瑞星卡卡安全论坛

注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <iDuba Personal FireWall><>  [N/A]
    <Super Rabbit IEPro><D:\杀毒软件\魔法兔子\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [N/A]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTrayp><VTtrayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <LHotkey><LHotkey.exe>  [Chicony]
    <Kavrun><>  [N/A]
    <iDuba Personal FireWall><>  [N/A]
    <KavStart><"C:\KAV2005\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <runeip><D:\杀毒软件\瑞星卡卡\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Exprer><C:\WINDOWS\Exprer.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\杀毒软件\瑞星卡卡\RunOnce.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\ACROBA~1\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[腾讯QQ]
  <C:\Documents and Settings\liu\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\游戏\QQ\QQ.exe [TENCENT]><N>

服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2005\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

驱动程序
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[viagfx / viagfx][Running/Manual Start]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\杀毒软件\魔法兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷\Thunder.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\游戏\QQ\QQ.EXE, TENCENT>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\杀毒软件\魔法兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash.ocx, Macromedia, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <D:\迅雷\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\杀毒软件\魔法兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\杀毒软件\魔法兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\游戏\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷\Program\getallurl.htm, N/A>
[添加到QQ自定义面板]
  <D:\游戏\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\游戏\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\游戏\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 540][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 676][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1652][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
[PID: 1780][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.01-0307]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1800][C:\WINDOWS\system32\VTtrayp.exe]  [S3 Graphics Co., Ltd., 2.00.36-0308B]
    [C:\WINDOWS\system32\VTDisply.dll]  [S3 Graphics Co., Ltd., 2.00.51-0308]
    [C:\WINDOWS\system32\VTGamma2.dll]  [S3 Graphics Co., Ltd., 2.00.21-0308B]
    [C:\WINDOWS\system32\VTInfo2.dll]  [S3 Graphics Co., Ltd., 2.00.26-0308B]
    [C:\WINDOWS\system32\VTOvrlay.dll]  [S3 Graphics Co., Ltd., 2.00.23-0308B]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1808][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.42]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1820][C:\WINDOWS\LHotkey.exe]  [Chicony, 1. 0. 0. 1]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1828][C:\KAV2005\KAVStart.exe]  [Kingsoft Corporation, 2005, 10, 10, 150]
    [C:\KAV2005\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2005\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\KAV2005\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2005\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2005\KAVPassp.dll]  [Kingsoft Corporation, 2005, 7, 29, 212]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1840][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1852][D:\杀毒软件\瑞星卡卡\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\杀毒软件\瑞星卡卡\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1868][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1904][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1936][D:\杀毒软件\魔法兔子\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.98]
    [C:\WINDOWS\system32\msvbvm60.dll]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\魔法兔子\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
[PID: 1944][C:\KAV2005\KMailMon.EXE]  [Kingsoft Corporation, 2005, 6, 30, 74]
    [C:\KAV2005\KAntiSpm.dll]  [, 1, 0, 0, 2]
    [C:\KAV2005\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\KAV2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2005\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2005\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2005\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\KAV2005\KAConfig.DLL]  [Kingsoft Corporation, 2005, 3, 23, 30]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

[PID: 2044][D:\游戏\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\游戏\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [D:\游戏\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\游戏\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\游戏\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\游戏\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\游戏\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\游戏\QQ\LoginCtrl.dll]  [N/A, ]
    [D:\游戏\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [D:\游戏\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\游戏\QQ\WizardCtrl.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\游戏\QQ\CQQApplication.dll]  [N/A, ]
    [D:\游戏\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQAllInOne.dll]  [N/A, ]
    [D:\游戏\QQ\GroupLive.dll]  [N/A, ]
    [D:\游戏\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\游戏\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\游戏\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\游戏\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQPlugin.dll]  [N/A, ]
    [D:\游戏\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\游戏\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QRingMng.dll]  [N/A, ]
    [D:\游戏\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\游戏\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\游戏\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\游戏\QQ\QQAvatar.dll]  [N/A, ]
    [D:\游戏\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\游戏\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [D:\游戏\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\游戏\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [D:\游戏\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\游戏\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\游戏\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\游戏\QQ\BQQApplication.dll]  [N/A, ]
    [D:\游戏\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\游戏\QQ\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
    [D:\游戏\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\游戏\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
[PID: 420][D:\游戏\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\游戏\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 432][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\魔法兔子\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\KAV2005\KAScript.DLL]  [Kingsoft Corporation, 2005, 4, 1, 53]
    [C:\KAV2005\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [C:\KAV2005\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]

[PID: 2368][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2812][D:\杀毒软件\aaaaaaaaaaa\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2005\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [D:\杀毒软件\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

API HOOK
入口点错误：LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2005\KASocket.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

就这些了  麻烦各位 帮忙看下!~!~  谢谢了!`

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)
操作过程中不要点击 除系统分区以外的 exe文件
打开sreng （就是你扫日志的软件）

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：

TCP/IP Check / Hello Download



双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除C:\Program Files\Common Files\System\wab32res.exe
清空 C:\WINDOWS\TEMP
C:\WINDOWS\system32\Exprer.dll
C:\WINDOWS\system32\Exprer.exe
C:\WINDOWS\HKNTDLL.dll
升级杀毒软件至最新版本 全盘杀毒