~GLH0001.TMP    C:\windows\ststem  backdoor.livup.c
msstart.exe    C:\windows\system  trojan.liveup.c
A0029414.CPY    C:\_restore\TEMP    trojan.liveup.c

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [Microsoft Corporation]
    <ScanRegistry><C:\WINDOWS\scanregw.exe /autorun>  [Microsoft Corporation]
    <TaskMonitor><C:\WINDOWS\taskmon.exe>  [Microsoft Corporation]
    <SystemTray><SysTray.Exe>  [Microsoft Corporation]
    <DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <YLive.exe><C:\PROGRA~1\YAHOO!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <yassistse><"C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE">  [Yahoo! China]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <SchedulingAgent><mstask.exe>  [Microsoft Corporation]
    <*StateMgr><C:\WINDOWS\System\Restore\StateMgr.exe>  [Microsoft Corporation]
    <KB891711><C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE>  [Microsoft Corporation]
    <RsCcenter><"C:\Program Files\Rising\Rav\CCenter.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMond><"C:\Program Files\Rising\Rav\RavMond.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMon><"C:\Program Files\Rising\Rav\RavMon.exe" -system>  [Beijing Rising Technology Co., Ltd.]

浏览器加载项
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL, Amaze Soft>
[上网助手]
  {1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRAM FILES\3721\ASSIST\ASSIST.DLL, $>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL, Yahoo! China>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL, Yahoo! China>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL, yahoo! china>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YANGLING.DLL, yahoo! china>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL, 北京三七二一科技有限公司>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KUGOO3\KUGOO3~1.OCX, N/A>
[@shdoclc.dll,-866@2052,相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\PROGRA~1\MESSEN~1\MSMSGS.EXE, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE, Amaze Soft>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9.OCX, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\OL2005.DLL, Beijing Rising Technology Co., Ltd.>
[Yahoo! 相册轻松上载工具 Class]
  {0150EB11-5FB4-4D9E-85EA-0F155705227E} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\YDROPPERCN.DLL, Yahoo! Inc.>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\SYSTEM\IUCTL.DLL, Microsoft Corporation>
[添加到QQ自定义面板]
  <C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm, N/A>
[上传到QQ网络硬盘]
  <C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL/203, N/A>
[使用网际快车下载]
  <C:\PROGRAM FILES\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\PROGRAM FILES\FLASHGET\jc_all.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL/YRSSMENUEXT, N/A>
[&Google Search]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html, N/A>
[&Translate English Word]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html, N/A>
[Cached Snapshot of Page]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html, N/A>
[Similar Pages]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html, N/A>
[Backward Links]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html, N/A>
[Translate Page into English]
  <res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html, N/A>
[使用KuGoo3下载(&K)]
  <C:\PROGRAM FILES\KUGOO3\KuGoo3DownX.htm, N/A>

正在运行的进程
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294842113][C:\WINDOWS\SYSTEM\MPREXE.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294868465][C:\WINDOWS\SYSTEM\MSTASK.EXE]  <Microsoft Corporation><4.71.2721.1>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSIO.DLL]  <北京三七二一科技有限公司><1, 0, 2, 8>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMINIO.DLL]  <北京三七二一科技有限公司><1, 0, 3, 7>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\KUGOO3\KUGOO3DOWNXCONTROL.OCX]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YDRAGSEARCH.DLL]  <yahoo! china><3, 0, 0, 1000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL]  <Yahoo! China><3, 0, 2, 1004>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL]  <Yahoo! China><3, 0, 7, 1012>
    [C:\PROGRAM FILES\3721\ASSIST\ASSIST.DLL]  <$><2, 0, 3, 3>
    [C:\PROGRAM FILES\WINRAR\RAREXT.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YWIPER.DLL]  <Yahoo! China><3, 0, 1, 1001>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\TENCENT\QQ\QDSHM.DLL]  <,><1, 0, 1, 2>
    [C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL]  <Amaze Soft><1, 1, 4, 0>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL]  <Yahoo! China><3, 0, 1, 1010>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL]  <yahoo! china><3, 2, 5, 1075>
    [C:\WINDOWS\SYSTEM\DCIMAN32.DLL]  <Intel(R) Corp., Microsoft Corp.><4.90.3000>
    [C:\WINDOWS\SYSTEM\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294784125][C:\WINDOWS\EXPLORER.EXE]  <Microsoft Corporation><5.50.4134.100>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294809405][C:\WINDOWS\SYSTEM\RPCSS.EXE]  <Microsoft Corporation><4.71.3328>
[PID: 4294745761][C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE]  <Microsoft Corporation><4.90.0.2533>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMINEX.DLL]  <国风因特软件(北京)有限公司><1, 0, 3, 2>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSIO.DLL]  <北京三七二一科技有限公司><1, 0, 2, 8>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMINIO.DLL]  <北京三七二一科技有限公司><1, 0, 3, 7>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294640789][C:\WINDOWS\RUNDLL32.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294760557][C:\WINDOWS\SYSTEM\INTERNAT.EXE]  <Microsoft Corporation><4.90.1000.0>
[PID: 4294692981][C:\WINDOWS\TASKMON.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
[PID: 4294689113][C:\WINDOWS\SYSTEM\SYSTRAY.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\NRGMOUNT.DLL]  <GENERIC><1.01.0.0>
    [C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\PDIMOUNT.DLL]  <GENERIC><1.01.0.0>
    [C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\MDSMOUNT.DLL]  <GENERIC><1.01.0.0>
    [C:\PROGRAM FILES\D-TOOLS\PLUGINS\IMAGES\CCDMOUNT.DLL]  <GENERIC><1.01.0.0>
    [C:\PROGRAM FILES\D-TOOLS\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [C:\WINDOWS\DAEMON.DLL]  <N/A><3.41.0.0>
[PID: 4294689205][C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE]  <DAEMON'S HOME><3.41.0.0>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YNOTIFIER.DLL]  <yahoo! china><3, 0, 0, 1000>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL]  <Yahoo! China><3, 0, 1, 1010>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL]  <yahoo! china><3, 2, 5, 1075>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
[PID: 4294584469][C:\PROGRAM FILES\YAHOO!\ASSISTANT\YLIVE.EXE]  <Yahoo! China><3, 0, 1, 1007>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YMENUINFO.DLL]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YIEANGEL.DLL]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YASMENU.DLL]  <Yahoo! China><3, 0, 0, 1001>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\SHELL\YASSECBLK.DLL]  <Yahoo! China><3, 0, 0, 1002>
[PID: 4294578589][C:\PROGRAM FILES\YAHOO!\ASSISTANT\YASSISTSE.EXE]  <Yahoo! China><3, 0, 0, 1001>
    [C:\WINDOWS\SYSTEM\I81XDD.DLL]  <Intel Corporation><4.12.01.2570>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
[PID: 4279192765][C:\WINDOWS\SYSTEM\DDHELP.EXE]  <Microsoft Corporation><4.09.00.0900>
[PID: 4294595633][C:\WINDOWS\SYSTEM\WMIEXE.EXE]  <Microsoft Corporation><4.90.2452.1>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
[PID: 4294569345][C:\WINDOWS\SYSTEM\RNAAPP.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294558821][C:\WINDOWS\SYSTEM\TAPISRV.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\WINDOWS\SYSTEM\MACROMED\COMMON\SWSUPPORT.DLL]  <Macromedia, Inc.><8.0r196>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9.OCX]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSIO.DLL]  <北京三七二一科技有限公司><1, 0, 2, 8>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMINIO.DLL]  <北京三七二一科技有限公司><1, 0, 3, 7>
    [C:\WINDOWS\SYSTEM\UNISPIM5.IME]  <北京紫光华宇软件股份有限公司><5.0.0.5091>
    [C:\PROGRAM FILES\KUGOO3\KUGOO3DOWNXCONTROL.OCX]  <N/A><N/A>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YANGLING.DLL]  <yahoo! china><3, 0, 1, 1002>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YDRAGSEARCH.DLL]  <yahoo! china><3, 0, 0, 1000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL]  <Yahoo! China><3, 0, 2, 1004>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL]  <Yahoo! China><3, 0, 7, 1012>
    [C:\PROGRAM FILES\3721\ASSIST\ASSIST.DLL]  <$><2, 0, 3, 3>
    [C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL]  <Amaze Soft><1, 1, 4, 0>
    [C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL]  <Amaze Soft><1, 2, 0, 0>
    [C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL]  <Google Inc.><3, 0, 131, 0>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSPLUS.DLL]  <3721><1, 0, 0, 2>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL]  <Yahoo! China><3, 0, 1, 1010>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL]  <yahoo! china><3, 2, 5, 1075>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YSCRBLOCK.DLL]  <Yahoo! China><3, 0, 0, 1000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHINT.DLL]  <3721><1, 0, 0, 9>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>

[PID: 4294480325][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2600.0000>
[PID: 4294257025][C:\WINDOWS\SYSTEM\PSTORES.EXE]  <Microsoft Corporation><5.00.2133.2>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294959433][C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE]  <Microsoft Corporation><1.50.1164.0000>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294869981][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\PROGRAM FILES\TENCENT\QQ\QQPHONEHELPER.DLL]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [C:\PROGRAM FILES\TENCENT\QQ\QQSCENEMNG.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\QQADDR.DLL]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
    [C:\PROGRAM FILES\TENCENT\QQ\PERSONALDESKTOP.DLL]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [C:\PROGRAM FILES\TENCENT\QQ\COMMERCESMNG.DLL]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQPLUGIN.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\BQQAPPLICATION.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\QQPET.DLL]  < ><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\LONGCONNECTION.DLL]  <tencent><0, 3, 3, 8>
    [C:\PROGRAM FILES\TENCENT\QQ\FLASHAVATARDLL.DLL]  <(><1, 4, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQAVATAR.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\DIALERALLINONE.DLL]  <tencent><1, 4, 0, 0>
    [C:\PROGRAM FILES\TENCENT\QQ\PHONEAPI.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QRINGMNG.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSHOOK.DLL]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\PROGRAM FILES\TENCENT\QQ\USERDEFINEDHEAD.DLL]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQCONFIGPLUGIN.DLL]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQSYSMSGMNG.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\QQGROUPMNG.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQSPACE.DLL]  < ><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\MAILSUMMARY.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\HOSTINGMGR.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\CAMERADLL.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\NEWSKIN.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\CQQAPPLICATION.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\QQMAINFRAME.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\TENCENT\QQ\QQRES.DLL]  <tencent><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\LOGINCTRL.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\NPKCNTC.DLL]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\NPKPDB.DLL]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL]  <tencent><0, 3, 2, 4>
    [C:\PROGRAM FILES\TENCENT\QQ\QQAPI.DLL]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
[PID: 4294215901][C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]  <TENCENT><0, 0, 0, 0>
    [C:\PROGRAM FILES\TENCENT\QQ\QQBASECLASSINDLL.DLL]  <,><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\QQHELPERDLL.DLL]  <$><1, 0, 0, 1>
    [C:\PROGRAM FILES\TENCENT\QQ\BASICCTRLDLL.DLL]  <Tencent><5, 0, 200, 14>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DCIMAN32.DLL]  <Intel(R) Corp., Microsoft Corp.><4.90.3000>
    [C:\PROGRAM FILES\TENCENT\QQ\TIMPROXY.DLL]  <tencent><0, 3, 2, 4>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294131545][C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]  <tencent><0, 3, 1, 8>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294055485][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\EXTOLE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL]  <N/A><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL]  <rising><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\REGMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>

[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
[PID: 4293947829][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[PID: 4294463953][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294748905][C:\WINDOWS\RUNDLL32.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\DOWNLOADS\SRENG2\SRENG2\PLUGINS\SRENGPLUGINDEMO.SRE]  <Smallfrogs Studio><1, 1, 1, 0>
    [C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMIN.DLL]  <北京三七二一科技有限公司><1, 5, 3, 6>
[PID: 4294777849][C:\DOWNLOADS\SRENG2\SRENG2\SRENG.EXE]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]