我的台式机装有最新升级的正版瑞星，今天偶然发现监控中心关闭了，防火墙也关闭了，手动打开，不行，主页也被修改了，重启也没有了进入系统时的杀毒界面，卸掉重装瑞星，卸掉了，但进入我的系统安装包目录，自动关闭窗口回到我的电脑，打开有关杀毒的网页，立即自动关闭所有有用浏览器，自动弹出的网页不关，

[CODE]

2007-07-07,14:05:55

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <FinePrint 分配器 v5><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM>  [FinePrint Software, LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{28D713D2-13D2-8D71-D28D-3D2D73D28D71}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
    <IFEO[KPFWSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.COM]
    <IFEO[krepair.COM]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
    <IFEO[KVScan.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
    <IFEO[KvXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]

<IFEO[nod32krn.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
    <IFEO[RfwMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <IFEO[SREng.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
    <IFEO[UpLive.EXE.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\13D28D71.dat>  []

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Indexing Data / lDOMANE][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\PGTOJ.DLL,DllRegisterServer 1087><Microsoft Corporation>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\c2671.exe><N/A>
[Windows puel RunThem / puel][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\kpzg\uzjq.dll>< >
[Rising Proxy  Service / RfwProxySrv][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwproxy.exe><N/A>
[Rising Personal Firewall Service / RfwService][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Disabled]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[Storage Center / SmallCenter][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ihbsm.dll><Microsoft Corporation>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[ExpScaner / ExpScaner][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><N/A>
[HookCont / HookCont][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><N/A>
[HookReg / HookReg][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[idnaux / idnaux][Running/Auto Start]
  <system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[MEMSCAN / MEMSCAN][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><N/A>
[msqmx / msqmx][Running/Boot Start]
  <\SystemRoot\system32\drivers\msqmx.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[pluorxlp / pluorxlp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\pluorxlp.sys><Yahoo! China Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RSPPSYS / RSPPSYS][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[yaskp / yaskp][Stopped/Disabled]
  <system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[WoptiGwiopm / WoptiGwiopm][Running/Manual Start]
  <\??\C:\Program Files\Wopti\WoptiGwiopm.sys><Wopti>

=================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\4c21.dll, TODO: <公司名>>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll, N/A>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[yFlashDl Class]
  {F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll, Yahoo! China>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\4c21.dll, TODO: <公司名>>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ihbsm.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1276 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\4c21.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [Microsoft Corporation, 11.0.5510.0]
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll]  [Microsoft Corporation, 11.0.5510.0]
    [C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\WBEM\PGTOJ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [c:\windows\system32\ihbsm.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1684 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\fpmon5.dll]  [FinePrint Software, LLC, 5.35]
    [C:\WINDOWS\system32\fpres532.dll]  [FinePrint Software, LLC, 5.35]
[PID: 1896 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.4342]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4342]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
[PID: 1908 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.27]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
[PID: 1932 / Administrator][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe]  [FinePrint Software, LLC, 5.35]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpres532.dll]  [FinePrint Software, LLC, 5.35]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinter5.dll]  [FinePrint Software, LLC, 5.35]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpgraph5.dll]  [FinePrint Software, LLC, 5.35]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ltdis12n.dll]  [LEAD Technologies, Inc., 12.0.0.011]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.0.0.011]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ltfil12n.dll]  [LEAD Technologies, Inc., 12.0.0.011]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
[PID: 1940 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
[PID: 464 / SYSTEM][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\PGTOJ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\c2671.exe]  [N/A, ]
[PID: 656 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\kpzg\uzjq.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\kpzg\zeov.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\kpzg\qvfm.dll]  [, 5, 0, 0, 2]
[PID: 1796 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\641.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3352 / Administrator][C:\Program Files\Wopti\WoptiUtilities.exe]  [共软网络, 7.74.7.702]
    [C:\Program Files\Wopti\WoptiP2P.dll]  [共软网络, 1.4.7.613]
    [C:\Program Files\Wopti\D3DX81ab.dll]  [鲁锦, 1.0.0.0]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2908 / Administrator][C:\Program Files\Wopti\WoptiProcess.exe]  [共软网络, 3.5.7.702]
    [C:\Program Files\Wopti\WoptiP2P.dll]  [共软网络, 1.4.7.613]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3724 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40W\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]

[PID: 1352 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll]  [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
    [C:\WINDOWS\system32\4c21.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40W\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3121 (xpsp_sp2_gdr.070418-0032)]
[PID: 212 / Administrator][C:\PROGRA~1\INTERN~1\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll]  [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
    [C:\WINDOWS\system32\4c21.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3064 / Administrator][C:\Documents and Settings\Administrator.337106DDDC13429\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\13D28D71.dll]  [N/A, ]
    [c:\progra~1\kpzg\xcmt.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\kpzg\chry.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Documents and Settings\Administrator.337106DDDC13429\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================

c:\windows\system32\downloader.js.psyme.exe

c:\windows\system32\downloader.js.psyme.exe