http://pop.9v.cn/code/showpop.asp?from=10467&typeid=35&n=2&plugin=0&adsidRnd=1&PN=d1a480301889b9a1be39a18abca4190c&furl=http://www.pp265.com/news/&topurl=

隔半小时左右弹1次
HijackThis_815汉化版扫描日志 V1.99.1
保存于      21:20:50, 日期 2006-6-8
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：       
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\101173.exe
C:\WINDOWS\system32\conime.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\hbclient\HBHelper.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RealTray] C:\Program Files\Real\RealPlayer\Realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [娱乐助手升级程序] C:\PROGRA~1\COMMON~1\ylzs\upylzs.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [kc32update] rundll32 C:\WINDOWS\system32\kc32update.dll,AppMain
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Windir] C:\WINDOWS\system32\Windir.exe
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - 启动项HKLM\\RunOnce: [supdate2.dll] REGSVR32.EXE /s C:\WINDOWS\system32\supdate2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\upfdll.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\upfdll.dll
O16 - DPF: {285C55C4-B32C-4EC0-8539-BBCE97FDF380} (SuperStream Control) - http://listen.sdo.com/video/SuperRelease.cab
O16 - DPF: {B83FC273-3522-4CC6-92EC-75CC86678DA4} - http://download.3721.com/download/CnsMin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C9AACD1-2382-4532-B23F-FECC10FF8257}: NameServer = 61.128.128.68 61.128.192.68
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

进入控制面版的添加删除程序中卸载,很棒小秘书(RichMedia)
ALT+CTRL+DELETE调出任务管理器,终止所有RUNDLL32.EXE，101173.exe 的进程
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""（如果有的话）
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\hbclient\HBHelper.dll
O4 - 启动项HKLM\\Run: [娱乐助手升级程序] C:\PROGRA~1\COMMON~1\ylzs\upylzs.exe
O4 - 启动项HKLM\\Run: [kc32update] rundll32 C:\WINDOWS\system32\kc32update.dll,AppMain
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Windir] C:\WINDOWS\system32\Windir.exe
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - 启动项HKLM\\RunOnce: [supdate2.dll] REGSVR32.EXE /s C:\WINDOWS\system32\supdate2.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
删除
C:\WINDOWS\system32\supdate2.dll
C:\WINDOWS\system32\Windir.exe
C:\PROGRA~1\hbclient
C:\WINDOWS\system32\kc32update.dll
C:\PROGRA~1\COMMON~1\ylzs
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp删除这个文件夹中所有能删除的东东
修复后，请重启
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

2006-06-09,04:04:43

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RealTray><C:\Program Files\Real\RealPlayer\Realplay.exe SYSTEMBOOTHIDEPLAYER>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <娱乐助手升级程序><C:\PROGRA~1\COMMON~1\ylzs\upylzs.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><EXPLORER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[IE-BAR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-BAR.lnk><N>

==================================
服务
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[VIPTray / VIPTray]
  <C:\WINDOWS\System32\VIPTray.exe><N/A>

==================================
浏览器加载项
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[SuperStream Control]
  {285C55C4-B32C-4EC0-8539-BBCE97FDF380} <D:\文件备份\赛车\SUPERS~1.OCX, 盛大网络>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[实用搜索]
  {15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <, N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Blueskyvoice Control]
  {991481A7-4669-4E15-8C24-100404E1F5CB} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MPEGURL Moniker Class]
  {CD3AFA78-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]

{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 544][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 556][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 716][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 836][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 880][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 940][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 1136][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1372][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\msipri.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\WinDefendor.dll]  <TODO: <公司名>><1.0.0.1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1496][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3249>
[PID: 1584][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1652][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Progra~1\IE-BAR\Cast\dmipn.dll]  <千橡互联><2, 2, 0, 0>
    [C:\Progra~1\IE-BAR\Cast\dmshell.dll]  <千橡互联><2, 2, 0, 0>
    [C:\Progra~1\IE-BAR\Cast\220~1.0\dmplayer.dll]  <千橡互联><2, 2, 0, 0>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>
[PID: 328][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5216>
[PID: 480][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 676][C:\WINDOWS\System32\VIPTray.exe]  <N/A><N/A>
[PID: 1628][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2740][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3364][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.422\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\system32\upfdll.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
IP
    C:\WINDOWS\system32\upfdll.dll(N/A, N/A)
UDP_CHAIN
    C:\WINDOWS\system32\upfdll.dll(N/A, N/A)

==================================

进入控制面版的添加删除程序中卸载IE-BAR
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务VIPTray，选择“删除所选服务”“否”最后重启
关闭所有浏览窗口以及一些不必要的程序
运行System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
rowserHelper Class]
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
删除
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\System32\VIPTray.exe
个人觉得这一项太活泼了
C:\WINDOWS\system32\upfdll.dll你知道是什么吗？

【回复“我无邪”的帖子】我也有问题啊
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <HP Software Update><"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <HP Component Manager><"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Client Access Service><"C:\Program Files\IBM\Client Access\cwbsvstr.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Client Access Help Update><"C:\Program Files\IBM\Client Access\cwbinhlp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Client Access Check Version><"C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Client Access Express Welcome><"C:\Program Files\IBM\Client Access\cwbwlwiz.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StoneGateAgent><"C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <izndbkr><RunDll32 "C:\WINDOWS\Downlo~1\izndbkr.dll",Run>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SearchNet_Up><"C:\Program Files\SearchNet\ServeUp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<dddclient><"E:\新建文件夹\dudu\DuDuAcc.exe"  /m0>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><C:\WINDOWS\system32\SoDAHK.DLL>

==================================
启动文件夹
[金山词霸 2003]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\金山词霸 2003.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[IE-BAR]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-BAR.lnk><N>
[DuDu加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DuDu加速器.lnk><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Client Access Express Remote Command / Cwbrxd]
  <C:\WINDOWS\CWBRXD.EXE><IBM Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[hpdj / hpdj]
  <C:\DOCUME~1\simbasix\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product=><HP>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Log / Remote Log]
  <C:\WINDOWS\system32\ServeHost.exe><北京中搜在线软件有限公司>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[StoneGate VPN Client / SGClient]
  <C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe -d><Stonesoft Corp.>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[VIPTray / VIPTray]
  <C:\WINDOWS\System32\VIPTray.exe><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, Sohu.com Inc.>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[IE Address Browser Helper]
  {2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper]
  {3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\xsk.dll, 中搜在线软件有限公司>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[]
  {6851415D-F05D-4035-944C-27DCB7B9C0C9} <C:\WINDOWS\system32\Xszklr.dll, N/A>
[DDDMon Class]
  {6BDE1669-B490-48E3-B668-456314F2D6C3} <E:\新建文件夹\dudu\dddiemon.dll, DuDu.com>
[]
  {71894FB9-625A-4D92-BD7B-68475F8A9CDC} <C:\WINDOWS\system32\Dmhmz.dll, N/A>
[]
  {875E3ADE-21AC-41B7-A44C-6E992FF618B9} <C:\WINDOWS\system32\Unzff.dll, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[我的订阅]
  {8755CE6E-0BF7-4441-8751-FB728941B0B4} <C:\Program Files\P4P\rss.dll, Sohu.com Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[搜狗工具条]
  {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} <C:\Program Files\P4P\ToolBar.dll, Sohu.com Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Crystal Report Viewer Control 9]
  {2DEF4530-8CE6-41C9-84B6-A54536C90213} <C:\WINDOWS\Downloaded Program Files\CRViewer9.dll, Crystal Decisions>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, Sohu.com Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IE Address Browser Helper]
  {2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[Crystal Report Viewer Control 9]
  {2DEF4530-8CE6-41C9-84B6-A54536C90213} <C:\WINDOWS\Downloaded Program Files\CRViewer9.dll, Crystal Decisions>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper]
  {3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\xsk.dll, 中搜在线软件有限公司>
[ReportExport Class]
  {4B5C9C28-3806-47B5-89A9-93063323160F} <C:\WINDOWS\Downloaded Program Files\sviewhlp.dll, Crystal Decisions>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[]
  {6851415D-F05D-4035-944C-27DCB7B9C0C9} <C:\WINDOWS\system32\Xszklr.dll, N/A>
[DDDMon Class]
  {6BDE1669-B490-48E3-B668-456314F2D6C3} <E:\新建文件夹\dudu\dddiemon.dll, DuDu.com>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
  {71894FB9-625A-4D92-BD7B-68475F8A9CDC} <C:\WINDOWS\system32\Dmhmz.dll, N/A>
[我的订阅]
  {8755CE6E-0BF7-4441-8751-FB728941B0B4} <C:\Program Files\P4P\rss.dll, Sohu.com Inc.>
[]
  {875E3ADE-21AC-41B7-A44C-6E992FF618B9} <C:\WINDOWS\system32\Unzff.dll, N/A>
[Microsoft Web 浏览器]

{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Crystal Report Web Report Source Control 9]
  {934CC260-C5AA-43C4-A657-7B70C5B3DAE1} <C:\WINDOWS\Downloaded Program Files\swebrs.dll, Crystal Decisions>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[搜狗工具条]
  {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} <C:\Program Files\P4P\ToolBar.dll, Sohu.com Inc.>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pcastctl.dll, >
[&使用DuDu 加速器下载]
  <res://E:\新建文件夹\dudu\dddmext.dll/202, N/A>
[&使用DuDu 加速器下载全部链接]
  <res://E:\新建文件夹\dudu\dddmext.dll/203, N/A>
[使用搜狗直通车下载]
  <C:\Program Files\P4P\dl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到“我的订阅”]
  <C:\Program Files\P4P\rss.htm, N/A>

==================================
正在运行的进程
[PID: 764][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\NavLogon.dll]  <Symantec Corporation><9.0.0.338>
[PID: 948][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 960][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1120][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1184][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1308][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1396][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1616][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1728][C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe]  <Stonesoft Corp.><2.2.3.633>
[PID: 1764][C:\Program Files\Stonesoft\StoneGate VPN Client\stonegate.exe]  <Stonesoft Corp.><2.2.3.633>
[PID: 1940][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><2.2.0.577>
[PID: 1964][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><2.2.0.577>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  <Symantec Corporation><2.2.0.577>
[PID: 220][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\HPBMMON.DLL]  <Hewlett-Packard><10.00.14>
    [C:\WINDOWS\system32\hpdomon.dll]  <Hewlett-Packard><03.42.00>
    [C:\WINDOWS\system32\HPBHealr.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\hpzsnt09.dll]  <HP><2.236.4.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL]  <Hewlett-Packard Corporation><60.05.72.21>
[PID: 1720][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\WINDOWS\Downloaded Program Files\Oqhx.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINDOWS\system32\msicn\plugins\bse.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINDOWS\Downlo~1\izndbkr.dll]  <Beijing Zhongsou Online Software><2, 0, 0, 6>
    [C:\WINDOWS\system32\msicn\plugins\lup.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msicn\plugins\bm.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msicn\plugins\as.dll]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\WINDOWS\system32\Xszklr.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Dmhmz.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Unzff.dll]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\IBM\Client Access\Shared\cwbunddh.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnl.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbsv.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbbb1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbrw.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cwbnl1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbcf.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbcftft.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbadnrt.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbab.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnltrn.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbad.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbmsgbx.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnldlg.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbuireg.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbab1.dll]  <IBM Corporation><08.000>
    [C:\Program Files\IBM\Client Access\Mri2924\CWBMSGB.DLL]  <IBM Corporation><08.000>
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec Corporation><9.0.0.338>
[PID: 216][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  <Symantec Corporation><9.0.0.338>
[PID: 408][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 492][C:\WINDOWS\system32\ServeHost.exe]  <北京中搜在线软件有限公司><1, 0, 2, 4>
[PID: 628][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  <symantec><1.5.0.0>
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  <Symantec Corporation><9.0.0.338>
    [C:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.112 E>
[PID: 720][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  <Symantec Corporation><9.0.0.338>
    [C:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.112 E>
    [C:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.112 E>
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  <Symantec Corp.><1.1.0.3>
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  <Symantec Corporation><9.3.0.28>
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec Corporation><9.0.0.338>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060118.007\ecmsvr32.dll]  <Symantec Corporation><51.3.0.11>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060118.007\NAVEX32a.DLL]  <Symantec Corporation><20051.3.1.11>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060118.007\NAVENG32.DLL]  <Symantec Corporation><20051.3.1.11>
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\vpmsece.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  <Symantec Corporation><3.02.11.32>

[C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  <Symantec Corporation><3.02.11.32>
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 852][C:\WINDOWS\System32\VIPTray.exe]  <N/A><N/A>
[PID: 1360][C:\Program Files\SearchNet\SearchNet.exe]  <中搜在线><1, 0, 2, 4>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 232][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe]  <Hewlett-Packard><1, 0, 0, 2>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
[PID: 112][C:\Program Files\HP\hpcoretech\hpcmpmgr.exe]  <Hewlett-Packard Company><2.1.1>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
[PID: 388][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe]  <HP><2.236.4.0>
    [C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3209.dll]  <HP><2.236.4.0>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
[PID: 508][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe]  <Hewlett-Packard><1, 0, 0, 1>
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll]  <Hewlett-Packard><2, 0, 2, 2>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll]  <Hewlett-Packard Co.><4.2.0.127>
[PID: 480][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  <Symantec Corporation><2.2.0.577>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL]  <Symantec Corporation><2.0.39.0>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL]  <Symantec Corporation><2.0.39.0>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  <Symantec Corporation><2.2.0.577>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  <Symantec Corporation><2.2.0.577>
    [C:\WINDOWS\system32\SYMREDIR.dll]  <Symantec Corporation><5.3.0.46>
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  <Symantec Corporation><2.2.0.577>
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  <Symantec Corporation><2.2.0.577>
[PID: 1224][C:\PROGRA~1\SYMANT~1\VPTray.exe]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  <Symantec Corporation><9.3.0.28>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><9.0.0.338>
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><9.0.0.338>
    [C:\Program Files\Common Files\Symantec Shared\SSC\SLICWrap.dll]  <Symantec Corporation><9.0.0.338>
[PID: 1364][C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe]  <Stonesoft Corp.><2.2.3.633>
    [C:\WINDOWS\system32\SGVCGINA.dll]  <Stonesoft Corp.><2.2.3.633>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 1560][C:\WINDOWS\system32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SoDAHK.DLL]  <Sohu.com Inc.><1, 0, 1, 3>
    [C:\PROGRA~1\HBClient\tbhelper.dll]  <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
[PID: 2792][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 3156][C:\Program Files\Kingsoft\Powerword 2003\XDICT.EXE]  <Kingsoft Co, Ltd.><6, 0, 3, 0>
    [C:\Program Files\Kingsoft\Powerword 2003\ITextOut.dll]  <Kingsoft><1, 1, 0, 0>
    [C:\Program Files\Kingsoft\Powerword 2003\CJKTAB32.dll]  <N/A><N/A>
    [C:\Program Files\Kingsoft\Powerword 2003\XImage32.dll]  <N/A><N/A>
    [C:\Program Files\Kingsoft\Powerword 2003\xfile.dll]  <N/A><N/A>
    [C:\Program Files\Kingsoft\Powerword 2003\KPic10.dll]  <N/A><N/A>
    [C:\Program Files\Kingsoft\Powerword 2003\ijl11.dll]  <Intel Corporation><1.1.2>
    [C:\Program Files\Kingsoft\Powerword 2003\toTTSEngine50.dll]  <Kingsoft Corporation><1, 0, 0, 1>
    [C:\Program Files\Kingsoft\Powerword 2003\NormGrab.DLL]  <Kingsoft Co, Ltd.><6, 0, 0, 0>
    [C:\Program Files\Kingsoft\Powerword 2003\DicMngr.dll]  <Kingsoft><1, 0, 0, 0>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\Kingsoft\Powerword 2003\DBCore10.dll]  <Kingsoft  Corp.><1, 0, 0, 0>
    [C:\Program Files\Kingsoft\Powerword 2003\XdictGrb.dll]  <Kingsoft Co, Ltd.><6, 0, 0, 0>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 3312][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 448][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SoDAHK.DLL]  <Sohu.com Inc.><1, 0, 1, 3>
    [C:\Progra~1\IE-BAR\Cast\dmipn.dll]  <千橡互联><2, 2, 0, 0>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Progra~1\IE-BAR\Cast\dmshell.dll]  <千橡互联><2, 2, 0, 0>
    [C:\Progra~1\IE-BAR\Cast\220~1.0\dmplayer.dll]  <千橡互联><2, 2, 0, 0>
[PID: 3868][E:\新建文件夹\dudu\dudupros.exe]  <DuDu.com><4, 3, 0, 1>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [E:\新建文件夹\dudu\dhtiwl.dll]  <DuDu.com><4.3.0.1>
[PID: 1928][C:\Program Files\Outlook Express\msimn.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 1820][C:\Program Files\Skype\Phone\Skype.exe]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 3904][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.0.0816>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 3948][C:\Program Files\SEAGULL\J Walk Windows Client\JW9C.EXE]  <N/A><N/A>
    [C:\Program Files\SEAGULL\J Walk Windows Client\SFCBASE.dll]  <N/A><N/A>
    [C:\Program Files\SEAGULL\J Walk Windows Client\GF9API.dll]  <N/A><N/A>
    [C:\Program Files\SEAGULL\J Walk Windows Client\SGRAPH.dll]  <N/A><N/A>
    [C:\Program Files\SEAGULL\J Walk Windows Client\SCHRTSDK.DLL]  <Three |D| Graphics, Inc.><1, 0, 3, 5>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 3352][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2496][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE]  <Microsoft Corporation><11.0.5612>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>

[C:\Program Files\IBM\Client Access\Shared\cwbtfxla.xll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbmsgbx.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbbb1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbrw.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\cwbnl1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbcf.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbcftft.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbadnrt.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnldlg.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbsv.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbab.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbad.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnltrn.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbuireg.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbtfutl.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbdb.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbbb.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbab1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbnl.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbco.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbuierr.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbad1.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\CWBUNPLA.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbsof.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbsy.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbrc.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwbunssl.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\cwblm.dll]  <IBM Corporation><08.000>
    [C:\WINDOWS\system32\CwbTFDlg.dll]  <IBM Corporation><08.000>
    [C:\Program Files\IBM\Client Access\Mri2924\CWBMSGB.DLL]  <IBM Corporation><08.000>
    [C:\Program Files\IBM\Client Access\Mri2924\CWBSOMRI.DLL]  <IBM Corporation><08.000>
    [C:\Program Files\IBM\Client Access\Mri2924\CWBTFMSG.DLL]  <IBM Corporation><08.000>
    [C:\Program Files\IBM\Client Access\Mri2924\CWBTFDR.DLL]  <IBM Corporation><08.000>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
[PID: 1596][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SoDAHK.DLL]  <Sohu.com Inc.><1, 0, 1, 3>
    [C:\WINDOWS\Downlo~1\izndbkr.dll]  <Beijing Zhongsou Online Software><2, 0, 0, 6>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 1500][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SoDAHK.DLL]  <Sohu.com Inc.><1, 0, 1, 3>
    [C:\WINDOWS\Downlo~1\izndbkr.dll]  <Beijing Zhongsou Online Software><2, 0, 0, 6>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 1776][C:\Documents and Settings\cnrpang\桌面\工具\sys repair\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\Downloaded Program Files\Iwbgps.dll]  <Tencent><4, 0, 9, 90>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]