\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll

+ oleaut32Microsoft Corporationc:\windows\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventc:\windows\system32\ati2evxx.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll

+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll

+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\system32\ssmypics.scrMy Pictures Slideshow ScreensaverMicrosoft Corporationc:\windows\system32\ssmypics.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{208F8014-A95F-45A1-B45B-A3A5A1259C46}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{208F8014-A95F-45A1-B45B-A3A5A1259C46}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C173DDDD-C42E-4290-BE6F-BBAFD2EF531B}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C173DDDD-C42E-4290-BE6F-BBAFD2EF531B}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E657FB83-294A-4616-A0F3-8870F098BF0D}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E657FB83-294A-4616-A0F3-8870F098BF0D}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9062B7F-6B41-4044-A4C1-EFF909AA4B56}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9062B7F-6B41-4044-A4C1-EFF909AA4B56}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll

+ Microsoft Document Imaging Writer MonitorMicrosoft? Document ImagingMicrosoft Corporationc:\windows\system32\mdimon.dll

+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll

+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll

保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe

+ mscfsc:\windows\system32\msibm\cfsys.dll

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe

+ SysExplrd:\program files\herosoft\hero 9\sysexplr.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ UserClient.lnkUserClient Microsoft 基础类应用程序c:\program files\pubinfo\client\userclient.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe

+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe

+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

+ SSMSSM 可实时追踪系统活动以阻止有害软件的恼人操作。System Safetyd:\program files\system safety monitor\ssmservice.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CAP ClassDTAP Modulec:\windows\system32\dtap.dll

+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 豪杰超级解霸9Hero Super Player 9Herosoftd:\program files\herosoft\hero 9\sthsdvd.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventc:\windows\system32\ati2evxx.dll

+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll

然后呢

+ mscfsc:\windows\system32\msibm\cfsys.dll
+ UserClient.lnkUserClient Microsoft 基础类应用程序c:\program files\pubinfo\client\userclient.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CAP ClassDTAP Modulec:\windows\system32\dtap.dll

删除启动项
删除c:\windows\system32\dtap.dll
c:\windows\system32\msibm\cfsys.dll
c:\program files\pubinfo\client\userclient.exe

若文件删除不了
用Unlocker工具试试
工具下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7471002

c:\program files\pubinfo\client\userclient.exe
这个是我们这里上网的客户端，好象

都删了＾
然后

不好意思
没见过，你确认没问题就不要删除了

哦，要不要重启的啊，还有这项是什么啊？
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

这个没问题
重启试试