应该是木马下载器 也就是通过他给你下载一堆木马和后门 要不怎么你的qq老被盗呢？

删了就行了吗？

你那个病毒的截图
等等  我测试

瑞星为什么杀不来呢？

最新版的可以查出来

003D7D8C  push    003D7E50                          /start
003D7D91  push    003D7E60                          qquin:
003D7D99  push    003D7E70                          pwdhash:
003D7DAC  push    003D7E84                          qqpwd:
003D7DBE  mov    ecx, 003D7E94                      /stat:10
003D7DC3  mov    edx, 003D7EA8                      /stat:40
003D7EE2  mov    edx, 003D7F20                    登录
003D7F5B  mov    edx, 003D800C                    edit
003D7F95  mov    edx, 003D8018                    qqet
003D8055  mov    edx, 003D80AC                    edit
003D810C  mov    edx, 003D8170                    edit
003D8218  mov    edx, 003D82EC                    edit
003D8261  mov    edx, 003D82FC                    服务器拒绝

呵呵 那是个盗QQ号的木马
你开始登陆qq时候会提示密码不正确 此后 再次登陆你的qq号就被盗咯

[CODE]

2007-06-10,22:30:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe>  [N/A]
    <jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe>  [N/A]
    <rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe>  [N/A]
    <wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe>  [N/A]
    <tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe>  [N/A]
    <dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe>  [N/A]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Local Security Authority Service><D:\WINNT\System32\lssas.exe>  [N/A]
    <Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe>  [N/A]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe>  [N/A]
    <jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe>  [N/A]
    <wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe>  [N/A]
    <wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe>  [N/A]
    <wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe>  [N/A]
    <qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe>  [N/A]
    <msccrt><D:\WINNT\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><D:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[tzlhwfqg / tzlhwfqg][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tzlhwfqg.sys><Yahoo! China Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.1408]
    [D:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 960][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [D:\WINNT\System32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\System32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 6, 1008]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 8, 1023]
[PID: 992][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [D:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1076][D:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1152][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 2, 1028]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1116][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1160][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1092][D:\WINNT\System32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1408][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [D:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

现在怎么样了？