今天在系统进程列表里看见一个IExPLoRE.ExE进程，感觉挺奇怪。因为不是平时的样子，这个进程字母有大小写，好像不是原来的进程了，怀疑是病毒，于是就到intelnet explorer目录下将iexplore.exe 改名字，准备重新启动，改成了iexplore.back 没想到一会他自己就复制出来一个自己，还是iexplore.exe。再把这个文件改名字或者删除了，还是能自动生成一个iexplore.exe 现在不明白的是，iexplore.exe有这种功能么，能自动自我复制自己？这个是系统正常的iexplore.exe还是已经被病毒感染，这个有病毒了么？哪位高人指点一下？

（我的系统是xp sp2，这个iexplore.exe进程所在地的目录也是它正常应该在的目录，用最新的正版瑞星没有病毒提示，木马杀客，没有病毒提示）

【回复“伯牙”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

会自动复制的不是好东西.
可以把文件压缩后发给我看一下.

怕日志越来越长，所以在杀毒软件里没有选择保留日志，但是我看防火墙记录了，改成名字为iexplore.back以后，打开浏览器的时候防火墙还提示这个iexplore.back程序要连接网络，那个iexplore.exe也连接，
另外，我把这个文件打包了，在这儿上传的时候，提示文件类型不对，怎么回事儿？！不打包压缩就上传iexplore.exe也不行，也提示文件类型不对！

可以把样本直接发到我的信箱里

引用:

【dodu的贴子】可以把样本直接发到我的信箱里 ...........................

已发送了，包括瑞星听诊信息！请给个回信儿


未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MFC71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCR71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCP71.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\WINDOWS\SYSTEM32\WPDSP.DLL
C:\WINDOWS\SYSTEM32\WDFAPI.DLL
C:\WINDOWS\SYSTEM32\WPDTRACE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YWIPER.DLL
C:\PROGRAM FILES\NERO\NERO 7\NERO BACKITUP\NBSHELL.DLL
C:\PROGRAM FILES\NERO\NERO 7\NERO BACKITUP\MFC71U.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\IDM COMPUTER SOLUTIONS\ULTRAEDIT-32\UE32CTMN.DLL
C:\PROGRA~1\3721\SKE\CONTMENU.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MEDIALIBRARYNSE.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\2052\MDMUI.DLL

C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.DLL
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\DPGCMD.DLL
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\IPRES.DLL
C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\SRRES.DLL

C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\SNMP.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL

C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL

C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YASSECBLK.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YMENUINFO.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YIEANGEL.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YASMENU.DLL

F:\桌面日历秀\XDESKCAL.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\MSDTC.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YNOTIFIER.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\WINDOWS\SYSTEM32\UWDF.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\WPDMTPDR.DLL
C:\WINDOWS\SYSTEM32\WPDTRACE.DLL
C:\WINDOWS\SYSTEM32\WPDMTP.DLL
C:\WINDOWS\SYSTEM32\WPDMTPUS.DLL
C:\WINDOWS\SYSTEM32\WPDCONNS.DLL

C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MFC71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCR71.DLL
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\MSVCP71.DLL
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL
C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL

C:\WINDOWS\SYSTEM32\MQSVC.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YSCRBLOCK.DLL
C:\PROGRAM FILES\HUAQI\CHECKWP\SCRRUN.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALIVE.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YALLIVEEX.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASBAR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YPHTB.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASWIPER.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASIESEC.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASNOAD.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YZSNETPROTO.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YRSS.DLL
H:\动态网自由之门G123\GBHO.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQIEHELPER.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\SKCHUI.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\WINDOWS\SYSTEM32\WPDSP.DLL
C:\WINDOWS\SYSTEM32\WDFAPI.DLL
C:\WINDOWS\SYSTEM32\WPDTRACE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH.OCX
C:\WINDOWS\SYSTEM32\HEIMA1.IME
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YADFIL~1.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YREPAIR.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YASFSKS.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YOPTIMUM.DLL
C:\PROGRA~1\YAHOO!\ASSISTANT\SHELL\YASSECBLK.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YXPSTYLE.DLL
C:\WINDOWS\SYSTEM32\MSXML4.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL

C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDSCHED.EXE
C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDCOMMON.DLL
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDLANGEN.DLL
C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDSCHEDPS.DLL
C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDENGINEPS.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
C:\PROGRAM FILES\TENCENT\QQ\CORALASSIST.DLL
C:\PROGRAM FILES\TENCENT\QQ\CORALQQ.DLL
C:\PROGRAM FILES\TENCENT\QQ\IPSEARCHER.DLL
C:\PROGRAM FILES\TENCENT\QQ\MSVCR80.DLL
C:\PROGRAM FILES\TENCENT\QQ\MFC42.DLL
C:\PROGRAM FILES\TENCENT\QQ\MSVCP80.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQBASECLASSINDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQHELPERDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\BASICCTRLDLL.DLL
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\TENCENT\QQ\RICHED32.DLL
C:\PROGRAM FILES\TENCENT\QQ\RICHED20.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQAPI.DLL
C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL
C:\PROGRAM FILES\TENCENT\QQ\LOGINCTRL.DLL
C:\PROGRAM FILES\TENCENT\QQ\NPKCNTC.DLL
C:\PROGRAM FILES\TENCENT\QQ\NPKPDB.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQRES.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQMAINFRAME.DLL
C:\PROGRAM FILES\TENCENT\QQ\CQQAPPLICATION.DLL
C:\PROGRAM FILES\TENCENT\QQ\NEWSKIN.DLL
C:\PROGRAM FILES\TENCENT\QQ\HOSTINGMGR.DLL
C:\PROGRAM FILES\TENCENT\QQ\CAMERADLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\MAILSUMMARY.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQSPACE.DLL
C:\PROGRAM FILES\TENCENT\QQ\VBSCRIPT.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQGROUPMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\USERDEFINEDHEAD.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPLUGIN.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQCONFIGPLUGIN.DLL
C:\PROGRAM FILES\TENCENT\QQ\QRINGMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\PHONEAPI.DLL
C:\PROGRAM FILES\TENCENT\QQ\DIALERALLINONE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\TENCENT\QQ\QQSYSMSGMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQAVATAR.DLL
C:\PROGRAM FILES\TENCENT\QQ\FLASHAVATARDLL.DLL
C:\PROGRAM FILES\TENCENT\QQ\LONGCONNECTION.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPET.DLL
C:\PROGRAM FILES\TENCENT\QQ\BQQAPPLICATION.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQALLINONE.DLL
C:\PROGRAM FILES\TENCENT\QQ\SCCORE.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQCUSTOMFACE.DLL
C:\PROGRAM FILES\TENCENT\QQ\COMMERCESMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\PERSONALDESKTOP.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQUDPGETFILELIB.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQADDR.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQSCENEMNG.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQPHONEHELPER.DLL
C:\PROGRAM FILES\TENCENT\QQ\GROUPCONNECTION.DLL
C:\WINDOWS\SYSTEM32\MSADP32.ACM
C:\PROGRAM FILES\TENCENT\QQ\GDIPLUS.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH.OCX
C:\PROGRAM FILES\TENCENT\QQ\QQMAGICFACE.DLL
C:\WINDOWS\SYSTEM32\HEIMA1.IME
C:\PROGRAM FILES\TENCENT\QQ\IMAGEOLE.DLL
C:\PROGRAM FILES\TENCENT\QQ\QQZIP.DLL

C:\WINDOWS\SYSTEM32\MQTGSVC.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\WINDOWS\SYSTEM32\SYNCOR11.DLL

C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL
C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL

F:\G\瑞星升级保姆(免费升级瑞星) V1.12B 绿色免杀版\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\APIHOOKDLL.DLL
C:\PROGRA~1\YAHOO!\ASSIST~1\YHELPER.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint = "C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE"
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
桌面图标文字自动透明 = C:\PROGRAM FILES\WOM\WINMEM.EXE XP
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
XDeskCal = F:\桌面日历秀\XDESKCAL.EXE
yassistse = "C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE"
YLive.exe = C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE" /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
_{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = NULL
_{38928D50-8A48-44C2-945F-D2F23F771410} = NULL
{04DCC17E-35E1-417A-ABCF-41623FA2ACE7} = H:\动态网自由之门G123\gbho.dll
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = C:\Program Files\Tencent\QQ\QQIEHelper.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
{A5366673-E8CA-11D3-9CD9-0090271D075B} = C:\PROGRA~1\FLASHGET\jccatch.dll
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} = NULL


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD Pgm (RDM) = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Pgm (Stream) = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [TCP/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IPv6] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F7632B4F-BBAF-474A-94BC-B4663203B206}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F7632B4F-BBAF-474A-94BC-B4663203B206}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D6635639-E8A7-44D6-AD7B-CBBB74BA6889}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D6635639-E8A7-44D6-AD7B-CBBB74BA6889}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{03344C3C-5251-40A8-A366-F2B197D2C235}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{03344C3C-5251-40A8-A366-F2B197D2C235}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7632B4F-BBAF-474A-94BC-B4663203B206}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7632B4F-BBAF-474A-94BC-B4663203B206}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6635639-E8A7-44D6-AD7B-CBBB74BA6889}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6635639-E8A7-44D6-AD7B-CBBB74BA6889}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCA8A07-718E-4CE9-97B4-558D8A20CC51}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCA8A07-718E-4CE9-97B4-558D8A20CC51}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F678DFE5-0219-483D-A9A4-1ABF69639F84}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F678DFE5-0219-483D-A9A4-1ABF69639F84}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
6to4 = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
IISADMIN = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
LPDSVC = C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
MDM = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSFtpsvc = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
MSMQ = C:\WINDOWS\SYSTEM32\MQSVC.EXE
MSMQTriggers = C:\WINDOWS\SYSTEM32\MQTGSVC.EXE
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
p2pgasvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K P2PSVC
p2pimsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K P2PSVC
p2psvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K P2PSVC
PDEngine = "C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDENGINE.EXE"
PDSched = "C:\PROGRAM FILES\RAXCO\PERFECTDISK\PDSCHED.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PNRPSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K P2PSVC
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
rpcapd = "%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SimpTcp = C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
SMTPSVC = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
SNMP = C:\WINDOWS\SYSTEM32\SNMP.EXE
SNMPTRAP = C:\WINDOWS\SYSTEM32\SNMPTRAP.EXE
SoundMAX Agent Service (default) = C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{25B81744-76A4-4DBC-B650-0B6585889127}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UleadBurningHelper = C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
W3SVC = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
CnsMinKP = C:\WINDOWS\SYSTEM32\DRIVERS\CNSMINKP.SYS
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
a347bus = C:\WINDOWS\SYSTEM32\DRIVERS\A347BUS.SYS
a347scsi = C:\WINDOWS\SYSTEM32\DRIVERS\A347SCSI.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aeaudio = C:\WINDOWS\SYSTEM32\DRIVERS\AEAUDIO.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
BT848 = C:\WINDOWS\SYSTEM32\DRIVERS\BT848.SYS
BTXBAR = C:\WINDOWS\SYSTEM32\DRIVERS\BTXBAR.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
DLKFET = C:\WINDOWS\SYSTEM32\DRIVERS\DLKFET.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
FETNDIS = C:\WINDOWS\SYSTEM32\DRIVERS\FETND5.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
hidusb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HOOKTDI1 = C:\PROGRAM FILES\RISING\RFW\RFW\TDIHOOK.SYS
HookUrl = C:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
HOSTNT = C:\WINDOWS\SYSTEM32\DRIVERS\HOSTNT.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
IdeBusDr = C:\WINDOWS\SYSTEM32\DRIVERS\IDEBUSDR.SYS
IdeChnDr = C:\WINDOWS\SYSTEM32\DRIVERS\IDECHNDR.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IPHOOK = C:\PROGRAM FILES\RISING\RFW\RFW\IPHOOK.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
MHDRV = C:\WINDOWS\SYSTEM32\DRIVERS\MHDRV.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
mProcRs = C:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MQAC = C:\WINDOWS\SYSTEM32\DRIVERS\MQAC.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
nm = C:\WINDOWS\SYSTEM32\DRIVERS\NMNT.SYS
NPF = C:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
Point32 = C:\WINDOWS\SYSTEM32\DRIVERS\POINT32.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RCMHDOG = C:\WINDOWS\SYSTEM32\DRIVERS\RCMHDOG.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RMCAST = C:\WINDOWS\SYSTEM32\DRIVERS\RMCAST.SYS
ROCKEYNT = C:\WINDOWS\SYSTEM32\DRIVERS\ROCKEY4.SYS
Rockey_USB = C:\WINDOWS\SYSTEM32\DRIVERS\ROCKEY4USB.SYS
RsFwDrv = C:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
Sense3 = C:\WINDOWS\SYSTEM32\DRIVERS\SENSE3.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sfdrv01 = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS
sfhlp02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS
sfsync02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
smwdm = C:\WINDOWS\SYSTEM32\DRIVERS\SMWDM.SYS
SONYPVU1 = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
Tcpip6 = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP6.SYS
TDIHOOK = C:\PROGRAM FILES\RISING\RFW\RFW\TDIHOOK.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
tunmp = C:\WINDOWS\SYSTEM32\DRIVERS\TUNMP.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\USBLOCK.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WpdUsb = C:\WINDOWS\SYSTEM32\DRIVERS\WPDUSB.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS

把我自己都弄糊涂了，我也看了上面的信息，没什么啊，都很正常啊！是不是iexplore.exe就有这个功能，如果用户误删除了，它可以自动生成！？

参考1楼的回帖，赶快导出System Repair Engineer 2.0.12.350日志，瑞星听诊器的日志看着眼晕。