使用sreng --》启动项目--》警告。。用兔子，发现在C:\WINDOWS\system32\mprmsgse.axz可疑文件。金山提示这个软件叫mallgoo2。。 不过杀了，过些时间又会出现。。

CODE]

2007-01-23,15:37:14

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <NVIEW><rundll32.exe nview.dll,nViewLoadHook>  [(Verified)NVIDIA Corporation]
    <LDM><C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe>  [Logitech]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [Kingsoft Corporation]
    <KASStart><"C:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE" -Startup>  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [(Verified)NVIDIA Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[C204D545 / C204D545][Stopped/Auto Start]
  <C:\WINDOWS\system32\C204D545.EXE -service><Microsoft Corporation>
[E5A3DD04 / E5A3DD04][Stopped/Auto Start]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2007\KWatch.EXE><Kingsoft Corporation>
[Vsn lwok Service / lwok][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\rsuq\ygyx.dll,Service><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Windows User Mode Driver Framework / UMWdf][Stopped/Disabled]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Venturi2 Client / Venturi2][Running/Auto Start]
  <C:\Program Files\Venturi2\Client\ventc.exe><Fourelle Systems, Inc>
[Windows Video2 / Windows Video2][Stopped/Auto Start]
  <C:\WINDOWS\system32\msvd2.exe><>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\MsPMSNSv.dll><Microsoft Corporation>

==================================
驱动程序
[19122453 / 19122453][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\19122453.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[av_wpx / av_wpx][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\av_wpx.sys><N/A>
[c18886781 / c18886781][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\c18886781.sys><N/A>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[fhbacidb / fhbacidb][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\fhbacidb.sys><N/A>
[ggefhahh / ggefhahh][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\ggefhahh.sys><中国互联网络信息中心(CNNIC)>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Logitech SetPoint PS/2 Mouse Filter Driver / L8042mou][Stopped/Manual Start]
  <System32\Drivers\L8042mou.sys><Logitech, Inc.>
[Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start]
  <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.>
[Logitech SetPoint USB Receiver device driver / LHidUsbK][Running/Manual Start]
  <System32\Drivers\LHidUsbK.Sys><Logitech, Inc.>
[Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start]
  <System32\Drivers\LMouKE.sys><Logitech, Inc.>
[MegaIDE / MegaIDE][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\自己的程序\tm\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qtutpdz / qtutpdz][Running/Boot Start]
  <\SystemRoot\system32\drivers\qtutpdz.sys><>
[RsAntiSpyware / RsAntiSpyware][Running/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ViaIde / ViaIde][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[vrlbfpyd / vrlbfpyd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\vrlbfpyd.sys><Yahoo! China Corporation>
[wg_ggz / wg_ggz][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\wg_ggz.sys><N/A>
[yu_ars / yu_ars][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\yu_ars.sys><N/A>

==================================
浏览器加载项
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, N/A>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[]
  {08F3ED25-EADF-453C-A950-0538F625697F} <C:\WINDOWS\system32\ekssnsmbxmmsd.dll, N/A>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[wmicsmgr]
  {333872C4-92D6-4396-8542-64AB96518950} <, N/A>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2007\KAVAFish.DLL, Kingsoft Corporation>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[DivXBrowserPlugin Object]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Thunder Browser Helper]
  {7369D359-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[IeCatch Class]
  {8FAA7A38-1D1E-48E3-B77F-6A98A9BA49CD} <C:\WINDOWS\system32\msieth.dll, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <, N/A>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\PROGRA~1\PHOTO_~1\PHOTO_~1.OCX, N/A>
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <D:\自己的~1\qq07\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[itlh]
  {B2A55512-7E03-4E4B-B177-D8B167CF530B} <, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用快车(FlashGet)下载]
  <C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, N/A]
[PID: 632][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\KAV2007\KWatch.EXE]  [Kingsoft Corporation, 2005, 9, 27, 51]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
[PID: 1352][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
[PID: 1412][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1696][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
[PID: 1720][C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe]  [Logitech, 2.30.04]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\backWeb.dll]  [BackWeb Technologies Inc., Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\bwsec.dll]  [BackWeb, Version 4.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\clntutil.dll]  [N/A, N/A]
    [C:\PROGRA~1\Logitech\DESKTO~1\8876480\720~1.157\program\EN\ClientRC.dll]  [BackWeb Technologies Inc., Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll]  [Logitech, Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\BWfiles.dll]  [, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll]  [Logitech, Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\BWDocMapExt.dll]  [, Version 7.2.0 (Build 157R)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll]  [Logitech, Version 7.2.0 (Build 157R)]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\bwscriptext.dll]  [, Version 7.2.0 (Build 157R)]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 12, 11, 72]
    [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll]  [Logitech, 2.30.04]
[PID: 1740][C:\KAV2007\KPFW32.EXE]  [Kingsoft Corporation, 2006, 12, 11, 666]
    [C:\KAV2007\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2007\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2007\FiltList.dll]  [N/A, N/A]
    [C:\KAV2007\KAVPassp.DLL]  [Kingsoft Corporation, 2006, 12, 30, 271]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
[PID: 1776][C:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE]  [Kingsoft Corporation, 2006, 11, 22, 14]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
[PID: 1856][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.4467]
[PID: 764][C:\KAV2007\KPfwSvc.EXE]  [Kingsoft Corporation, 2005, 9, 5, 28]
[PID: 1112][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1548][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4467]
[PID: 1708][C:\Program Files\Venturi2\Client\ventc.exe]  [Fourelle Systems, Inc, 1, 0, 0, 1]
    [C:\Program Files\Venturi2\Client\MPI.dll]  [N/A, N/A]
    [C:\Program Files\Venturi2\Client\ZLIB.dll]  [N/A, N/A]
    [C:\Program Files\Venturi2\Client\HS_REGEX.dll]  [N/A, N/A]
[PID: 884][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 3472][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 3, 7, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [, 2005, 3, 22, 1]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 3, 7, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2005, 4, 27, 2]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 3, 3, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 6, 16, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2004, 11, 25, 0]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\VNetLog.ocx]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [, 2005, 6, 15, 1]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2005, 4, 30, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 12, 11, 72]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
[PID: 2932][D:\自己的程序\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 42]
    [D:\自己的程序\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\KAV2007\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\自己的程序\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\KAV2007\KAScript.DLL]  [Kingsoft Corporation, 2006, 12, 11, 72]
    [C:\KAV2007\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2007\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2007\KAEUnpack.DAT]  [Kingsoft Corp., 2006, 10, 26, 69]
    [C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll]  [阿里软件（中国）有限公司, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 1376][C:\Program Files\Rising\AntiSpyware\Ras.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 4, 5]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\Program Files\Rising\AntiSpyware\RasGui.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Rising\AntiSpyware\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\zip.dll]  [rising, 13, 0, 0, 1]
[PID: 3656][F:\wu\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\DOCUME~1\user\LOCALS~1\Temp\IadHide5.dll]  [BackWeb, Version 7.2.0 (Build 157R)]
    [C:\WINDOWS\system32\nView.dll]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.4467]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

谢谢解答....不过..在看到你的发言以前,我的系统已经坏掉了.只好重装了..叹气