[CODE]

2007-10-01,14:26:52

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Windows木马><>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE 微软－中星微联合实验室提供>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kafyezy.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{334345F1-DACF-3452-CB7D-4620F34A1533}><C:\WINDOWS\system32\rsztcpm.dll>  []
    <{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\system32\kawdbzy.dll>  []
    <{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\system32\rarjbpi.dll>  []
    <{4859245F-345D-BC13-AC4F-145D47DA34F4}><>  [N/A]
    <{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\system32\raqjapi.dll>  [N/A]
    <{18847374-8323-FADC-B443-4732ABCD3781}><>  [N/A]
    <{2A321487-4977-D98A-C8D5-6488257545A2}><>  [N/A]
    <{47D81718-1314-5200-2597-587901018074}><>  [N/A]
    <{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\system32\avwlbmn.dll>  []
    <{66650011-3344-6688-4899-345FABCD1566}><>  [N/A]
    <{5B681598-AD5F-BC8C-77DC-748FAC8D3FB5}><C:\WINDOWS\system32\kafyezy.dll>  []
    <{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\system32\kvdxcma.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[BoBoTurbo / BoBoTurbo][Running/Auto Start]
  <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe><广州易播信息科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Telephots google / WindowsDo][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\腾讯QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\QQ\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[微软－中星微联合实验室提供 / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[PhotoUploadCtrlMini Control]
  {D9306BD1-2325-4C28-8632-B02330C1BB02} <C:\WINDOWS\system32\PHOTOU~1.OCX, 广州网易互动娱乐有限公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\迅雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <E:\迅雷\DownAndPlay\DapPlayer3.0.11.17.dll, ShenZhen Thunder Networking Technologies Ltd.>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\迅雷\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\江民专杀\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[PhotoUploadCtrlMini Control]
  {D9306BD1-2325-4C28-8632-B02330C1BB02} <C:\WINDOWS\system32\PHOTOU~1.OCX, 广州网易互动娱乐有限公司>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用Web迅雷下载]
  <E:\迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <E:\迅雷\GetAllUrl.htm, N/A>
[使用网际快车下载]
  <, N/A>
[使用网际快车下载全部链接]
  <, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 564 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 772 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 896 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
[PID: 912 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 1096 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 1140 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1244 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [C:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [C:\Program Files\Rising\Rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [C:\Program Files\Rising\Rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]

[PID: 1368 / user][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [E:\backup\FTCSET~1\WINDOW~1.8上\ftcsetup\Commenu.dll]  [Fygsoft and Microsoft, 3.0.0.63]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1520 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 1592 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 1792 / user][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,2082]
[PID: 1808 / user][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
[PID: 1820 / user][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.22]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 1832 / user][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 1840 / user][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
[PID: 1880 / user][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
[PID: 1888 / user][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 1932 / SYSTEM][C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe]  [广州易播信息科技有限公司, 1, 1, 903, 2]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
[PID: 196 / user][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 336 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 344 / user][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 440 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
[PID: 2288 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2856 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
[PID: 3208 / user][D:\江民专杀\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\system32\rarjbpi.dll]  [N/A, ]
    [D:\江民专杀\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\kafyezy.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1820, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1820, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1832, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1840, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1880, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1888, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1888, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 196, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 196, C:\WINDOWS\VM_STI.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

先下载XDelbox1.5删除工具: http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902
打开XDelbox1.5勾选“抑制再生”、“备份文件”（为误操作留条后路）。把以下路径添加进去(或者复制下面路径然后点xdelbox右键"从剪贴板导入),然后点右键,立即重启并删除.(如果提示不存在点确定就是)
C:\WINDOWS\system32\rarjbpi.dll
C:\WINDOWS\system32\rsztcpm.dll
C:\WINDOWS\system32\kawdbzy.dll
C:\WINDOWS\system32\avwlbmn.dll
C:\WINDOWS\system32\kafyezy.dll
C:\WINDOWS\system32\kvdxcma.dll
C:\WINDOWS\system32\raqjapi.dll
C:\WINDOWS\system32\servet.exe
重启电脑后，让电脑自动进入“GO XDELBOX***”杀灭以上文件后登陆系统（中途不要干涉）
删除完后重启计算机时按F8进入安全模式:
(如果进不了就进正常模式)
打开sreng
启动项目--注册表--删除如下项目:
<{334345F1-DACF-3452-CB7D-4620F34A1533}><C:\WINDOWS\system32\rsztcpm.dll> []
<{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\system32\kawdbzy.dll> []
<{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\system32\rarjbpi.dll> []
<{4859245F-345D-BC13-AC4F-145D47DA34F4}><> [N/A]
<{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\system32\raqjapi.dll> [N/A]
<{18847374-8323-FADC-B443-4732ABCD3781}><> [N/A]
<{2A321487-4977-D98A-C8D5-6488257545A2}><> [N/A]
<{47D81718-1314-5200-2597-587901018074}><> [N/A]
<{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\system32\avwlbmn.dll> []
<{66650011-3344-6688-4899-345FABCD1566}><> [N/A]
<{5B681598-AD5F-BC8C-77DC-748FAC8D3FB5}><C:\WINDOWS\system32\kafyezy.dll> []
<{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\system32\kvdxcma.dll> []
<Windows木马><> [N/A]
双击<AppInit_DLLs>把><kafyezy.dll>删除掉.确定.
打开sreng
点击启动项目--服务--Win32服务应用程序-- 勾选“隐藏经认证的微软项目”
等待列表出来之后点击以下项目.然后选中下面的 “删除服务” 并单击设置按钮
在弹出的框中点“否”
[Telephots google / WindowsDo][Stopped/Auto Start]
<C:\WINDOWS\system32\servet.exe><N/A>
下载 arswp清理助手: http://www.arswp.com/
打开arswp--高级模式--清理相关--临时文件--开始清理
打开arswp--高级模式--定制扫描--完整扫描,扫描所有文件--开始扫描.

【回复“没有梦想的男人”的帖子】
终于杀掉了这毒了..没有看不懂的操作,很详细..谢谢大侠...

我用卡巴
不错，用的我直想升级电脑。