未知家族病毒分析
扫描结果:
C:\WINNT\system32\msime.exe --> 与 Trojan.PSW.LMir 72%相似.


系统活动进程
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\CSRSS.EXE
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL

C:\WINNT\SYSTEM32\LSASS.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\SPOOLSV.EXE
C:\WINNT\SYSTEM32\ADOBEPDF.DLL
C:\WINNT\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ADISTRES.CHS
C:\WINNT\SYSTEM32\ZLHP1020.DLL
C:\WINNT\SYSTEM32\ZLM.DLL
C:\WINNT\SYSTEM32\SPOOL\PRTPROCS\W32X86\IMFPRINT.DLL
C:\WINNT\SYSTEM32\IMF32.DLL
C:\WINNT\SYSTEM32\ZTAG32.DLL
C:\WINNT\SYSTEM32\ZSPOOL.DLL

C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\UNIMDM.TSP
C:\WINNT\SYSTEM32\KMDDSP.TSP
C:\WINNT\SYSTEM32\NDPTSP.TSP
C:\WINNT\SYSTEM32\IPCONF.TSP
C:\WINNT\SYSTEM32\H323.TSP

C:\WINNT\SYSTEM32\NVSVC32.EXE
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL

D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE
D:\PROGRAM FILES\RISING\RAV\MFC42.DLL
D:\PROGRAM FILES\RISING\RAV\MSVCP60.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL
C:\WINNT\SYSTEM32\MSXML3.DLL

C:\WINNT\NTSERVICE.EXE
C:\WINNT\SYSTEM32\MSVBVM60.DLL
C:\WINNT\SYSTEM32\VB6CHS.DLL
C:\WINNT\NTSVC.OCX

C:\WINNT\SYSTEM32\MSTASK.EXE
C:\WINNT\SYSTEM32\STISVC.EXE
C:\WINNT\SYSTEM32\VIPTRAY.EXE
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\MSXML3.DLL

C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET_FILTER.DLL
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL

C:\WINNT\SYSTEM32\NOTEPAD.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS

D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
D:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RAV\MFC42.DLL
D:\PROGRAM FILES\RISING\RAV\MSVCP60.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL

D:\绿色\GREENBROWSERGB\GREENBROWSER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\WINNT\SYSTEM32\MSCOREE.DLL
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\CORPERFMONEXT.DLL
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINNT\SYSTEM32\WINABC.IME
C:\WINNT\SYSTEM32\WINWB86.IME
C:\WINNT\SYSTEM32\MSDMO.DLL
C:\WINNT\SYSTEM32\FREEWB.IME
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL
C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\ROBOFORM\ROBOFORM.DLL
C:\WINNT\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX
C:\WINNT\SYSTEM32\MSRATELC.DLL

C:\WINNT\EXPLORER.EXE
C:\WINNT\APPPATCH\ACLAYERS.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\PDFSHELL.DLL
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\WINNT\SYSTEM32\MSVCR71.DLL
C:\PROGRAM FILES\BAIDU\BAR\BAIDUBAR.DLL
C:\PROGRA~1\MYAPPL~1\IEBHO.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINNT\SYSTEM32\RAVEXT.DLL
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT ELEMENTS\CONTEXTMENU.CHS
C:\WINNT\SYSTEM32\NVSHELL.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\WINNT\SYSTEM32\WINDEFENDOR.DLL

C:\WINNT\SYSTEM32\CONIME.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\WINNT\SYSTEM32\MSIME.EXE
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\N.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

D:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
D:\PROGRAM FILES\RISING\RAV\MFC42.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL

D:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE
D:\PROGRAM FILES\RISING\RAV\MFC42.DLL
D:\PROGRAM FILES\RISING\RAV\MSVCP60.DLL
D:\PROGRAM FILES\RISING\RAV\RAVTRAY936.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

D:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\DOCUMENTS AND SETTINGS\SALES51\桌面\RSDETECT.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL

D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.CHS
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\WINNT\SYSTEM32\DOWNS.EXE
C:\WINNT\SYSTEM32\MSVBVM60.DLL
C:\WINNT\SYSTEM32\VB6CHS.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\WINNT\SYSTEM32\MSINET.OCX
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\WINNT\SYSTEM32\INTERNAT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\WINNT\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\IE-BAR\CAST\DMIPN.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\PROGRA~1\IE-BAR\CAST\DMSHELL.DLL
C:\PROGRA~1\IE-BAR\CAST\221~1.0\DMPLAYER.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\PROGRAM FILES\MICROBAK\DOWNS.EXE
C:\WINNT\SYSTEM32\MSVBVM60.DLL
C:\WINNT\SYSTEM32\VB6CHS.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\WINNT\SYSTEM32\MSINET.OCX
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\DOCUME~1\SALES51\LOCALS~1\TEMP\ROBOFORM\ROBOTASKBARICON.EXE
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\ROBOFORM\ROBOFORM.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\DOCUMENTS AND SETTINGS\SALES51\桌面\RSDETECT.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
C:\WINNT\SYSTEM32\ATL71.DLL
C:\WINNT\SYSTEM32\MSVCP71.DLL
C:\WINNT\SYSTEM32\MSVCR71.DLL
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.CHS
C:\PROGRAM FILES\BAIDU\BAR\BAIDUBAR.DLL
D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
C:\WINNT\SYSTEM32\WINDEFENDOR.DLL
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL
C:\PROGRA~1\MYAPPL~1\IEBHO.DLL
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\ROBOFORM\ROBOFORM.DLL

D:\PROGRAM FILES\KINGSOFT\XDICT\XDICT.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\IHOOKS.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\ITEXTOUT.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTAB32.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\XIMAGE32.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\NEWWORD.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\XFILE.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\ITTSENGINE.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL

C:\PROGRAM FILES\WINRAR\WINRAR.EXE
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS

C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RAR$EX00.438\HIJACKTHIS1991ZWW.EXE
C:\WINNT\SYSTEM32\MSVBVM60.DLL
C:\WINNT\SYSTEM32\VB6CHS.DLL
D:\PROGRAM FILES\KINGSOFT\XDICT\CJKTL32.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\SYSTEM.SYS
C:\DOCUME~1\SALES51\LOCALS~1\TEMP\RSXAOZ.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = MOBSYNC.EXE /LOGON
nwiz = NWIZ.EXE /INSTALL
Acrobat Assistant 7.0 = "D:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE"
(Default) = (NULL)
NvCplDaemon = RUNDLL32.EXE C:\WINNT\SYSTEM32\NVCPL.DLL,NVSTARTUP
Systems32 = C:\WINNT\SYSTEM32\SERVER.EXE
RavTimer = D:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
RavTray = D:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE
RavMon = D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE -SYSTEM
\\lambda\EPSON Stylus C67 Series = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "\\LAMBDA\EPSON STYLUS C67 SERIES" /O6 "USB001" /M "STYLUS C67"
downs = C:\WINNT\SYSTEM32\DOWNS.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
KernelFaultCheck = C:\WINNT\SYSTEM32\MSIME.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Internat.exe = INTERNAT.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = (无)


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
wzcnotif = WZCDLG.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINNT\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{2D99E8F4-56B7-457B-9A92-61B5D247D263} = C:\WINNT\system32\WinDefendor.dll
{77FEF28E-EB96-44FF-B511-3185DEA48697} = C:\Program Files\Baidu\bar\BaiduBar.DLL
{9593496E-F7B8-49D5-ABD2-74A71335D26E} = C:\PROGRA~1\MYAPPL~1\IEBHO.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C6A3D68-285E-4C89-A6EF-6CE3BD59BB71}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C6A3D68-285E-4C89-A6EF-6CE3BD59BB71}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F4D1-1B14-4D69-AA01-D854D9462047}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3897F4D1-1B14-4D69-AA01-D854D9462047}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2F6506B-CC73-4935-9FE8-6A5643DC7B2B}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E2F6506B-CC73-4935-9FE8-6A5643DC7B2B}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINNT\SYSTEM32\SERVICES.EXE
AppMgmt = C:\WINNT\SYSTEM32\SERVICES.EXE
aspnet_state = C:\WINNT\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET_STATE.EXE
BITS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP
Browser = C:\WINNT\SYSTEM32\SERVICES.EXE
cisvc = C:\WINNT\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINNT\SYSTEM32\CLIPSRV.EXE
Dhcp = C:\WINNT\SYSTEM32\SERVICES.EXE
dmadmin = C:\WINNT\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINNT\SYSTEM32\SERVICES.EXE
Dnscache = C:\WINNT\SYSTEM32\SERVICES.EXE
Eventlog = C:\WINNT\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Fax = C:\WINNT\SYSTEM32\FAXSVC.EXE
IISADMIN = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
lanmanserver = C:\WINNT\SYSTEM32\SERVICES.EXE
lanmanworkstation = C:\WINNT\SYSTEM32\SERVICES.EXE
LmHosts = C:\WINNT\SYSTEM32\SERVICES.EXE
Macromedia Licensing Service = "C:\PROGRAM FILES\COMMON FILES\MACROMEDIA SHARED\SERVICE\MACROMEDIA LICENSING.EXE"
Messenger = C:\WINNT\SYSTEM32\SERVICES.EXE
mnmsrvc = C:\WINNT\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINNT\SYSTEM32\MSDTC.EXE
MSFTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
MSIServer = C:\WINNT\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINNT\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINNT\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINNT\SYSTEM32\LSASS.EXE
Netman = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINNT\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINNT\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINNT\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINNT\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINNT\SYSTEM32\SERVICES.EXE
RasAuto = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RavService = "D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE" /SERVICE
RemoteAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINNT\SYSTEM32\REGSVC.EXE
RpcLocator = C:\WINNT\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINNT\SYSTEM32\SVCHOST -K RPCSS
RsRavMon = D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
RSVP = C:\WINNT\SYSTEM32\RSVP.EXE -S
SamSs = C:\WINNT\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINNT\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINNT\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINNT\SYSTEM32\MSTASK.EXE
seclogon = C:\WINNT\SYSTEM32\SERVICES.EXE
SENS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
SMTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
Spooler = C:\WINNT\SYSTEM32\SPOOLSV.EXE
stisvc = C:\WINNT\SYSTEM32\STISVC.EXE
SysmonLog = C:\WINNT\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINNT\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINNT\SYSTEM32\SERVICES.EXE
UPS = C:\WINNT\SYSTEM32\UPS.EXE
UtilMan = C:\WINNT\SYSTEM32\UTILMAN.EXE
VIPTray = C:\WINNT\SYSTEM32\VIPTRAY.EXE
W32Time = C:\WINNT\SYSTEM32\SERVICES.EXE
W3SVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
WinMgmt = C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE
WmdmPmSN = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINNT\SYSTEM32\SERVICES.EXE
wuauserv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP
WZCSVC = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS



文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
BdGuard = C:\WINNT\SYSTEM32\DRIVERS\BDGUARD.SYS
MRxSmb = C:\WINNT\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINNT\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINNT\SYSTEM32\DRIVERS\RDBSS.SYS
Srv = C:\WINNT\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINNT\SYSTEM32\DRIVERS\ACPI.SYS
AFD = C:\WINNT\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINNT\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINNT\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINNT\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINNT\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINNT\SYSTEM32\DRIVERS\BASETDI.SYS
CCDECODE = C:\WINNT\SYSTEM32\DRIVERS\CCDECODE.SYS
Disk = C:\WINNT\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINNT\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINNT\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINNT\SYSTEM32\DRIVERS\DMLOAD.SYS
EverestDriver = F:\补丁\TOOL\系统\EVERESTULTIMATE281B\KERNELD.WNT
ExpScaner = D:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINNT\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINNT\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINNT\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINNT\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINNT\SYSTEM32\DRIVERS\MSGPC.SYS
hardlock = C:\WINNT\SYSTEM32\DRIVERS\HARDLOCK.SYS
Haspnt = C:\WINNT\SYSTEM32\DRIVERS\HASPNT.SYS
HookCont = D:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = D:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
hooksys = D:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
i8042prt = C:\WINNT\SYSTEM32\DRIVERS\I8042PRT.SYS
IpFilterDriver = C:\WINNT\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINNT\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINNT\SYSTEM32\DRIVERS\IPNAT.SYS
IPSEC = C:\WINNT\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINNT\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINNT\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINNT\SYSTEM32\DRIVERS\KBDCLASS.SYS
Mouclass = C:\WINNT\SYSTEM32\DRIVERS\MOUCLASS.SYS
MPE = C:\WINNT\SYSTEM32\DRIVERS\MPE.SYS
MSKSSRV = C:\WINNT\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINNT\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINNT\SYSTEM32\DRIVERS\MSPQM.SYS
MSTEE = C:\WINNT\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINNT\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisTapi = C:\WINNT\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINNT\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINNT\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINNT\SYSTEM32\DRIVERS\NETBT.SYS
NetDetect = C:\WINNT\SYSTEM32\DRIVERS\NETDTECT.SYS
New0 = C:\WINNT\SYSTEM32\NEW.SYS
NPF = C:\WINNT\SYSTEM32\DRIVERS\NPF.SYS
npkcrypt = D:\我的文档\AB\QQ2006 SP2\NPKCRYPT.SYS
nv = C:\WINNT\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINNT\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINNT\SYSTEM32\DRIVERS\NWLNKFWD.SYS
P1C1394 = C:\WINNT\SYSTEM32\DRIVERS\P1C1394.SYS
Parallel = C:\WINNT\SYSTEM32\DRIVERS\PARALLEL.SYS
Parport = C:\WINNT\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINNT\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINNT\SYSTEM32\DRIVERS\PCIIDE.SYS
pfc = C:\WINNT\SYSTEM32\DRIVERS\PFC.SYS
PptpMiniport = C:\WINNT\SYSTEM32\DRIVERS\RASPPTP.SYS
Ptilink = C:\WINNT\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINNT\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINNT\SYSTEM32\DRIVERS\RASL2TP.SYS
Raspti = C:\WINNT\SYSTEM32\DRIVERS\RASPTI.SYS
RCA = C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS
rtl8139 = C:\WINNT\SYSTEM32\DRIVERS\RTL8139.SYS
serenum = C:\WINNT\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINNT\SYSTEM32\DRIVERS\SERIAL.SYS
Sfloppy = C:\WINNT\SYSTEM32\DRIVERS\SFLOPPY.SYS
SLIP = C:\WINNT\SYSTEM32\DRIVERS\SLIP.SYS
SMBios = C:\WINNT\SYSTEM32\DRIVERS\SMBIOS.SYS
streamip = C:\WINNT\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINNT\SYSTEM32\DRIVERS\SWENUM.SYS
Tcpip = C:\WINNT\SYSTEM32\DRIVERS\TCPIP.SYS
TxNtSys = UNC\SQL\我的光碟 (D)\TXNTSYS.SYS
uhcd = C:\WINNT\SYSTEM32\DRIVERS\UHCD.SYS
Update = C:\WINNT\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINNT\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINNT\SYSTEM32\DRIVERS\USBSTOR.SYS
VgaSave = C:\WINNT\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINNT\SYSTEM32\DRIVERS\WANARP.SYS
WSTCODEC = C:\WINNT\SYSTEM32\DRIVERS\WSTCODEC.SYS

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      16:01:06, 日期 2006-6-30
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
d:\Program Files\Rising\Rav\RavService.exe
C:\WINNT\NTService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\VIPTray.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\conime.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\msime.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Rising\Rav\RavTimer.exe
D:\Program Files\Rising\Rav\RavTray.exe
D:\Program Files\Rising\Rav\RavMon.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINNT\system32\downs.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MicroBak\downs.exe
D:\绿色\GreenBrowserGB\GreenBrowser.exe
C:\DOCUME~1\sales51\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Kingsoft\XDict\XDICT.EXE
C:\Documents and Settings\sales51\桌面\RsDetect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\sales51\LOCALS~1\Temp\Rar$EX00.438\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINNT\system32\WinDefendor.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\Baidu\bar\BaiduBar.DLL
O2 - BHO: (no name) - {9593496E-F7B8-49D5-ABD2-74A71335D26E} - C:\PROGRA~1\MYAPPL~1\IEBHO.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\bar\BaiduBar.DLL
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [Systems32] C:\WINNT\system32\Server.exe
O4 - 启动项HKLM\\Run: [RavTimer] d:\Program Files\Rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavTray] d:\Program Files\Rising\Rav\RavTray.exe
O4 - 启动项HKLM\\Run: [RavMon] d:\Program Files\Rising\Rav\RavMon.exe -system
O4 - 启动项HKLM\\Run: [\\lambda\EPSON Stylus C67 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "\\lambda\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - 启动项HKLM\\Run: [downs] C:\WINNT\system32\downs.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: IE-BAR.lnk = C:\WINNT\system32\rundll32.exe
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C6A3D68-285E-4C89-A6EF-6CE3BD59BB71}: NameServer = 218.85.157.99,202.101.98.55
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: RavService - Unknown owner - d:\Program Files\Rising\Rav\RavService.exe" /service (file missing)
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: VIPTray - Unknown owner - C:\WINNT\System32\VIPTray.exe

我把红色的给删了对不？

O2 - BHO: BrowserHelper Class - {2D99E8F4-56B7-457B-9A92-61B5D247D263} - C:\WINNT\system32\WinDefendor.dll
O4 - Global Startup: IE-BAR.lnk = C:\WINNT\system32\rundll32.exe
O23 - NT 服务: VIPTray - Unknown owner - C:\WINNT\System32\VIPTray.exe
这几项的处理参考http://forum.ikaka.com/topic.asp?board=28&artid=8113452

另外:
结束进程：
C:\WINNT\system32\downs.exe
C:\WINNT\system32\msime.exe
C:\WINNT\NTService.exe

修复：
O4 - 启动项HKLM\\Run: [Systems32] C:\WINNT\system32\Server.exe
O4 - 启动项HKLM\\Run: [downs] C:\WINNT\system32\downs.exe

删除：
C:\WINNT\system32\downs.exe
C:\WINNT\system32\msime.exe
C:\WINNT\system32\Server.exe
C:\WINNT\NTService.exe

另外：
C:\DOCUME~1\sales51\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MicroBak\downs.exe
这两个又是什么东西？自己装的？

从瑞星听诊器的日志上看，楼主中的东西不少

做完以上步骤之后，重启，在http://forum.ikaka.com/topic.asp?board=28&artid=6979213下载System Repair Engineer 2.0.21.505（RC2）和Autoruns分别导出日志。
记住用Autoruns导出日志时，要先隐藏微软项目（Options-Hide Microsoft Entries），然后刷新一下（File-Refresh）然后再导出（File-Save）。

好晕呦~~~~@#$%$#&#%@$%@
启动项HKLM\\Run: [Systems32] C:\WINNT\system32\Server.exe
好象有问题。

2006-06-30,16:54:04

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <RavTimer><d:\Program Files\Rising\Rav\RavTimer.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTray><d:\Program Files\Rising\Rav\RavTray.exe>  [Rising]
    <RavMon><d:\Program Files\Rising\Rav\RavMon.exe -system>  [Beijing Rising Technology Co., Ltd.]
    <\\lambda\EPSON Stylus C67 Series><C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "\\lambda\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67">  []
    <downs><C:\WINNT\system32\downs.exe>  [bcnet]
    <spoolsv><C:\WINNT\system32\spoolsv\spoolsv.exe -printer>  [广州傲讯信息科技有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KernelFaultCheck><C:\WINNT\system32\msime.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C9953583-932E-4EA1-A04B-4523AAB72C30}><C:\Program Files\Internet Explorer\PLUGINS\system.sys>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  []

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[IE-BAR]
  <C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动\IE-BAR.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[RavService / RavService]
  <"d:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <D:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\IEHelper\IEHelper_4552.dll, Microsoft Corporation>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\Baidu\bar\BaiduBar.DLL, Baidu.com, Inc.>
[]
  {9593496E-F7B8-49D5-ABD2-74A71335D26E} <C:\PROGRA~1\MYAPPL~1\IEBHO.dll, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\Baidu\bar\BaiduBar.DLL, Baidu.com, Inc.>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml4.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 160][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 156][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
[PID: 208][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 220][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 376][D:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 58>
    [D:\PROGRAM FILES\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [D:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  <Rising Corp.><17, 0, 1, 71>
    [d:\Program Files\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [d:\Program Files\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [d:\Program Files\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [D:\PROGRAM FILES\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [d:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [D:\PROGRAM FILES\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [D:\PROGRAM FILES\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [D:\PROGRAM FILES\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [D:\PROGRAM FILES\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [D:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [d:\Program Files\Rising\Rav\engine.dll]  <rising><17, 0, 0, 43>
    [d:\Program Files\Rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 31>
    [d:\Program Files\Rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 39>
    [d:\Program Files\Rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [d:\Program Files\Rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [d:\Program Files\Rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 20>
    [d:\Program Files\Rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 37>
    [d:\Program Files\Rising\Rav\ScanExec.dll]  <N/A><17, 0, 0, 23>
    [d:\Program Files\Rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
    [d:\Program Files\Rising\Rav\ExtOLE.dll]  <rising><17, 0, 0, 22>
[PID: 400][D:\PROGRAM FILES\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>
    [D:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 432][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 468][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\AdobePDF.dll]  <Adobe Systems Incorporated.><7.0.0.00>
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS]  <N/A><N/A>
    [C:\WINNT\system32\ZLhp1020.DLL]  <Zenographics, Inc.><5, 53, 2714, 0>
    [C:\WINNT\system32\ZLM.dll]  <Zenographics, Inc.><5, 50, 1416, 0>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  <Zenographics, Inc.><5, 54, 330, 0>
    [C:\WINNT\system32\Imf32.dll]  <Zenographics, Inc.><5, 60, 1204, 0>
    [C:\WINNT\system32\ZTAG32.dll]  <Zenographics, Inc.><5, 60, 1210, 0>
    [C:\WINNT\system32\ZSPOOL.dll]  <Zenographics, Inc.><5, 51, 709, 0>
[PID: 512][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 556][C:\WINNT\System32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7610>
[PID: 600][d:\Program Files\Rising\Rav\RavService.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 73>
    [d:\Program Files\Rising\Rav\RsCommX.dll]  <rising><17, 0, 0, 3>
[PID: 672][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 700][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 760][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 776][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1028][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINNT\system32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINNT\system32\msicn\plugins\bse.dll]  <广州傲讯信息

科技有限公司><2, 0, 0, 1>
    [C:\WINNT\system32\msicn\plugins\lup.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINNT\system32\msicn\plugins\bm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINNT\system32\msicn\plugins\as.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINNT\system32\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 8>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\Program Files\Baidu\bar\BaiduBar.DLL]  <Baidu.com, Inc.><2, 0, 2, 78>
    [C:\PROGRA~1\MYAPPL~1\IEBHO.dll]  <N/A><N/A>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  <Adobe Systems Inc.><7.0.0.2004121400\0>
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  <Adobe Systems Inc.><7.0.0.2004121400\0>
[PID: 1148][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe]  <Adobe Systems Inc.><6.0.1.2004121400>
    [D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs]  <Adobe Systems Inc.><6.0.0.0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1172][D:\Program Files\Rising\Rav\RavTimer.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 36>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Rising Corp.><17, 0, 1, 71>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\DOCUME~1\sales51\LOCALS~1\Temp\rsxaoz.dll]  <WinRAR archiver><3, 4, 2, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1152][D:\Program Files\Rising\Rav\RavTray.exe]  <Rising><17, 0, 0, 32>
    [D:\Program Files\Rising\Rav\RavTray936.dll]  <Rising><17, 0, 0, 28>
    [d:\Program Files\Rising\Rav\RsCommx.dll]  <rising><17, 0, 0, 3>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1124][D:\Program Files\Rising\Rav\RavMon.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 39>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Rising Corp.><17, 0, 1, 71>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><17, 0, 0, 3>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Rising><17, 0, 0, 2>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1204][C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE]  <SEIKO EPSON CORPORATION><4.00>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1224][C:\WINNT\system32\downs.exe]  <bcnet><1.00>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1268][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\WINNT\system32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 1336][D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe]  <Adobe Systems Incorporated><7.0.0.0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1356][C:\WINNT\system32\rundll32.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\PROGRA~1\IE-BAR\Cast\dmipn.dll]  <千橡互联><2, 2, 1, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\PROGRA~1\IE-BAR\Cast\dmshell.dll]  <千橡互联><2, 2, 1, 0>
    [C:\Progra~1\IE-BAR\Cast\221~1.0\dmplayer.dll]  <千橡互联><2, 2, 1, 0>
[PID: 1248][C:\Program Files\MicroBak\downs.exe]  <bcnet><1.00>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1076][D:\绿色\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
[PID: 1472][D:\绿色\GreenBrowserGB\GreenBrowser.exe]  <MoreQuick><1, 0, 0, 0>
    [C:\Program Files\Internet Explorer\PLUGINS\system.sys]  <N/A><N/A>
    [C:\DOCUME~1\sales51\LOCALS~1\Temp\rsxaoz.dll]  <WinRAR archiver><3, 4, 2, 0>
    [C:\WINNT\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

另外：
C:\DOCUME~1\sales51\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MicroBak\downs.exe

前面这个是自动填表工具，
后面的我不知道，我刚刚删了

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINNT\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ \\lambda\EPSON Stylus C67 SeriesEPSON Status Monitor 3SEIKO EPSON CORPORATIONc:\winnt\system32\spool\drivers\w32x86\3\e_fatiaap.exe

+ Acrobat Assistant 7.0AcroTrayAdobe Systems Inc.d:\program files\adobe\acrobat 7.0\distillr\acrotray.exe

+ downsbcnetc:\winnt\system32\downs.exe

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\winnt\system32\nvcpl.dll

+ nwizNVIDIA nView Wizard, Version 105.10 NVIDIA Corporationc:\winnt\system32\nwiz.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe

+ RavTrayRavNet TrayRisingd:\program files\rising\rav\ravtray.exe

+ spoolsv傲讯浏览器辅助工具广州傲讯信息科技有限公司c:\winnt\system32\spoolsv\spoolsv.exe

+ Synchronization ManagerMicrosoft Synchronization ManagerMicrosoft Corporationc:\winnt\system32\mobsync.exe

C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动

+ Adobe Acrobat Speed Launcher.lnkc:\winnt\installer\{ac76ba86-2052-0000-7760-100000000002}\sc_acrobat.exe

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ IE-BAR.lnkRun a DLL as an AppMicrosoft Corporationc:\winnt\system32\rundll32.exe

+ Microsoft Office.lnkMicrosoft Office 2000 componentMicrosoft Corporationc:\program files\microsoft office\office\osa9.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

+ KernelFaultCheckFile not found: C:\WINNT\system32\msime.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Internat.exeKeyboard Language Indicator AppletMicrosoft Corporationc:\winnt\system32\internat.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-streamMicrosoft .NET Runtime Execution EngineMicrosoft Corporationc:\winnt\system32\mscoree.dll

+ application/x-complusMicrosoft .NET Runtime Execution EngineMicrosoft Corporationc:\winnt\system32\mscoree.dll

+ application/x-msdownloadMicrosoft .NET Runtime Execution EngineMicrosoft Corporationc:\winnt\system32\mscoree.dll

+ Class Install HandlerOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ deflateOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gzipOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ lzdhtmlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ text/webviewhtmlWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ aboutMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ cdlOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ fileOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ftpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ gopherOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ httpsOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ javascriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ localOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ mailtoMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ mhtmlMicrosoft Internet Messaging APIMicrosoft Corporationc:\winnt\system32\inetcomm.dll

+ mkOLE32 Extensions for Win32Microsoft Corporationc:\winnt\system32\urlmon.dll

+ ms-itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\winnt\system32\itss.dll

+ resMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ sysimageMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vbscriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\winnt\system32\mshtml.dll

+ vnd.ms.radioWindows Media Player 2 ActiveX ControlMicrosoft Corporationc:\winnt\system32\msdxm.ocx

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components