瑞星卡卡安全论坛

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <QQNetbar><E:\Tencent\QQNetBar\QQNetBar.exe>  [腾讯科技（深圳）有限公司]
    <Ted><C:\WINNT\Ted\Client.exe>  []
    <Tray><C:\WINNT\command\rundll32.exe>  []
    <zt><C:\WINNT\Intel\rundll32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINNT\system32\temp4.dll>  []
    <{08315C1A-9BA9-4B7C-A432-26885F78DF28}><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <SysTime><C:\PROGRA~1\winkld\winkld.dll>  [www.88dog.com]
    <webwork><C:\WINNT\webwork\webwork.dll>  [MSWebwork Cop.]
    <themeadp><C:\WINNT\system32\themeadp.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  []

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINNT\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINNT\system32\ati2sgag.exe><>
[DefWatch / DefWatch]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[GrayPigeonServer / GrayPigeonServer]
  <C:\WINNT\G_Server2006.exe><N/A>
[JMediaService / JMediaService]
  <C:\WINNT\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[NDClient / NDClient]
  <C:\Program Files\Rainsoft\NetDetective\NDClient.exe><Rainsoft Company>
[NDUpgrade / NDUpgrade]
  <C:\Program Files\Rainsoft\NetDetective\NDUpgrade.exe><Rainsoft Company>
[NetDetective / NetDetective]
  <C:\Program Files\Rainsoft\NetDetective\NetDetective.exe><Rainsoft Company>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[StdService / StdService]
  <C:\WINNT\system32\rundll32.exe C:\WINNT\System32\STDSVER.DLL,Service><N/A>
[WbemCtrl / WbemCtrl]
  <C:\Program Files\Rainsoft\NetDetective\WbemCtrl.exe><上海雨人软件开发有限公司>
[winaua / winaua]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aua\aua.exe -R><N/A>
[WintUPp / WintUPp]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wt\wt.exe -R><N/A>

==================================
浏览器加载项
[IExpress]
  {27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINNT\system32\iexpress.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <e:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
  {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINNT\SYSTEM32\stdup.dll, MStdup Co Ltd.>
[T2BHO Class]
  {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINNT\Downloaded Program Files\barhelp24.0.dll, HDT, Inc.>
[免费精彩视频超流畅在线观看]
  {022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[LoadSQL]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <http://loadsql.126.com, N/A>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[酷热影音]
  {7D73FF86-05F1-39ed-C850-A423120EC338} <www.kuree.com/index.htm?id=00011001, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <e:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[PP Control]
  {7005341F-8E42-47E3-987B-3DBE6288048C} <C:\WINNT\DOWNLO~1\pp.ocx, Bluesky Studio (http://www.bluesky.cn)>
[AxReader Class]
  {B7E69D85-E810-468E-8BC8-83668F4CFA12} <C:\WINNT\Downloaded Program Files\RsAxReader.dll, 上海雨人软件开发有限公司>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[PubwinKey Control]
  {C701A35F-761C-4E95-BF98-2F5E16C3AD5D} <C:\DOCUME~1\ADMINI~1\桌面\屗\PUBWIN~1.OCX, N/A>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, Tencent>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINNT\Downloaded Program Files\pCastCtl.dll, >
[  >> 彩信发送 <<]
  <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
  <F:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <F:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 188][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 208][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
    [C:\WINNT\system32\NavLogon.dll]  <N/A><N/A>
[PID: 236][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 248][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 372][C:\WINNT\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 460][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 488][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
[PID: 532][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 552][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 600][C:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\PROGRA~1\MMSASS~1\MMSSVER.DLL]  <><1, 2, 0, 6>
[PID: 640][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.7021>
[PID: 688][C:\WINNT\system32\tcpsvcs.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 712][C:\WINNT\system32\sfmprint.exe]  <Microsoft Corporation><5.00.2157.1>
[PID: 768][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe]  <Microsoft Corporation><2000.080.0760.00>
[PID: 828][C:\Program Files\Rainsoft\NetDetective\NDUpgrade.exe]  <Rainsoft Company><3.5.0.3>
    [c:\winnt\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_307e5ca0\mscorlib.dll]  <N/A><N/A>
    [c:\winnt\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_22a70f34\system.dll]  <N/A><N/A>
    [c:\winnt\assembly\nativeimages1_v1.0.3705\system.drawing\1.0.3300.0__b03f5f7f11d50a3a_00aaab7e\system.drawing.dll]  <N/A><N/A>
    [c:\program files\rainsoft\netdetective\backgroundcopymanager.dll]  < ><1.0.0.0>
    [c:\winnt\assembly\nativeimages1_v1.0.3705\system.xml\1.0.3300.0__b77a5c561934e089_5109298e\system.xml.dll]  <N/A><N/A>
    [C:\Program Files\Rainsoft\NetDetective\Nw3.dll]  <上海雨人软件开发有限公司><3, 5, 1, 1>
    [C:\Program Files\Rainsoft\NetDetective\EnumHost.dll]  <Rainsoft Company><3.5.0.0>
[PID: 996][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
    [C:\PROGRA~1\winkld\Winkld.dat]  <www.88dog.com><2, 0, 0, 1>
    [C:\WINNT\webwork\webwork.nls]  <MSWebwork Cop.><1, 0, 0, 1>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\themeadp.nls]  <N/A><N/A>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><8.1.0.821>
    [F:\qq\qdshm.dll]  <><1, 0, 101, 20>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1108][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  <ATI Technologies, Inc.><6.14.10.5024>
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  <ATI Technologies, Inc.><6.14.10.5024>
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  <ATI Technologies, Inc.><6.14.10.5024>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
[PID: 1140][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><8.1.0.821>
[PID: 1148][E:\Tencent\QQNetBar\QQNetBar.exe]  <腾讯科技（深圳）有限公司><1, 0, 101, 110>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
[PID: 1164][C:\WINNT\command\rundll32.exe]  <N/A><N/A>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
[PID: 1168][C:\WINNT\Intel\rundll32.exe]  <N/A><N/A>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
[PID: 1180][C:\Program Files\Rainsoft\NetDetective\NetDetective.exe]  <Rainsoft Company><3.6.3.4>
    [C:\Program Files\Rainsoft\NetDetective\EnumHost.dll]  <Rainsoft Company><3.5.0.0>
    [C:\Program Files\Rainsoft\NetDetective\SecDll.dll]  <上海雨人软件开发有限公司><3, 5, 1, 0>
    [C:\Program Files\Rainsoft\NetDetective\NDGetBuf2.dll]  <Rainsoft><1, 0, 0, 2>
    [C:\WINNT\system32\wpcap.dll]  <NetGroup - Politecnico di Torino><3, 1, 0, 23>
    [C:\WINNT\system32\packet.dll]  <NetGroup - Politecnico di Torino><3, 1, 0, 23>
    [C:\WINNT\system32\WanPacket.dll]  <NetGroup - Politecnico di Torino><3, 1, 0, 23>
[PID: 1188][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
    [C:\WINNT\system32\tdll.dll]  <N/A><N/A>
[PID: 1220][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  <Microsoft Corporation><2000.080.0760.00>

C:\WINNT\system32\tdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>
[PID: 1284][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060913.019\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060913.019\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NotesExt.dll]  <Symantec Corporation><8.1.0.821>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  <Symantec Corporation><8.1.0.821>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DecSDK.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ID.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2UUE.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2AMG.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ARJ.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2CAB.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2EXE.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2GZIP.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2HQX.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2LHA.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2LZ.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2MIME.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2SS.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2RTF.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2TAR.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2TNEF.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ZIP.dll]  <Symantec Corporation><3.02.09.07>
    [C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx]  <Symantec Corporation><8.1.0.821>
[PID: 1324][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 1344][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 1384][C:\WINNT\System32\snmp.exe]  <Microsoft Corporation><5.00.2195.6605>
[PID: 1408][C:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\WINNT\System32\STDSVER.DLL]  <MStdup Co Ltd.><3, 2, 2, 3>
[PID: 1468][C:\Program Files\Rainsoft\NetDetective\WbemCtrl.exe]  <上海雨人软件开发有限公司><3, 5, 1, 1>
    [C:\Program Files\Rainsoft\NetDetective\SecDll.dll]  <上海雨人软件开发有限公司><3, 5, 1, 0>
[PID: 1488][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1504][C:\WINNT\System32\wins.exe]  <Microsoft Corporation><5.00.2195.7005>
[PID: 1516][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wt\wt.exe]  <N/A><N/A>
[PID: 1552][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1572][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 1600][C:\WINNT\System32\dns.exe]  <Microsoft Corporation><5.00.2195.6715>
[PID: 1620][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1684][C:\WINNT\system32\sfmsvc.exe]  <Microsoft Corporation><5.00.2195.6684>
[PID: 1700][C:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
[PID: 1828][C:\Program Files\Rainsoft\NetDetective\NDClient.exe]  <Rainsoft Company><3.6.3.1>
    [C:\Program Files\Rainsoft\NetDetective\SecDll.dll]  <上海雨人软件开发有限公司><3, 5, 1, 0>
[PID: 2076][C:\WINNT\system32\mqsvc.exe]  <Microsoft Corporation><5.00.0720>
[PID: 1208][C:\WINNT\system32\dllhost.exe]  <Microsoft Corporation><5.00.2195.6692>
[PID: 2664][C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe]  <Microsoft Corporation><1.1.4322.2032>
    [c:\winnt\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e14e457b\mscorlib.dll]  <N/A><N/A>
    [c:\winnt\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll]  < ><7.10.3052.4>
    [c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\4d0bdf19\9e007e6d\qyipz0xx.dll]  < ><0.0.0.0>
    [c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\4d0bdf19\9e007e6d\assembly\dl2\2ce5a91d\0023214f_6c66c501\rainsoft_oembar.dll]  < ><1.0.1978.24590>
    [c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\4d0bdf19\9e007e6d\assembly\dl2\ad340d9e\003e0656_8f5ac501\interop.nw3lib.dll]  < ><1.0.0.0>
    [c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\4d0bdf19\9e007e6d\assembly\dl2\71016c28\008195cb_7bfac301\interop.capicom.dll]  < ><2.0.0.0>
    [c:\winnt\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\4d0bdf19\9e007e6d\qpks7qvd.dll]  <N/A><N/A>
    [C:\Program Files\Rainsoft\NetDetective\Nw3.dll]  <上海雨人软件开发有限公司><3, 5, 1, 1>
    [C:\Program Files\Rainsoft\NetDetective\EnumHost.dll]  <Rainsoft Company><3.5.0.0>
[PID: 2812][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 572][C:\Documents and Settings\Administrator\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINNT\system32\ztdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\temp4.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

有人帮忙么？