瑞星卡卡安全论坛

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TBMonEx><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
    <inudhya><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\soundma.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exE>  []
    <NAVMon32><C:\WINDOWS\NAVMon32.exE>  []
    <NVDispDrv><C:\WINDOWS\vxaknk.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll>  []
    <{00C5102A-E519-4187-ADF4-B4E313A99947}><>  [N/A]
    <{992FADFA-BCDE-ACDF-CDEF-21054865CBA9}><C:\WINDOWS\Fonts\wsmsgzx.dll>  []
    <{54909874-8982-F344-A322-7898787FA745}><C:\WINDOWS\Fonts\swjqezc.dll>  []
    <{6598FF45-DA60-F48A-BC43-10AC47853D56}><C:\WINDOWS\Fonts\rarjfpi.dll>  []
    <{3D098345-9012-8750-8910-9128098134D3}><C:\WINDOWS\Fonts\jsqxcyc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
    <IFEO[ACKWIN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
    <IFEO[ANTI-TROJAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
    <IFEO[APVXDWIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\asktao.mod]
    <IFEO[asktao.mod]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdlm.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
    <IFEO[AUTODOWN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
    <IFEO[AVCONSOL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
    <IFEO[AVE32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
    <IFEO[AVGCTRL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
    <IFEO[AVKSERV.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

IFEO[AVNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
    <IFEO[AVP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
    <IFEO[AVP32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
    <IFEO[AVPCC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
    <IFEO[AVPDOS32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE]
    <IFEO[AVPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
    <IFEO[AVPTC32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
    <IFEO[AVPUPD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
    <IFEO[AVSCHED32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
    <IFEO[AVWIN95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
    <IFEO[AVWUPD32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
    <IFEO[BLACKD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
    <IFEO[BLACKICE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
    <IFEO[CFIADMIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
    <IFEO[CFIAUDIT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
    <IFEO[CFINET.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
    <IFEO[CFINET32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
    <IFEO[CLAW95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
    <IFEO[CLAW95CF.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
    <IFEO[CLEANER.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
    <IFEO[CLEANER3.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
    <IFEO[DVP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
    <IFEO[DVP95_0.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
    <IFEO[ECENGINE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE]
    <IFEO[EGHOST.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
    <IFEO[ESAFE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
    <IFEO[EXPWATCH.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
    <IFEO[F-AGNT95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
    <IFEO[F-PROT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
    <IFEO[F-PROT95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
    <IFEO[F-STOPW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
    <IFEO[FESCUE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
    <IFEO[FINDVIRU.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
    <IFEO[FP-WIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
    <IFEO[FPROT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
    <IFEO[FRW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
    <IFEO[IAMAPP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
    <IFEO[IAMSERV.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
    <IFEO[IBMASN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
    <IFEO[IBMAVSP.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
    <IFEO[ICLOAD95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
    <IFEO[ICLOADNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
    <IFEO[ICMON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
    <IFEO[ICSUPP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
    <IFEO[ICSUPPNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
    <IFEO[IFACE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
    <IFEO[IOMON98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
    <IFEO[JEDI.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]

<IFEO[KAVPFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe]
    <IFEO[KAVsvc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe]
    <IFEO[KAVSvcUI.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
    <IFEO[KVFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe]
    <IFEO[KVwsc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
    <IFEO[KWatchUI.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]
    <IFEO[LOCKDOWN2000.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
    <IFEO[Logo1_.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
    <IFEO[Logo_1.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
    <IFEO[LOOKOUT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
    <IFEO[LUALL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAILMON.EXE]
    <IFEO[MAILMON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
    <IFEO[MOOLIVE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
    <IFEO[MPFTRAY.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my.exe]
    <IFEO[my.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmh.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
    <IFEO[N32SCANW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
    <IFEO[NAVLU32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
    <IFEO[NAVNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
    <IFEO[navw32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
    <IFEO[NAVWNT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
    <IFEO[NISUM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.exe]
    <IFEO[NMain.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
    <IFEO[NORMIST.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
    <IFEO[NUPGRADE.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
    <IFEO[NVC95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
    <IFEO[PAVCL.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
    <IFEO[PAVSCHED.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
    <IFEO[PAVW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
    <IFEO[PCCWIN98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
    <IFEO[PCFWALLICON.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
    <IFEO[PERSFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]

<IFEO[PFW.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Play.exe]
    <IFEO[Play.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmy.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
    <IFEO[RAV7.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
    <IFEO[RAV7WIN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe]
    <IFEO[RAVmon.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe]
    <IFEO[RAVmonD.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe]
    <IFEO[RAVtimer.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe]
    <IFEO[Rising.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
    <IFEO[SAFEWEB.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE]
    <IFEO[SCAN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
    <IFEO[SCAN95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
    <IFEO[SCANPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
    <IFEO[SCRSCAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
    <IFEO[SERV95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
    <IFEO[SMC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
    <IFEO[SPHINX.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
    <IFEO[SWEEP95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE]
    <IFEO[TBSCAN.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE]
    <IFEO[TCA.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
    <IFEO[TDS2-98.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
    <IFEO[TDS2-NT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE]
    <IFEO[THGUARD.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe]
    <IFEO[TrojanHunter.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
    <IFEO[VET95.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
    <IFEO[VETTRAY.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
    <IFEO[VSCAN40.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
    <IFEO[VSECOMR.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
    <IFEO[VSHWIN32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE]
    <IFEO[VSSTAT.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE]
    <IFEO[WEBSCANX.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
    <IFEO[WFINDV32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
    <IFEO[ZONEALARM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
    <IFEO[_AVP32.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
    <IFEO[_AVPCC.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
    <IFEO[_AVPM.EXE]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.exe]
    <IFEO[修复工具.exe]><C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe>  []

==================================
启动文件夹
N/A

服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[lerdoj / lerdoj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lerdoj.sys><N/A>
[mseqsy / mseqsy][Running/Auto Start]
  <system32\DRIVERS\msacpe.sys><N/A>
[msskye / msskye][Running/Auto Start]
  <system32\DRIVERS\msaclue.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 564 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 920 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1020 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1168 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1468 / Administrator][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1804 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 1812 / Administrator][C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe]  [N/A, ]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
[PID: 1980 / Administrator][c:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
[PID: 392 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 524 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 1756 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\System32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\System32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\System32\oqnauhc.dll]  [N/A, ]

[PID: 2520 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
[PID: 2636 / Administrator][c:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 2992 / Administrator][d:\软件\日志\srengps.exe]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijiq.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\niluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\gjcsdyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\jsqxcyc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\wsmsgzx.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\swjqezc.dll]  [N/A, ]
    [C:\WINDOWS\Fonts\rarjfpi.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[D:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[E:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com
124.238.254.113        www.10280011.com
124.238.254.113        10280011.com
124.238.254.113        www.10289900.com
124.238.254.113        10289900.com
124.238.254.113        www.78877788.com
124.238.254.113        78877788.com
124.238.254.113        www.11051122.com
124.238.254.113        11051122.com
124.238.254.113        1.ehai01.com
124.238.254.113        da.ehai01.com
124.238.254.113        ehai01.com
124.238.254.113        2008.sekart.cn
124.238.254.113        www.sekart.cn
124.238.254.113        sekart.cn
124.238.254.113        www.11309988.com
124.238.254.113        www.12100088.com
124.238.254.113        www.12108899.com
124.238.254.113        d2.llsging.com
124.238.254.113            llsging.com
124.238.254.113        dd.749571.com
124.238.254.113            749571.com
124.238.254.113        pr.749571.com
124.238.254.113            txwm1204.com
124.238.254.113        www.txwm1204.com

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1812, C:\WINDOWS\FONTS\00-0F-3D-A0-74-12\SYSTEM\WDFMGR.EXE]

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\NVDispDrv.dll)
入口点错误：FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
N/A

==================================


[/CODE]

好长的日志，好多劫持项。。。。。。
建议lz把日志完整的复制到记事本里，把记事本作为附件上传

附件

附件: 7595512008124144804.txt

***注意：操作期间切勿双击分区盘符，应使用资源管理器（或WinRAR）或者右键打开以浏览各分区***


1，文件夹选项设置中反选隐藏系统保护文件项，勾选显示所有文件用资源管理器进入到c:\windows\system32\dllcache文件夹下复制userinit.exe文件替换原系统c:\windows\system32\下的userinit.exe


2，用SRE修复以下：
启动项目-服务-驱动程序之如下删除：
[lerdoj / lerdoj]
[mseqsy / mseqsy]
[msskye / msskye]


3，用XDelBox软件以抑制再生方式删除以下文件：
删除文件
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\soundma.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\WinForm.exE
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\vxaknk.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\Fonts\gjcsdyc.dll
C:\WINDOWS\Fonts\wsmsgzx.dll
C:\WINDOWS\Fonts\swjqezc.dll
C:\WINDOWS\Fonts\rarjfpi.dll
C:\WINDOWS\Fonts\jsqxcyc.dll
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdfmgr.exe
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\wdlm.exe
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmh.exe
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\lmmy.exe
C:\WINDOWS\System32\drivers\lerdoj.sys
C:\WINDOWS\system32\DRIVERS\msacpe.sys
C:\WINDOWS\system32\DRIVERS\msaclue.sys
C:\WINDOWS\system32\IEBHO.dll
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll
C:\WINDOWS\Fonts\gjcsdyc.dll
C:\WINDOWS\Fonts\wsmsgzx.dll
C:\WINDOWS\Fonts\swjqezc.dll
C:\WINDOWS\Fonts\rarjfpi.dll
C:\WINDOWS\Fonts\jsqxcyc.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\Fonts\00-0F-3D-A0-74-12\system\inudhya.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\WinForm.dll
C:\WINDOWS\system32\NVDispDrv.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\NAVMon32.dll
C:\WINDOWS\system32\ijiq.dll
C:\WINDOWS\system32\ijougiemnaw.dll
C:\WINDOWS\system32\niluw.dll
C:\WINDOWS\system32\naixuhz.dll
C:\WINDOWS\system32\oqnauhc.dll
c:\autorun.inf
d:\autorun.inf
e:\autorun.inf
c:\ntldr.exe
d:\ntldr.exe
e:\ntldr.exe


3，重起删除文件后用SRE修复以下：
启动项目-注册表之如下删除：
<TBMonEx>
<inudhya>
<upxdnd>
<LotusHlp>
<PTSShell>
<WinForm>
<NAVMon32>
<NVDispDrv>
<DbgHlp32>
<{4FA10261-B890-F432-A453-69F1023513F4}>
<{00C5102A-E519-4187-ADF4-B4E313A99947}>
<{992FADFA-BCDE-ACDF-CDEF-21054865CBA9}>
<{54909874-8982-F344-A322-7898787FA745}>
<{6598FF45-DA60-F48A-BC43-10AC47853D56}>
<{3D098345-9012-8750-8910-9128098134D3}>

**注意：请下载附件中System Detector.rar软件，打开后依次点击工具箱-IFEO映像劫持恢复-全选-恢复（你也可以在SRE注册表下删除所有注册名前带IFEO的全部项）**

系统修复-浏览器加载项之如下删除：
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000}

系统修复-HOSTS 文件-重置-保存


4，检查系统时间是否被修改，调整到现在的时间后更新杀毒软件至最新，进行全盘杀毒

附件: 9752352008124145656.rar

过了两天我的开机后能显示桌面和任务栏,今天刚开机就不显示桌面和任务栏了

楼上在这说的什么意思呢？确定没发错地方？

```