我用process.查看了是EXPLORER.EXE.
用Autoruns看了internet exploer.如下
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ assistseAssistSettingyahooc:\program files\3721\assistse.exe
+ iTunesHelperiTunesHelper ModuleApple Computer, Inc.c:\program files\itunes\ituneshelper.exe
+ mmskd:\瑞星\木马杀客\mmsk.exe
+ MSPY2002c:\windows\system32\ime\pintlgnt\imscinst.exe
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ NvMediaCenterNVIDIA Media Center LibraryNVIDIA Corporationc:\windows\system32\nvmctray.dll
+ nwizNVIDIA nView Wizard, Version 62.11 NVIDIA Corporationc:\windows\system32\nwiz.exe
+ QuickTime TaskQuickTime TaskApple Computer, Inc.c:\program files\quicktime\qttask.exe
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravtimer.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedd:\瑞星\rising\rfw\rfwmain.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravstub.exe
HKLM\System\CurrentControlSet\Services
+ ASUSKeyboardServiceASUS Keyboard Service ASUSTeK COMPUTER INC.c:\windows\asuskbservice.exe
+ NVSvcASUS Driver Helper ServiceNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\瑞星\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterrisingd:\瑞星\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\瑞星\rising\rav\ravmond.exe
+ SoundMAX Agent Service (default)SoundMAX service agent componentAnalog Devices, Inc.c:\program files\analog devices\soundmax\smagent.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ iTunesiTunes Mini Player DLLApple Computer, Inc.c:\program files\itunes\itunesminiplayer.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 金山毒霸File not found: C:\KAV6\KAVEXT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects
+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll
+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll
+ NTIECatcher ClassNet Transport IE Helper ModuleXic:\program files\nettransport 2\ntiehelper.dll
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
+ 超级兔子上网精灵File not found: C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ coolbarCoolBar3721c:\program files\3721\assist\asbar.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 超级兔子上网精灵File not found: C:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL
+ 金山毒霸安全助手金山毒霸安全助手金山软件股份有限公司c:\program files\kos\kosiebar.dll
+ 上网助手CoolBar3721c:\program files\3721\assist\asbar.dll
+ 一搜File not found: C:\PROGRA~1\YiSou\yisou.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1
+ 豪杰超级解霸V8c:\program files\herov8\sthsdvd.exe
+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
+ 手机短信File not found: http://sms.3721.com/ie/index.htm
+ 微软File not found: http://www.microsoft.com/china/index.htm
+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns
HKCU\Control Panel\Desktop\Scrnsave.exe
+ boinc.scrBOINC ScreensaverSpace Sciences Laboratoryc:\windows\boinc.scr
