Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
    <Foxmail><D:\Foxmail\Foxmail.exe -min>  [Tencent Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  []
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <msnappau><; "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe">  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <!!QQKav><F:\u\qqkav.exe>  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
    <pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce>  [FinePrint Software, LLC]
    <XDeskWeather><C:\Program Files\鱼鱼软件\桌面天气秀\XDeskWeather.exe>  [www.CFishSoft.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[GFI LANguard N.S.S. Scheduled Scans Service / lnss_sscans]
  <C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe><GFI Software Ltd.>
[Rising Process Communication Center / RsCCenter]
  <><N/A>
[Rising Realtime Monitor Service / RsRavMon]
  <><N/A>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[使用KuGoo3下载(&K)]
  <C:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 176][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 228][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 252][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 296][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 308][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 460][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 504][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [F:\u2\SREng2\SREng.com]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
[PID: 1380][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
[PID: 1424][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 1456][C:\WINDOWS\REGEDIT.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 1552][C:\WINDOWS\explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

2007瑞星防火墙杀毒软件都被关闭。其他程序一律这样！
看不出有什么大的问题，但是造成的后果，如上传的图片。
不管你运行什么都是提示那样子的错误：

后来发现有个res.exe在windows，但是不知是何东西。只好打包上来，让大家分析！
以及瑞星的压缩包报道

http://77nplay.vicp.net/RavLog08261752Rav.zip报道
http://77nplay.vicp.net/res.rar样本

引用的“0x00000000”内存，该内存不能为“read”或“written
关键词： 引用的“0x00000000”    内存    “read”或“written   
所有的提示都这样，系统已崩溃，因为什么程序都运行不了，运行就这样提示。

下面讲第二部主机：以及对2007的测试

第二部主机报告：
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS.0\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe>  []
    <CnsMin><Rundll32.exe C:\WINDOWS.0\downlo~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <xBarUpdate><C:\Program Files\xBar\xBarUpdate.exe>  []
    <C-Media Mixer><Mixer.exe /startup>  [C-Media Electronic Inc. (www.cmedia.com.tw)]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <SonudMan><C:\WINDOWS.0\System32\vidcap32.exe>  []
    <PHIME2002ASync><C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <IMJPMIG8.1><"C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <helper.dll><C:\WINDOWS.0\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <worknote1><C:\WINDOWS.0\System32\SYSNOTE.EXE>  []--------------U盘病毒
    <Desktop><C:\WINDOWS.0\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  []
    <TProgram><C:\WINDOWS.0\smss.exe>  [iSw78fh2kl3A]---------------------落雪
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <alsmt.exe><C:\WINDOWS.0\System32\alsmt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><C:\WINDOWS.0\System32\mswdm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe 1>  []-------------------- 修改注册表
    <Userinit><C:\WINDOWS.0\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><KB399952M.LOG>  []-----------------感染内存的病毒
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS.0\downlo~1\CnsHook.dll>  [北京三七二一科技有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <SysTime><C:\PROGRA~1\WinKld\WinKld.dll>  [www.88dog.com]----------------------
    <webwork><C:\WINDOWS.0\webwork\webwork.dll>  [MSWebwork Cop.]
    <DLMon><C:\WINDOWS.0\System32\DLMain.dll>  []------------------------------

==================================
启动文件夹
[startup]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\startup.bat><N>-------------------------

==================================
服务
[JMediaService / JMediaService]
  <C:\WINDOWS.0\System32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>---------------------------
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS.0\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Window Services Pack Install / Spullepdsvc]------------------------------------------------------清除成功。
  <C:\Program Files\Common Files\ktxp.exe><N/A>
[StdService / StdService]
  <C:\WINDOWS.0\System32\rundll32.exe C:\WINDOWS.0\System32\STDSVER.DLL,Service><N/A>---------------------------------------
[Svchost Service For Windows / svchost]--------------------------------
  <C:\WINDOWS.0\svchost.exe><N/A>
[WinkldUP / WinkldUP]--------------------------------------------------
  <C:\DOCUME~1\zzw\LOCALS~1\Temp\wz\wz.exe -R><N/A>------------------------------
[WintUPp / WintUPp]
  <C:\DOCUME~1\zzw\LOCALS~1\Temp\wt\wt.exe -R><N/A>----------------------------------------------
[WinWrCup / WinWrCup]
  <C:\WINDOWS.0\wincup\wincup.exe -R><MsWinCup>------------------------------------

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS.0\System32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MonitorURL Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[CMoveCatchPic Object]
  {0CF098A0-CBAC-4EFB-8451-3AFC201C7222} <C:\Program Files\xBar\xBarHelper.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[MsHelp Class]
  {33C3992F-1963-49BE-88D7-974C8EE564B5} <C:\WINDOWS.0\System32\MsHelper.dll, Microsofts>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
  {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS.0\SYSTEM32\stdup.dll, MStdup Co Ltd.>
[]
  {8D139DD1-6BB5-4103-8C89-41560FF2E107} <C:\WINDOWS.0\system32\3721_5.dll, 3721公司<推荐使用>>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS.0\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[Csyshelper Object]
  {E16BB625-16F1-4338-AA38-098F6873AC24} <C:\WINDOWS.0\System32\syshelper.dll, TODO: <公司名>>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[酷热影音]
  {7D73FF86-05F1-39ed-C850-A423120EC338} <www.kuree.com/index.htm?id=00011001, N/A>
[Infofo 工具栏]
  {8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[易趣购物]
  {DE607142-AC19-422e-867A-7D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS.0\System32\msdxm.ocx, Microsoft Corporation>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <e:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Infofo 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS.0\System32\WEBACT~1.OCX, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS.0\System32\macromed\flash\Flash.ocx, Macromedia, Inc.>

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 204][\??\C:\WINDOWS.0\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 228][\??\C:\WINDOWS.0\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>-----------------------------------
[PID: 280][C:\WINDOWS.0\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>---------------------------------
[PID: 292][C:\WINDOWS.0\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>----------------------------------
[PID: 464][C:\WINDOWS.0\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>--------------------------
[PID: 496][C:\WINDOWS.0\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>---------------------------
[PID: 760][C:\WINDOWS.0\system32\userinit.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>-------------------------
[PID: 788][C:\WINDOWS.0\explorer.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>------------------------------------------------
    [C:\WINDOWS.0\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS.0\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 856][C:\WINDOWS.0\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>-------------------------------------
    [C:\WINDOWS.0\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS.0\downlo~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [C:\WINDOWS.0\downlo~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 892][C:\WINDOWS.0\smss.exe]  <iSw78fh2kl3A><0.00.0091>---------------------------------------------
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>---------------------------------------------------
    [C:\WINDOWS.0\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 6>
[PID: 920][C:\WINDOWS.0\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>----------------------------------------
    [C:\WINDOWS.0\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [H:\SREng2\SREng.com]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS.0\KB399952M.LOG]  <N/A><N/A>-------------------------------------------------------------
    [C:\WINDOWS.0\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 6>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  Error. [WindowFiles]----------------------------------------------
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS.0\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

2007测试版杀毒软件清除失败
DLmon.dll清除失败.txt
是什么病毒？？