压缩包内容描述如下：
首先是系统好之前的扫描报告:
SREngLOG
之后是系统崩溃后的报告;
SREngLOG1
第三个是系统安全分析专家的报告：
分析报告
具体问题出现在explorer.exe上
几个截图在DOC1.DOC，文档中．

在最后一次启动前，系统一切正常，包括域服务，ＦＴＰ，ＷＥＢ，ＤＮＳ，代理服务器等等一切正常．
被破坏后的现象为：
ＥＸＰＬＯＲＥＲ．ＥＸＥ这个文件老是占用ＣＰＵ使用率５０%.不运行东西一直保持稳定．占用５０％．
进入系统后，桌面无法显示．
右下角小显示器网卡连接图标无法显示．
右击桌面，无效．
在开始那里想打开控制面板，或者我的文档，等等.
提示：找不到文件"(null)"或它的组件,请确实路径和文件名正确,而且所需的库文件均可用.
过几秒后继续弹出提示:对指定设备,路径或文件的访问被拒绝.
提示后,系统就卡住了,连任务栏也不显示.
尝试运行ctrl+alt+del,新建任务,浏览,运行process explorer,监控进程.
看到进程中explorer.exe进程中还有二个explorer.exe进程.
使用kill功能,kill掉explorer.exe进程下的二个explorer.exe子进程.
有点反应,右下角的网卡连接图案会显示出来,但是桌面还是无法显示.
双击占CPU 50%的主explorer.exe进程,弹出一个对话窗,查看threads选项(线索)
发现线索下面有个explorer.exe+oZ8188 占用cpu 50%.
使用kill功能,结束它.也有些反应.这下CPU的使用率正常了.不会超过5%.但是桌面还是不会显示.
这个时候explorer.exe进程还是运行着的.只是把他里面的explorer.exe+oZ8188 这个细节关闭.
(如压缩包的图)

点击explorer.exe,发现里面的command line:
路径为:c:\winnt\explorer.exe+e%@#%^%^&&什么的一堆乱码.
在别的正常系统上查是:c:\winnt\explorer.exe 没有后面的一堆乱码.
current directory:这个目录也跟正常的系统路径不一样:
正常的是c:\documents amd settings\你的计算机名.
而我这个路径是:d:\bc268e960fa66587e244e4404a\update\update.exe

从这上面找到一点线索,运行防火墙,查看详细设置,查看访问规则:
有一堆某名的规则运行，其中有d:\bc268e960fa66587e244e4404a\update\update.exe
d:\bc268e960fa66587e244e4404a\update\update.exe
d:\bc268e960fa66587e244e4404a\update\update.exe
d:\bc268e960fa66587e244e4404a\update\update.exe
d:\bc268e960fa66587e244e4404a\update\update.exe
有十几条这样的规则。通过运行。其中bc268e960fa66587e244e4404a这个目录名是变化的,不是一样的.
我只是没办法写这么多.复制一个做代表.
c:\winnt\softwaredistribution\download\02cdaef42faf7aa5ca7c02c80ddaad01\update\update.exe还有这规则.

回收站
c:RECYCLER 是文件夹图标

S-1-5-21-746137067-1425521274-839522115-500
S-1-5-21-746137067-57989841-839522115-500
S-1-5-21-823518204-220523388-839522115-500

D:RECYCLER 是文件夹图标

S-1-5-21-746137067-1425521274-839522115-500
S-1-5-21-746137067-57989841-839522115-500
S-1-5-21-823518204-220523388-839522115-500

E:RECYCLER 是回收站图标

S-1-5-21-746137067-1425521274-839522115-500
S-1-5-21-746137067-57989841-839522115-500
S-1-5-21-823518204-220523388-839522115-500

D盘文件夹被放的乱七八糟.

从安全模式进入系统,效果一样.在进入过程中提示:press esc to cancel loading "sptd.sys".但从网上的资料显示,此文件为daemon.tools 4.x的驱动.在ICE冰刀,选ssdt查看,有大量会红名的文件,其中也包括sdtp.sys.其他二个是安全的,一个为诺顿文件,一个为SSM文件.


内网连接不正常.外网出现故障,数据上下行差别很大.大部分也上不了外网.

正常前的扫描:
Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <NeroFilterCheck><; C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[CCProxy / CCProxy]
  <"C:\CCProxy\CCProxy.exe" -service><>
[DefWatch / DefWatch]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Registry Protector / Mercha2]
  <><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanuthullCore / PeanuthullCore]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\flash8.ocx, Macromedia, Inc.>

==================================

==================================
正在运行的进程
[PID: 268][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 292][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 316][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
[PID: 348][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 360][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 456][C:\WINNT\System32\termsrv.exe]  <Microsoft Corporation><5.00.2195.6696>
[PID: 552][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 644][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 672][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\dtmon.dll]  <Data Techniques, Inc.><3.00.00>
    [C:\WINNT\system32\EBPMON24.DLL]  <SEIKO EPSON CORPORATION><1, 12, 0, 0>
    [C:\WINNT\system32\ZLhp1020.DLL]  <Zenographics, Inc.><5, 53, 2714, 0>
    [C:\WINNT\system32\ZLM.dll]  <Zenographics, Inc.><5, 50, 1416, 0>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\blproces.dll]  <Black Ice Software><2.0>
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  <Zenographics, Inc.><5, 54, 330, 0>
    [C:\WINNT\system32\Imf32.dll]  <Zenographics, Inc.><5, 60, 1204, 0>
    [C:\WINNT\system32\ZTAG32.dll]  <Zenographics, Inc.><5, 60, 1210, 0>
    [C:\WINNT\system32\ZSPOOL.dll]  <Zenographics, Inc.><5, 51, 709, 0>
[PID: 872][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 956][C:\CCProxy\CCProxy.exe]  <><6, 3, 0, 1>
[PID: 976][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 992][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 1056][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1116][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.7021>
[PID: 1180][C:\PROGRA~1\MI6841~1\MSSQL$~2\binn\sqlservr.exe]  <Microsoft Corporation><2000.080.0194.00>
[PID: 1192][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVEX32a.DLL]  <Symantec Corporation><20061.1.0.14>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060712.021\NAVENG32.DLL]  <Symantec Corporation><20061.1.0.14>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
[PID: 1228][C:\WINNT\system32\WINDOW~1\Server\nspmon.exe]  <Microsoft Corporation><4.1.00.3934>
[PID: 1260][C:\WINNT\system32\WINDOW~1\Server\nscm.exe]  <Microsoft Corporation><4.1.00.3934>
[PID: 1288][C:\WINNT\system32\ntfrs.exe]  <Microsoft Corporation><5.00.2195.6709>
[PID: 1368][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8040>
[PID: 1388][C:\Program Files\PeanutHull3\PhCore.exe]  <广东网域><1, 0, 0, 13>
    [C:\Program Files\PeanutHull3\PhAlive.dll]  <广东网域><1, 0, 1, 26>
[PID: 1456][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 1472][C:\WINNT\system32\locator.exe]  <Microsoft Corporation><5.00.2195.6619>
[PID: 1488][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 1536][C:\WINNT\system32\tcpsvcs.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1576][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 1624][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1688][C:\WINNT\System32\wins.exe]  <Microsoft Corporation><5.00.2195.7005>
[PID: 1720][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 1732][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1760][C:\WINNT\System32\dns.exe]  <Microsoft Corporation><5.00.2195.6715>
[PID: 1776][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1836][C:\WINNT\System32\ismserv.exe]  <Microsoft Corporation><5.00.2195.6684>
[PID: 1856][C:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
    [C:\olite\bin\ociw32.dll]  <Oracle Corporation><7.3.4.0.0>
[PID: 2028][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  <Microsoft Corporation><9.107.5512.0>
[PID: 2224][C:\WINNT\system32\WINDOW~1\Server\nspm.exe]  <Microsoft Corporation><4.1.00.3917>
    [C:\WINNT\system32\tssoft32.acm]  <DSP GROUP, INC.><1.01>
    [C:\WINNT\system32\tsd32.dll]  <N/A><N/A>
    [C:\WINNT\system32\l3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
    [C:\WINNT\system32\iac25_32.ax]  <Intel Corporation><2.05.53>
    [C:\WINNT\system32\vorbis.acm]  <HMS http://hp.vector.co.jp/authors/VA012897/><0, 0, 3, 6>
    [C:\WINNT\system32\vct3216.acm]  <Voxware, Inc.><1.6.0.17>
    [C:\WINNT\system32\vct3216.dll]  <Voxware, Inc.><1.6.0.12>
    [C:\WINNT\system32\msms001.vwp]  <Voxware, Inc.><2.0.2.61>
    [C:\WINNT\system32\mvoice.vwp]  <Voxware, Inc.><2.0.0.12.01>
    [C:\WINNT\system32\sl_anet.acm]  <Sipro Lab Telecom Inc.><3.02>
[PID: 2316][C:\WINNT\system32\WINDOW~1\Server\nsum.exe]  <Microsoft Corporation><4.1.00.3930>
[PID: 2876][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><8.1.0.821>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 2896][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 3036][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 3232][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 3240][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\Program Files\Yahoo!\Assistant\yNotifier.dll]  <><1, 0, 0, 5>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 3192][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  <Yahoo!><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  <Yahoo><1, 0, 1, 1006>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  <Yahoo><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  <Yahoo><1, 0, 0, 2>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 3196][C:\WINNT\system32\ctfmon.exe]  <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 2800][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>

[PID: 2192][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  <Microsoft Corporation><11.0.6502>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  <Zenographics, Inc.><5.60.709.0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  <Zenographics, Inc.><5, 60, 2629, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  <Zenographics, Inc.><5, 51, 709, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  <Zenographics, Inc.><5, 60, 709, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  <Zenographics, Inc.><5, 60, 1210, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  <Zenographics, Inc.><5, 60, 2209, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SR32.dll]  <Zenographics, Inc.><6, 0, 909, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\IMFNT5.DLL]  <Zenographics, Inc.><0, 3, 3508, 0>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\Imf32.dll]  <Zenographics, Inc.><5, 60, 1204, 0>
[PID: 2036][E:\Program Files\Tencent\Foxmail\Foxmail.exe]  <Tencent Inc.><6.03.103.21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [E:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll]  <N/A><N/A>
    [E:\Program Files\Tencent\Foxmail\pcre.dll]  <N/A><N/A>
    [E:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll]  <CNNIC><1, 0, 0, 3>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [E:\Program Files\Tencent\Foxmail\3rdParty\cmplugin.dll]  <N/A><N/A>
[PID: 916][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 3, 1002>
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  <Yahoo><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  <Yahoo><1, 0, 4, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yXPStyle.dll]  <Yahoo><1, 0, 2, 1309>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINNT\system32\flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [F:\u\SREng2\SREng.com]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [e:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

出问题后的扫描:
Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <NeroFilterCheck><; C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>  [Symantec Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><>  []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[CCProxy / CCProxy]
  <"C:\CCProxy\CCProxy.exe" -service><>
[DefWatch / DefWatch]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Registry Protector / Mercha2]
  <><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanuthullCore / PeanuthullCore]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\Tencent\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\Tencent\qq\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 212][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 236][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 260][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
    [C:\WINNT\system32\SSMWinlogonEx.dll]  <System Safety Limited><2.1.5.580>
[PID: 288][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 300][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 392][C:\WINNT\System32\termsrv.exe]  <Microsoft Corporation><5.00.2195.6696>
[PID: 492][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 580][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 684][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 640][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 624][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 632][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 884][C:\WINNT\System32\llssrv.exe]  <Microsoft Corporation><5.00.2195.7021>
[PID: 924][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINNT\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINNT\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.24>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.24>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
[PID: 1100][C:\WINNT\system32\ntfrs.exe]  <Microsoft Corporation><5.00.2195.6709>
[PID: 1128][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8040>
[PID: 1148][C:\Program Files\PeanutHull3\PhCore.exe]  <广东网域><1, 0, 0, 13>
    [C:\Program Files\PeanutHull3\PhAlive.dll]  <广东网域><1, 0, 1, 26>
[PID: 1192][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 1196][C:\WINNT\system32\locator.exe]  <Microsoft Corporation><5.00.2195.6619>
[PID: 1264][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 1336][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1364][C:\WINNT\system32\mspmspsv.exe]  <Microsoft Corporation><7.10.00.3059>
[PID: 1528][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 1536][C:\WINNT\system32\msdtc.exe]  <Microsoft Corporation><1999.9.3421.3>
    [C:\olite\bin\ociw32.dll]  <Oracle Corporation><7.3.4.0.0>
[PID: 1568][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  <Microsoft Corporation><9.107.5512.0>
[PID: 1636][C:\WINNT\system32\WINDOW~1\Server\nsum.exe]  <Microsoft Corporation><4.1.00.3930>
[PID: 1220][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1308][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1788][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 748][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
[PID: 1512][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
[PID: 804][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  <Yahoo!><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  <Yahoo><1, 0, 1, 1006>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  <Yahoo><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  <Yahoo><1, 0, 0, 2>
[PID: 1724][C:\WINNT\system32\ctfmon.exe]  <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1840][C:\WINNT\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 46>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1340][C:\WINNT\system32\taskmgr.exe]  <Microsoft Corporation><5.00.2195.6620>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [K:\SREng2\SREng.com]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [K:\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>
[PID: 1768][C:\WINNT\regedit.exe]  <Microsoft Corporation><5.00.2195.6707>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

#T0 SecAnalyst 分析报告 版本:0, 3, 4, 8
#操作系统 : Microsoft Windows 2000 Service Pack 4 (Build 2195) (CHS)
#系统目录 : C:\WINNT\system32
#浏览器  : Internet Explorer 6.0.2800.1106
#生成时间 : 2006-7-28 17:7:2

#T2 请把报告贴到安全救援中心bbs.s-sos.net,我们的专家会为你做出诊断，另外，报告中的安全风险值仅仅表示可疑程度。
#Q1 (请在此输入你的电脑遇到的问题和异常情况..)


#O4  警告    自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\粉碎文件]-c:\progra~1\yahoo!\assist~1\assist\ywiper.dll
#O4  警告    自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Shell Extensions for RealOne Player]-c:\program files\real\realone player\rpshell.dll
#O4  警告    自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Yahoo!Photo]-c:\program files\yahoo!\assistant\assist\yphtb.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\WinRAR shell extension]-c:\program files\winrar\rarext.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\AutoCAD 数字签名图标覆盖处理程序]-c:\winnt\system32\acsignicon.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\LDVP Shell Extensions]-c:\program files\common files\symantec shared\ssc\vpshell2.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Display Panning CPL Extension]-deskpan.dll [file not found]
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\NeroFilterCheck]-; c:\winnt\system32\nerocheck.exe [file not found]
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\NvMediaCenter]-; rundll32.exe c:\winnt\system32\nvmctray.dll,nvtaskbarinit [file not found]
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\NvCplDaemon]-; rundll32.exe c:\winnt\system32\nvcpl.dll,nvstartup [file not found]
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\yassistse]-"c:\progra~1\yahoo!\assistant\yassistse.exe"
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\run\YLive.exe]-c:\progra~1\yahoo!\assist~1\ylive.exe
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\nView Desktop Context Menu]-c:\winnt\system32\nvshell.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Desktop Explorer Menu]-c:\winnt\system32\nvshell.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Desktop Explorer]-c:\winnt\system32\nvshell.dll
#O4  低风险  自启动:[hkey_local_machine\software\microsoft\windows\currentversion\shell extensions\approved\Autodesk Drawing Preview]-c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll


#D0  低风险  驱动: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVENG.sys
#D0  低风险  驱动: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060726.039\NAVEX15.sys
#D0  低风险  驱动: C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
#D0  低风险  驱动: C:\Program Files\Symantec\SYMEVENT.SYS
#D0  低风险  驱动: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
#D0  低风险  驱动: C:\Program Files\HWiNFO32\HWiNFO32.SYS
#D0  低风险  驱动: C:\Program Files\Rising\Rfw\RfwBase.sys
#D0  低风险  驱动: c:\program files\rising\rfw\mProcRs.sys
#D0  低风险  驱动: C:\WINNT\system32\DRIVERS\sniffer.sys
#D0  低风险  驱动: C:\WINNT\system32\npptNT2.sys
#D0  低风险  驱动: C:\WINNT\system32\DRIVERS\vcdvnic.sys
#D0  低风险  驱动: C:\WINNT\System32\Drivers\Cdralw2k.SYS
#D0  低风险  驱动: C:\WINNT\System32\Drivers\Cdr4_2K.SYS
#D0  低风险  驱动: C:\WINNT\system32\DRIVERS\nv4_mini.sys

#R1  警告    SearchAssistant: http://toolsbar.kuaiso.com/search.html - HKCU\Software\Microsoft\Internet Explorer\Main, SearchAssistant

#R3  低风险  URLSearchHook: {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - coolbar - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks

#O2  低风险  BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
#O2  低风险  BHO: {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX

#O3  低风险  Toolbar: {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - 雅虎助手 - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll

#M0  危险    DLL: C:\WINNT\system32\MSCTF.dll
#M0  警告    DLL: C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll
#M0  警告    DLL: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
#M0  低风险  DLL: C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll
#M0  低风险  DLL: C:\WINNT\system32\AcSignIcon.dll

#P0  危险    进程:c:\winnt\system32\nvsvc32.exe
#P0  危险    进程:c:\program files\rising\rfw\rfwsrv.exe
#P0  危险    进程:c:\winnt\system32\mspmspsv.exe
#P0  警告    进程:c:\winnt\system32\drivers\cdac11ba.exe
#P0  警告    进程:c:\program files\peanuthull3\phcore.exe
#P0  低风险  进程:c:\progra~1\yahoo!\assistant\yassistse.exe
#P0  低风险  进程:c:\progra~1\yahoo!\assist~1\ylive.exe

#S0  危险    NT 服务: NVSvc - 启动方式: 自动 - 当前状态: 已启动 - C:\WINNT\system32\nvsvc32.exe
#S0  危险    NT 服务: RfwService - 启动方式: 自动 - 当前状态: 已启动 - c:\program files\rising\rfw\rfwsrv.exe
#S0  危险    NT 服务: WMDM PMSP Service - 启动方式: 自动 - 当前状态: 已启动 - C:\WINNT\system32\mspmspsv.exe
#S0  警告    NT 服务: WmdmPmSN - ServiceDll - C:\WINNT\system32\mspmsnsv.dll
#S0  警告    NT 服务: C-DillaCdaC11BA - 启动方式: 自动 - 当前状态: 已启动 - C:\WINNT\system32\drivers\CDAC11BA.EXE
#S0  警告    NT 服务: PeanuthullCore - 启动方式: 自动 - 当前状态: 已启动 - C:\Program Files\PeanutHull3\PhCore.exe -service
#S0  警告    NT 服务: Macromedia Licensing Service - 启动方式: 已禁用 - 当前状态: 已停止 - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
#S0  低风险  NT 服务: Mercha2 - 启动方式: 已禁用 - 当前状态: 已停止 -  - [file not found]
#S0  低风险  NT 服务: CCProxy - 启动方式: 自动 - 当前状态: 已停止 - "C:\CCProxy\CCProxy.exe" -service
您的电脑整体安全风险为中(89分)，请尽快咨询安全专家，协助处理!

图

图

以上二项都不是.一个是注册表安全机制服务
一个是网络监控注入程序winpcap 3.1
有这么简单的话,我头都不会疼啦.
现在关键的是要分析出explorer.exe
HJK.什么也扫不出.况且以上服务我都禁止了.