_ad_comp.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\components\racer_access_pppoe.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\racer-han-cnc\components\racer_nss4_comp.dll]  [Putian Runway, 3,3,130,256]
    [C:\Program Files\racer-han-cnc\nss4.dll]  [北京润汇科技有限公司, 1, 0, 0, 4]
    [C:\Program Files\racer-han-cnc\wpcap.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-han-cnc\packet.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-han-cnc\WanPacket.dll]  [CACE Technologies, 3, 2, 0, 29]
[PID: 1660 / haofeng][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.60]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.12]
[PID: 404 / haofeng][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 2164 / haofeng][D:\KAV6\KWatchUI.EXE]  [, 2004.1.6.119]
    [D:\KAV6\kavcomm.dll]  [Kingsoft Corporation, 2003, 11, 12, 66]
    [D:\KAV6\kavdlg.dll]  [, 2004.7.20.81]

[D:\KAV6\KAVMLM.DLL]  [Kingsoft Corporation, 2003.11.12.10]
    [D:\KAV6\RpcBrge.DLL]  [kingsoft, 2003, 11, 12, 64]
[PID: 2932 / haofeng][D:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 1, 50]
    [D:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
[PID: 1924 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 2232 / haofeng][F:\系统反间谍\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [F:\系统反间谍\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1492, C:\WINDOWS\SYSTEM32\CRYPSERV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1624, C:\PROGRAM FILES\RACER-HAN-CNC\RACER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2164, D:\KAV6\KWATCHUI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2932, D:\MAXTHON\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

大家帮我看看啊