瑞星卡卡安全论坛

开机winlogon.exe连接网络，用zonealarm阻止，然后winlogon.exe内存不停的增长，应该是一直想连接网络却被zonealarm阻止的缘故。
利用System Repair Engine查看，发现winlogon加载了system32下的systen.dll，应该是个病毒文件，用icesword删除，又重新出现，在注册表的位置是HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS
内容是加载c:\windows\system32\systen.dll

下面是System Repair Engineer的报告。
[CODE]

2007-05-10,15:55:28

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Foxmail><"D:\Program Files\Tencent\Foxmail\Foxmail.exe" -min>  [Tencent Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <Zone Labs Client><C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe>  [(Verified)Check Point Software Technologies Inc.]
    <TE_RegProtect><C:\Program Files\Anti Trojan Elite\TERegPct.exe>  []
    <Picasa Media Detector><d:\Program Files\Picasa2\PicasaMediaDetector.exe>  [(Verified)Google Inc.]
    <Google IME Autoupdater><"d:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <powerword 2007><"D:\Program Files\Kingsoft\Powerword 2007\xdict.exe" -s -nosplash>  [Kingsoft Co, Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
    <WinlogonNotify: BITS><C:\WINDOWS\System32\Systen.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Condor / Condor][Stopped/Manual Start]
  <C:\condor\bin\condor_master.exe><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[DeinoMPI process manager service / DeinoPM][Running/Auto Start]
  <"D:\Program Files\DeinoMPI\bin\DeinoPM.exe"><Deino Software>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[MATLAB Server / matlabserver][Stopped/Manual Start]
  <d:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe><N/A>
[MATLAB Distributed Computing Engine / mdced][Stopped/Manual Start]
  <"D:\Program Files\MATLAB\R2006a\toolbox\distcomp\bin\win32\mdced.exe" -s "D:\Program Files\MATLAB\R2006a\toolbox\distcomp\config\wrapper-phoenix.config"><N/A>
[Machine Debug Manager / MDM][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[MPICH2 Process Manager, Argonne National Lab / mpich2_smpd][Running/Auto Start]
  <C:\Program Files\MPICH2\bin\smpd.exe><Argonne National Lab>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[SolidPDFConverterReadSpool / ScReadSpool][Stopped/Manual Start]
  <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe><VoyagerSoft, LLC>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
  <D:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATE_PROCMON / ATE_PROCMON][Stopped/Manual Start]
  <\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys><N/A>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[DS1410D / DS1410D][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ds1410d.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[hardlock / hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[hexmagic / hexmagic][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\drivers\hexmagic.sys><N/A>
[Motorola_NA USBLAN / Motorola_NA USBLAN][Stopped/Manual Start]
  <system32\DRIVERS\motblan.sys><N/A>
[MotoSwitch Service / MotoSwitchService][Stopped/Manual Start]
  <system32\DRIVERS\motswch.sys><Motorola INC.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070429.016\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070429.016\navex15.sys><Symantec Corporation>
[DriverStudio Device Filter / nmfilter][Stopped/Manual Start]
  <system32\DRIVERS\nmfilter.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Disabled]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Motorola USB Device / P2k][Stopped/Manual Start]
  <system32\DRIVERS\P2k.sys><Motorola Inc>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
  <system32\DRIVERS\SNTNLUSB.SYS><Rainbow Technologies Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start]
  <system32\DRIVERS\usbsermpt.sys><Microsoft Corporation>
[vsdatant / vsdatant][Running/System Start]
  <System32\vsdatant.sys><Zone Labs, LLC>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[FAMETECH USB PC CAMERA / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[&Google Web Accelerator Helper]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\leo\blin\blinplug.dll, BLin Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Save with Mybase/WebCollect]
  {B32D4F40-124C-4be4-9EED-456712C053B5} <, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <C:\Program Files\CyberArticle\CAExp.dll, shijun.com>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[GovTifActiveX Control]
  {001290E5-CD10-4957-9D2B-FD2B74990219} <C:\WINDOWS\DOWNLO~1\GOVTIF~1.OCX, zhiquan>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <d:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[BitCometBar]
  {3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[&Google Web Accelerator Helper]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <C:\Program Files\CyberArticle\CAExp.dll, shijun.com>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\leo\blin\blinplug.dll, BLin Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[D:\Program Files\Tencent\QQ\QQPlayerProxy.dll]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\PROGRA~1\Tencent\QQ\QQPLAY~1.DLL, Tencent>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&Dict.CN Definition]
  <http://dict.cn/rightclick.html, N/A>
[&使用BitComet下载]
  <res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\leo\blin\ctxmenu.htm, N/A>
[&使用迷你迅雷下载]
  <d:\Program Files\Maxthon\Thundermini\geturl.htm, N/A>
[Save image with M&ybase]
  <C:\Program Files\wjjsoft\WebCollect\imagesave.htm, N/A>
[Save with &Mybase]
  <C:\Program Files\wjjsoft\WebCollect\websave.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[保存: 完整网页...]
  <C:\Program Files\CyberArticle\script\Save.htm, N/A>
[保存: 更多保存内容...]
  <C:\Program Files\CyberArticle\script\SaveAuto.htm, N/A>
[加入天涯网藏]
  <http://hot.tianya.cn/GetTitle.aspx, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=viviband, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
  <d:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[&Google Web Accelerator Helper]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\leo\blin\blinplug.dll, BLin Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Save with Mybase/WebCollect]
  {B32D4F40-124C-4be4-9EED-456712C053B5} <, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <d:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <C:\Program Files\CyberArticle\CAExp.dll, shijun.com>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[GovTifActiveX Control]
  {001290E5-CD10-4957-9D2B-FD2B74990219} <C:\WINDOWS\DOWNLO~1\GOVTIF~1.OCX, zhiquan>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <d:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Solid Converter PDF]
  {259F616C-A300-44F5-B04A-ED001A26C85C} <D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[BitCometBar]
  {3F1ABCDB-A875-46C1-8345-B72A4567E486} <d:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[&Google Web Accelerator Helper]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <C:\Program Files\CyberArticle\CAExp.dll, shijun.com>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\leo\blin\blinplug.dll, BLin Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[D:\Program Files\Tencent\QQ\QQPlayerProxy.dll]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\PROGRA~1\Tencent\QQ\QQPLAY~1.DLL, Tencent>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&Dict.CN Definition]
  <http://dict.cn/rightclick.html, N/A>
[&使用BitComet下载]
  <res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\leo\blin\ctxmenu.htm, N/A>
[&使用迷你迅雷下载]
  <d:\Program Files\Maxthon\Thundermini\geturl.htm, N/A>
[Save image with M&ybase]
  <C:\Program Files\wjjsoft\WebCollect\imagesave.htm, N/A>
[Save with &Mybase]
  <C:\Program Files\wjjsoft\WebCollect\websave.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[保存: 完整网页...]
  <C:\Program Files\CyberArticle\script\Save.htm, N/A>
[保存: 更多保存内容...]
  <C:\Program Files\CyberArticle\script\SaveAuto.htm, N/A>
[加入天涯网藏]
  <http://hot.tianya.cn/GetTitle.aspx, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=viviband, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
  <d:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\Systen.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.2.2000]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1728][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.6.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.6.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.6.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.6.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.6.3]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 6.0.1.105]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.6.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.6.3]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.2.2000]
[PID: 1992][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.2.2000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.2.2000]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.2.2000]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.2.2000]
[PID: 2000][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 50]
[PID: 2028][C:\Program Files\Anti Trojan Elite\TERegPct.exe]  [N/A, ]
    [C:\Program Files\Anti Trojan Elite\BORLNDMM.DLL]  [Borland Software Corporation, 6.0.10.157]
    [C:\Program Files\Anti Trojan Elite\CC3260MT.DLL]  [Borland Corporation, 0.0.0.0 (informal build)]
[PID: 224][D:\Program Files\Picasa2\PicasaMediaDetector.exe]  [Google Inc., 2.6.35.940]
[PID: 312][D:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\GooglePinyin.ime]  [Google Inc., ]
[PID: 640][D:\Program Files\Kingsoft\Powerword 2007\xdict.exe]  [Kingsoft Co, Ltd., 10, 0, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\AccountActivate.dll]  [N/A, ]
    [D:\Program Files\Kingsoft\Powerword 2007\ITextOut.dll]  [Kingsoft, 1, 1, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\KPic10.dll]  [N/A, ]
    [D:\Program Files\Kingsoft\Powerword 2007\ijl11.dll]  [Intel Corporation, 1.1.2]
    [D:\Program Files\Kingsoft\Powerword 2007\NormGrab.DLL]  [Kingsoft Co, Ltd., 9, 0, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\statistics.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [D:\Program Files\Kingsoft\Powerword 2007\toTTSEngine50.dll]  [Kingsoft Corporation, 1, 0, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\xfile.dll]  [N/A, ]
    [D:\Program Files\Kingsoft\Powerword 2007\DBCore10.dll]  [Kingsoft  Corp., 1, 5, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\XdictGrb.dll]  [Kingsoft Co, Ltd., 9, 0, 0, 2]
    [D:\Program Files\Kingsoft\Powerword 2007\DictionaryManager.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Kingsoft\Powerword 2007\Xml2Xdata.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\MICROS~1\Speech\sapi.dll]  [Microsoft Corporation, 5.1.4111.00  (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\SPEECH~1\MICROS~1\TTS\1033\spttseng.dll]  [Microsoft Corporation, 5.1.4111.00  (XPClient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\SPEECH~1\MICROS~1\spcommon.dll]  [Microsoft Corporation, 5.1.4111.00  (XPClient.010817-1148)]
    [D:\Program Files\Kingsoft\Powerword 2007\KAVPassport.DLL]  [Kingsoft Corporation, 2005, 9, 27, 0]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]
[PID: 1296][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][D:\Program Files\Tencent\Foxmail\Foxmail.exe]  [Tencent Inc., 6.05.104.20]
    [D:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll]  [N/A, ]
    [D:\Program Files\Tencent\Foxmail\pcre.dll]  [N/A, ]
    [D:\Program Files\Tencent\Foxmail\3rdParty\addons\AD\MsgAPI.dll]  [Tencent inc., 1.0.0.0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [D:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll]  [CNNIC, 1, 0, 0, 3]

[PID: 2116][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3200][D:\Program Files\total_commander_655_pro-zxs\totalcmd\Totalcmd.exe]  [C. Ghisler & Co., 6.55]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL]  [Microsoft Corporation, 11.0.5510]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\ImgSize\ImgSize.wdx]  [N/A, ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\File Descriptions\FileDesc.wdx]  [Atl-Soft, 2.6.1]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\File Descriptions\Plugins\DFileLists.dll]  [N/A, ]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\File Descriptions\Plugins\DVersionInfo.dll]  [N/A, ]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\File Descriptions\Plugins\DHTML.dll]  [N/A, ]
    [D:\Program Files\total_commander_655_pro-zxs\totalcmd\Plugins\WDX\File Descriptions\Plugins\DText.dll]  [N/A, ]
[PID: 3848][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.5]
    [C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.5]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.5]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\components\jsd3250.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Documents and Settings\leo\Application Data\Mozilla\Firefox\Profiles\1ri21sb1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, ]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
    [C:\Documents and Settings\leo\Application Data\Mozilla\Firefox\Profiles\1ri21sb1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.3: 2007030919]
    [C:\Documents and Settings\leo\Application Data\Mozilla\Firefox\Profiles\1ri21sb1.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc\components\mgMouseService.dll]  [, 1.0]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]
    [C:\Documents and Settings\leo\Application Data\Mozilla\Firefox\Profiles\1ri21sb1.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}\components\tab_effect_xpcom.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll]  [, ]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Macromedia, Inc., 10.1.1r16]
[PID: 784][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1328][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]
[PID: 3776][C:\WINDOWS\regedit.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]
[PID: 156][F:\download\-=NetWork=-\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [d:\Program Files\Kingsoft\Powerword 2007\Grabgdip.dll]  [, 1, 0, 0, 1]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

附上在网上检测systen.dll的结果
Scanner results
Scan taken on 10 May 2007 08:45:55 (GMT)
A-Squared    
Found nothing
AntiVir    
Found HEUR/Malware
ArcaVir    
Found nothing
Avast    
Found Win32:Hupigon-AMD
AVG Antivirus    
Found PSW.Generic3.WSX
BitDefender    
Found Trojan.Dloader.AGU
ClamAV    
Found nothing
Dr.Web    
Found DLOADER.Trojan (probable variant)
F-Prot Antivirus    
Found Possibly a new variant of W32/Threat-HLLIN-Slipper-based!Maximus
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found a variant of Win32/Spy.Delf.NEH
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Rising Antivirus    
Found nothing
VirusBuster    
Found Packed/NSPack
VBA32    
Found Backdoor.Bifrose.9 (probable variant)