Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 21:37:44, on 2006-10-01
Platform: Microsoft Windows XP Professional Service Pack 1 (Build 2600)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106 (xpsp1.020828-1920))


Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService

[CCSETMGR.EXE]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

[CCEVTMGR.EXE]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

[SNDSrvc.exe]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

[SYMLCSVC.EXE]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

[CCAPP.EXE]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[CTFMON.EXE]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"

[conime.exe]
CommandLine = C:\WINDOWS\System32\conime.exe

[ALG.EXE]
CommandLine = C:\WINDOWS\System32\alg.exe

[NAVAPSVC.EXE]
CommandLine = "C:\Program Files\Norton AntiVirus\navapsvc.exe"

[NPFMNTOR.EXE]
CommandLine = "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"

[NVSVC32.EXE]
CommandLine = C:\WINDOWS\System32\nvsvc32.exe

[P2PSVR.EXE]
CommandLine = "C:\Program Files\Common Files\Sogou PXP\p2psvr.exe"

[CCenter.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k imgsvc

[NSCSRVCE.EXE]
CommandLine = "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"

[taskmgr.exe]
CommandLine = taskmgr.exe

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[EXPLORER.EXE]
CommandLine = Explorer.exe ntio.exe

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[Repair.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\Repair.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

[MSMSGS.EXE]
CommandLine = "C:\Program Files\Messenger\msmsgs.exe" -Embedding

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.7k.cc/
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe ntio.exe
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] ; rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTimer] ; D:\Program Files\rising\Rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] ; D:\Program Files\rising\Rav\RavMon.exe -system
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AddrPlus3] ; C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Start] Start.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{328C45FB-8747-4954-B18B-CFBA5A61F1D1}: NameServer = 202.109.14.5 202.96.209.134
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Norton AntiVirus 自动防护服务 (navapsvc) - Symantec Corporation - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: P4P Service (P4P Service) - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
O23 - Service: SPBBCSvc (SPBBCSvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
O23 - Service: Symantec Core LC (Symantec Core LC) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe -k netsvcs

这个用SRENG扫描的

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <RavTimer><; D:\Program Files\rising\Rav\RavTimer.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavMon><; D:\Program Files\rising\Rav\RavMon.exe -system>  [Beijing Rising Technology Co., Ltd.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <AddrPlus3><; C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32>  [N/A]
    <HPDJ Taskbar Utility><; C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe>  [(Verified)HP]
    <Start><Start.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe ntio.exe>  [N/A]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 自动防护服务 / navapsvc]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[Norton AntiVirus Firewall Monitor Service / NPFMntor]
  <"C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"><Symantec Corporation>
[Norton Protection Center Service / NSCService]
  <"C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Process Communication Center / RsCCenter]
  <D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
  <><N/A>
[Symantec AVScan / SAVScan]
  <"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SPBBCSvc / SPBBCSvc]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec Core LC / Symantec Core LC]
  <"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[
/
]
  <\SystemRoot\system32\drivers\0000.sys><>
[

/

]
  <\SystemRoot\system32\drivers\0000.sys><>
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\22254218.sys><N/A>
[15443343 / 15443343]
  <C:\WINDOWS\SYSTEM32\DRIVERS\15443343.SYS><N/A>
[9 / 9]
  <\SystemRoot\system32\drivers\boot00.sys><>
[99 / 99]
  <\SystemRoot\system32\drivers\boot00.sys><>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983]
  <System32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Rising>
[c28551375 / c28551375]
  <\SystemRoot\System32\drivers\c28551375.sys><N/A>
[c43344140 / c43344140]
  <\SystemRoot\System32\drivers\c43344140.sys><N/A>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Sundance ST201 based Adapter NT Driver / DLH5X]
  <System32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
[Symantec Eraser Control driver / eeCtrl]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[Rising Exploit Scaner 1.0 / ExpScaner]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><N/A>
[GMSIPCI / GMSIPCI]
  <\??\F:\INSTALL\GMSIPCI.SYS><N/A>
[HOOKAPI / HOOKAPI]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKREG.sys><>
[HookSys / HookSys]
  <\??\D:\PROGRAM FILES\RISING\RAV\hooksys.sys><瑞星>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[macho Bus / machobus]
  <\SystemRoot\System32\DRIVERS\machobus.sys><N/A>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060930.002\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060930.002\NavEx15.Sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT / NPPTNT]
  <\??\C:\WINDOWS\System32\npptNT.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Norton AntiVirus\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SYMDNS / SYMDNS]
  <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW]
  <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS]
  <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060922.092\symidsco.sys><Symantec Corporation>
[symlcbrd / symlcbrd]
  <\??\C:\WINDOWS\System32\drivers\symlcbrd.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS]
  <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[USB Web Camera / USBZC0301]
  <System32\Drivers\usbcam.sys><ZSMC>

==================================
浏览器加载项
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OL2005.dll, Beijing Rising

Technology Co., Ltd.>

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 588][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 600][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1004][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1156][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.7.3]
[PID: 1180][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 2.1.0.4]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\NORTON~1\HPPEVT32.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\HPPRES32.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\NAVEVENT.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\WINDOWS\SYSTEM32\SYMNETI.DLL]  [Symantec Corporation, 6.0.3.303]
[PID: 1264][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe]  [Symantec Corporation, 6.0.3.303]
    [C:\WINDOWS\System32\SymNeti.dll]  [Symantec Corporation, 6.0.3.303]
[PID: 1280][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe]  [Symantec Corporation, 1.9.1.762]
    [C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll]  [Symantec Corporation, 1.9.1.762]
[PID: 1620][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.LOC]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL]  [Symantec Corporation, 104.0.5.3]
    [C:\PROGRA~1\NORTON~1\DEFALERT.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.dll]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\NORTON~1\HPP32.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\NORTON~1\HPPRES32.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\IWP\IWP.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\NAVAPW32.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\apwutil.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\navapw32.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\NAVOPTRF.DLL]  [Symantec Corporation, 12.0.0.94]
    [C:\PROGRA~1\NORTON~1\apwutil.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\STATUSHP.DLL]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\HPPEVT32.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\Navlcom.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\NAVError.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\apwcmdnt.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\WINDOWS\System32\SYMREDIR.DLL]  [Symantec Corporation, 6.0.3.303]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 2.1.0.4]
    [C:\Program Files\Norton AntiVirus\apwcmdNT.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\naverror.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\ccAVMail.dll]  [Symantec Corporation, 104.0.5.3]
    [C:\Program Files\Norton AntiVirus\NAVEvent.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_7.DLL]  [Symantec Corporation, 2.7.39.0]
    [C:\Program Files\Norton AntiVirus\IWP\SymFWAgt.dll]  [Symantec Corporation, 104.0.1.17]
    [C:\WINDOWS\System32\SymNeti.DLL]  [Symantec Corporation, 6.0.3.303]
    [C:\Program Files\Common Files\Symantec Shared\ccLogin.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Norton AntiVirus\IWP\ccFWSetg.dll]  [Symantec Corporation, 104.0.1.17]
    [C:\PROGRA~1\NORTON~1\NAVTasks.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\NORTON~1\NAVTasks.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Norton AntiVirus\NAVOpts.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\navopts.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\NAVAPSCR.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_7.DLL]  [Symantec Corporation, 2.7.39.0]
    [C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_7.DLL]  [Symantec Corporation, 2.7.39.0]
    [C:\Program Files\Norton AntiVirus\N32Exclu.dll]  [Symantec Corporation, 12.2.0.13]
[PID: 1636][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1812][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 816][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 960][C:\Program Files\Norton AntiVirus\navapsvc.exe]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Norton AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Norton AntiVirus\navapsvc.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\N32Exclu.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll]  [Symantec Corporation, 3.1.30.0]
[PID: 1108][C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Norton AntiVirus\IWP\iwp.dll]  [Symantec Corporation, 12.2.0.13]
[PID: 1112][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5303]
[PID: 1208][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 24]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 0, 0, 21]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 3]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 1, 0, 0, 6]
[PID: 1564][D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  [rising, 17, 0, 0, 1]

【回复“yuhaifa”的帖子】

[PID: 1604][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2300][C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.7.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCJSBL.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Norton AntiVirus\avFPXY.dll]  [Symantec Corporation, 2006.1.4.4]
    [C:\Program Files\Norton AntiVirus\avFMST.dll]  [Symantec Corporation, 2006.1.4.4]
    [C:\Program Files\Norton AntiVirus\avNSCPlg.dll]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Norton AntiVirus\avNSCPlg.loc]  [Symantec Corporation, 12.2.0.13]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.LOC]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll]  [Symantec Corporation, 2006.1.5.17]
    [C:\Program Files\Norton AntiVirus\NAVEvent.dll]  [Symantec Corporation, 12.2.0.13]
[PID: 1896][C:\WINDOWS\System32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 3332][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [D:\Program Files\rising\Rav\RavScrCh.dll]  [, 17, 0, 0, 7]
    [C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [C:\Program Files\Internet Explorer\Engine.dll]  [rising, 16, 0, 0, 56]
    [C:\Program Files\Internet Explorer\LibLoad.dll]  [Rising, 16, 0, 0, 34]
    [C:\Program Files\Internet Explorer\StoreDll.dll]  [Beijing Rising Technology Co., Ltd., 13, 42, 0, 4]
    [C:\Program Files\Internet Explorer\ScanFile.dll]  [rising, 16, 0, 0, 52]
    [C:\Program Files\Internet Explorer\PostTrt.dll]  [Rising, 16, 0, 0, 27]
    [C:\Program Files\Internet Explorer\PostTrtX.dll]  [瑞星科技股份有限公司, 16, 0, 0, 10]
    [C:\Program Files\Internet Explorer\ExtFile.dll]  [RiSing, 16, 0, 0, 28]
    [C:\Program Files\Internet Explorer\ExtMail.dll]  [rising, 16, 0, 0, 31]
    [C:\Program Files\Internet Explorer\ScanEx.dll]  [rising, 16, 0, 0, 62]
    [C:\Program Files\Internet Explorer\UnMacro.dll]  [rising, 16, 0, 0, 10]
    [C:\Program Files\Internet Explorer\UnExe.dll]  [Rising, 16, 0, 0, 36]
    [C:\Program Files\Internet Explorer\UnMail.dll]  [rising, 16, 0, 0, 7]
    [C:\Program Files\Internet Explorer\BtEngine.dll]  [rising, 16, 0, 0, 31]
    [C:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\RavWeb\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\RavWeb\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2384][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCEXT.DLL]  [Symantec Corporation, 2006.1.5.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCEXT.LOC]  [Symantec Corporation, 2006.1.5.17]
    [C:\WINDOWS\System32\ansi.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5303]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10031]
[PID: 2836][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [D:\Program Files\rising\Rav\RavScrCh.dll]  [, 17, 0, 0, 7]
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 2752][C:\Documents and Settings\sy89\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
[PID: 2596][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================