瑞星卡卡安全论坛

自己原先的帐户还在，但多了个用户名为pywl$的帐号还是带密码的，我的电脑是不是被人入侵了啊，论坛高手帮帮忙谢谢~~~~~

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

应该是中病毒了  升级杀毒软件全盘杀毒吧。

你本身的电脑用户设密了么?如果设了密,有可能是你的同事或家人,因你不在旁,而又要你电脑内的东西,创立了一个账号,忘了删除留下的,

忘了一句,要创立账户,(指在你电脑上),有两中方法,最间单的一种需要你的系统盘是FAT32格式化的,如果你不是FAT32格式化的,那难度大了好多

感谢大家的回答，删除后没了但是明显机子中了木马，出现一些原先没有的进程。且容易cpu100%，根据阿福提供的软件扫描下，帮忙看看谢！
[CODE]

2008-11-01,16:06:25

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit Desktop Search><; D:\工具软件\MagicSet\srsearch.exe>  []
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <MINI_BFYY><D:\工具软件\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [File is missing]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <QuickTime Task><; "D:\工具软件\quicktime\qttask.exe" -atboottime>  [Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><ieprot.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{189F087F-4378-405F-85FA-37D955AD7A8C}><C:\WINDOWS\system32\mtewdh.dll>  [File is missing]
    <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll>  [File is missing]
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [File is missing]
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  [File is missing]
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  [File is missing]
    <{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>  [File is missing]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  [File is missing]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><>  [N/A]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><>  [N/A]
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dndsaf.dll>  [File is missing]
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <{00150015-0015-0015-0015-00150015BB15}><C:\WINDOWS\system32\ztvbdigg.dll>  [File is missing]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <ztvbdigg.dll><C:\WINDOWS\system32\ztvbdigg.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /HideWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
    <IFEO[ACKWIN32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
    <IFEO[ANTI-TROJAN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
    <IFEO[APVXDWIN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
    <IFEO[AVE32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
    <IFEO[AVGCTRL.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
    <IFEO[AVKSERV.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]
    <IFEO[AVNT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
    <IFEO[AVP32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
    <IFEO[AVPCC.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
    <IFEO[AVPDOS32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
    <IFEO[AVPTC32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
    <IFEO[AVPUPD.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
    <IFEO[AVSCHED32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
    <IFEO[AVWIN95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
    <IFEO[AVWUPD32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
    <IFEO[BLACKD.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
    <IFEO[BLACKICE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
    <IFEO[CFIADMIN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
    <IFEO[CFIAUDIT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
    <IFEO[CFINET.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
    <IFEO[CFINET32.EXE]><ntsd -d>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
    <IFEO[CLAW95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
    <IFEO[CLAW95CF.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
    <IFEO[CLEANER.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
    <IFEO[CLEANER3.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
    <IFEO[DVP95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
    <IFEO[DVP95_0.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
    <IFEO[ECENGINE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
    <IFEO[ESAFE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
    <IFEO[EXPWATCH.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
    <IFEO[F-AGNT95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
    <IFEO[F-PROT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
    <IFEO[F-PROT95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
    <IFEO[F-STOPW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
    <IFEO[FESCUE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
    <IFEO[FINDVIRU.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
    <IFEO[FP-WIN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
    <IFEO[FPROT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
    <IFEO[FRW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
    <IFEO[IAMAPP.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
    <IFEO[IAMSERV.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
    <IFEO[IBMASN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
    <IFEO[IBMAVSP.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
    <IFEO[ICLOAD95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
    <IFEO[ICLOADNT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
    <IFEO[ICMON.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
    <IFEO[ICSUPP95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
    <IFEO[ICSUPPNT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
    <IFEO[IFACE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
    <IFEO[IOMON98.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
    <IFEO[JEDI.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
    <IFEO[KVFW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
    <IFEO[KWatchUI.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]
    <IFEO[LOCKDOWN2000.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
    <IFEO[Logo1_.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe]
    <IFEO[Logo_1.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
    <IFEO[LOOKOUT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
    <IFEO[LUALL.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
    <IFEO[MOOLIVE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
    <IFEO[MPFTRAY.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
    <IFEO[N32SCANW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
    <IFEO[NAVLU32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
    <IFEO[NAVNT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
    <IFEO[navw32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
    <IFEO[NAVWNT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
    <IFEO[NISUM.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
    <IFEO[NORMIST.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
    <IFEO[NUPGRADE.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
    <IFEO[NVC95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
    <IFEO[PAVCL.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
    <IFEO[PAVSCHED.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
    <IFEO[PAVW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
    <IFEO[PCCWIN98.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
    <IFEO[PCFWALLICON.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
    <IFEO[PERSFW.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
    <IFEO[RAV7.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
    <IFEO[RAV7WIN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
    <IFEO[SAFEWEB.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
    <IFEO[SCAN95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
    <IFEO[SCANPM.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
    <IFEO[SCRSCAN.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
    <IFEO[SERV95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
    <IFEO[SMC.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
    <IFEO[SPHINX.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
    <IFEO[SWEEP95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
    <IFEO[TDS2-98.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
    <IFEO[TDS2-NT.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
    <IFEO[VET95.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
    <IFEO[VETTRAY.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
    <IFEO[VSCAN40.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
    <IFEO[VSECOMR.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
    <IFEO[VSHWIN32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
    <IFEO[WFINDV32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
    <IFEO[ZONEALARM.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
    <IFEO[_AVP32.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
    <IFEO[_AVPCC.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
    <IFEO[_AVPM.EXE]><ntsd -d>  [N/A]
  <C:\WINDOWS\system32\mch.exe><N/A>
[MS Media Control Center2122344 / MediaCenter11223322][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k krnlsrvc-->C:\WINDOWS\system32\RxmutnC.dll><N/A>
[nbs / nbs][Stopped/Auto Start]
  <C:\WINDOWS\system32\nbs.exe><N/A>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[RiSing KaKa Driver11111 / RiSingKaKa1111][Stopped/Auto Start]
  <C:\WINDOWS\system32\bootini.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[5329ed20cba38711 / 5329ed20cba38711][Stopped/Manual Start]
  <\??\C:\5329ed20cba38711.dat><N/A>
[9164ded830954209 / 9164ded830954209][Stopped/Manual Start]
  <\??\C:\9164ded830954209.dat><N/A>
[95bf427cf3311eff / 95bf427cf3311eff][Stopped/Manual Start]
  <\??\C:\95bf427cf3311eff.dat><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ca22c62885f9c933 / ca22c62885f9c933][Stopped/Manual Start]
  <\??\C:\ca22c62885f9c933.dat><N/A>
[NETDVR TV Capture WDM Video Captures / Cap7134][Running/Manual Start]
  <system32\DRIVERS\Cap7134.sys><SHENZHEN DIGITAL GRAPHICS CO., LTD.>
[CdnHook / CdnHook][Running/System Start]
  <System32\drivers\cdnhook.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]

<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\工具软件\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[NETDVR TV Value, WDM TVTuner / PhTVTune][Running/Manual Start]
  <system32\DRIVERS\PhTVTune.sys><Philips Semiconductors>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R2A / R2A][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sys_flt / sys_flt][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ZJ00\LOCALS~1\Temp\~25.tmp><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\工具软件\Thunder5.8.2.515\Thunder.exe, Thunder Networking Technologies,LTD>
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <D:\工具软件\quicktime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\工具软件\Thunder5.8.2.515\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\110~1.262\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >

[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\工具软件\Thunder5.8.2.515\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(95).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\工具软件\Thunder5.8.2.515\Components\DownAndPlay\DapPlayer3.0.5712.71.95.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(95).dll, Xunlei Networking Technologies,LTD>
[FG2CatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm, N/A>
[&使用暴风下载器下载]
  <D:\工具软件\Storm Downloader\geturl.htm, N/A>
[使用“文语通”朗读选定内容]
  <C:\Program Files\iFly Info Tek\iReader2.0\\ir_Select.htm, N/A>
[使用“文语通”朗读链接]
  <C:\Program Files\iFly Info Tek\iReader2.0\\ir_Link.htm, N/A>
[使用迅雷下载]
  <D:\工具软件\Thunder5.8.2.515\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\工具软件\Thunder5.8.2.515\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 96]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[PID: 1272 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 1464 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1688 / ZJ00][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\工具软件\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1776 / ZJ00][D:\工具软件\Storm Downloader\StormDownloader.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [D:\工具软件\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 1788 / ZJ00][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 1796 / ZJ00][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3275]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 2012 / ZJ00][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 2028 / ZJ00][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

==================================
启动文件夹
[PPS]
  <C:\Documents and Settings\ZJ00\「开始」菜单\程序\启动\PPS.lnk --> C:\PROGRA~1\PPStream\PPStream.exe [PPStream Inc.]><H>

==================================
服务
[Windows Audioservers / AudioServers][Stopped/Auto Start]
  <C:\WINDOWS\system32\sorcke.exe><N/A>
[BoBoTurbo / BoBoTurbo][Stopped/Disabled]
  <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe><广州易播信息科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[imbs / imbs][Running/Auto Start]
  <C:\WINDOWS\system32\imbs.exe><N/A>
[mch / mch][Stopped/Auto Start]


    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2040 / ZJ00][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 1696 / SYSTEM][C:\WINDOWS\system32\imbs.exe]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 2324 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 2636 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3516 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 3760 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 3696 / ZJ00][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
[PID: 3668 / ZJ00][D:\waigua\2.7.0.1210 版本\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3816 / ZJ00][D:\waigua\2.7.0.1210 版本\SREb133eb65.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [D:\waigua\2.7.0.1210 版本\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1788, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1796, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3668, D:\WAIGUA\2.7.0.1210 版本\SRENGLDR.EXE]

==================================
计划任务
[已启用] AppleSoftwareUpdate.job
        C:\Program Files\Apple Software Update\SoftwareUpdate.exe

启动项目 －－ 注册表之如下项删除：
   
<{189F087F-4378-405F-85FA-37D955AD7A8C}><C:\WINDOWS\system32\mtewdh.dll>  [File is missing]
    <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll>  [File is missing]
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [File is missing]
    <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll>  [File is missing]
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll>  [File is missing]
    <{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>  [File is missing]
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  [File is missing]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><>  [N/A]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><>  [N/A]
    <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dndsaf.dll>  [File is missing]
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <{00150015-0015-0015-0015-00150015BB15}><C:\WINDOWS\system32\ztvbdigg.dll>  [File is missing]
    <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll>  [File is missing]
    <ztvbdigg.dll><C:\WINDOWS\system32\ztvbdigg.dll>  [File is missing]
启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
选中有问题的驱动/服务后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务）


启动项目 －－ 服务－－ 驱动程序之如下项删除：
(选中有问题的驱动/服务后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务）

[5329ed20cba38711 / 5329ed20cba38711][Stopped/Manual Start]
  <\??\C:\5329ed20cba38711.dat><N/A>
[9164ded830954209 / 9164ded830954209][Stopped/Manual Start]
  <\??\C:\9164ded830954209.dat><N/A>
[95bf427cf3311eff / 95bf427cf3311eff][Stopped/Manual Start]
  <\??\C:\95bf427cf3311eff.dat><N/A>
[RiSing KaKa Driver11111 / RiSingKaKa1111][Stopped/Auto Start]
  <C:\WINDOWS\system32\bootini.exe><N/A>
[ca22c62885f9c933 / ca22c62885f9c933][Stopped/Manual Start]
  <\??\C:\ca22c62885f9c933.dat><N/A>
[sys_flt / sys_flt][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ZJ00\LOCALS~1\Temp\~25.tmp><N/A>


附件清除映像劫持项

附件: 映像劫持修复工具.rar