还是没杀掉。。
继续顶一下。。。

搞掉又出来了。 。。

继续UP一下！！

求救！

一开机器未打开浏览器，就有个explorer.exe进程正常吗？用户名是机器名。。。

这是病毒吗？

【回复“银色镇魂歌”的帖子】
断网。关闭所有应用程序。
用HijackThis修复下列各项：
O4 - HKLM\..\Run: [res] ; C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [Update] ; C:\Program Files\Common Files\UPDAT\Update.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://www.icbc.com.cn
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
重启系统。
显示隐藏文件。
删除上述启动项指向的文件。
用LSPFix修复O10。。

谢谢猫版!!

"删除上述启动项指向的文件。"这一步怎么找？

可能这两天自己折腾，改动了不少东西，重新扫了一下。。日志如下：
——————————————————————————————

Logfile of HijackThis v1.99.1
Scan saved at 23:09:10, on 2006-9-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

2006-09-01,23:08:51

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\AI-SER~1.SCR>  []

==================================
启动文件夹
服务
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <D:\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[ForceWare Intelligent Application Manager (IAM) / ForceWare Intelligent Application Manager (IAM)]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe><>
[Forceware Web Interface / ForcewareWebInterface]
  <"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice><Apache Software Foundation>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[ForceWare IP service / nSvcIp]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe><NVIDIA>
[ForceWare user log service / nSvcLog]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe><NVIDIA>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SF FrontLine Drivers Auto Removal (v1) / sfrem01]
  <C:\WINDOWS\system32\sfrem01.exe svc><N/A>

==================================
浏览器加载项
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 372][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 420][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 452][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 496][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
[PID: 668][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
[PID: 784][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
[PID: 832][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
[PID: 868][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
[PID: 976][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1248][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8198>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8198>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
[PID: 1440][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  <Apache Software Foundation><2.0.52>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  <Apache Software Foundation><2.0.52>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  <N/A><N/A>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  <Apache Software Foundation><2.0.49>

[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  <Apache Software Foundation><2.0.47>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  <N/A><N/A>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  <N/A><N/A>
[PID: 1488][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll]  <NVIDIA Corporation><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll]  <NVIDIA><2, 2, 0, 464>
[PID: 1504][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  <NVIDIA><2, 2, 0, 464>
[PID: 1532][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8198>
[PID: 1784][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  <Apache Software Foundation><2.0.52>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  <Apache Software Foundation><0.0.0.0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  <Apache Software Foundation><2.0.52>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_asis.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  <N/A><N/A>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll]  <NVIDIA><2, 2, 0, 464>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_autoindex.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_dir.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_imap.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_isapi.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  <Apache Software Foundation><2.0.49>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  <Apache Software Foundation><2.0.47>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  <N/A><N/A>
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  <N/A><N/A>
[PID: 2168][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3032][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3776][D:\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\nvappfilter.dll]  <NVIDIA><1, 0, 2, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

【回复“银色镇魂歌”的帖子】
例如：
启动项是：O4 - HKLM\..\Run: [res] ; C:\WINDOWS\system32\res.exe
红字显示的就是这个启动项指向的文件