==================================
正在运行的进程
[PID: 380 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1044 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 22]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 57]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1380 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\pxc25pm.dll]  [Tracker Software, 2.50.0002]
[PID: 1744 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]

[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1868 / SYSTEM][C:\Program Files\Borland\InterBase\bin\ibguard.exe]  [Borland Software Corporation, WI-V6.5.0.28]
    [C:\WINDOWS\system32\gds32.dll]  [Borland Software Corporation, WI-V6.5.0.28]
[PID: 1936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 120 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 304 / SYSTEM][C:\Program Files\Canon\CAL\CALMAIN.exe]  [Canon Inc., 8, 1, 0, 14]
[PID: 424 / SYSTEM][C:\Program Files\Borland\InterBase\bin\ibserver.exe]  [Borland Software Corporation, WI-V6.5.0.28]
[PID: 528 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476 / user][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
[PID: 1204 / user][C:\Program Files\Ringz Studio\Storm Codec\qttask.exe]  [Apple Computer, Inc., 7.1.5]
[PID: 1268 / user][C:\iTunesHelper.exe]  [Apple Inc., 7.1.1.5]
    [C:\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 7.1.1.1]
    [C:\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 7.1.1.5]
[PID: 496 / user][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 6, 3, 1001]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [C:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1021]
[PID: 1324 / user][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 492 / user][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
[PID: 1360 / user][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
[PID: 1564 / user][C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe]  [Tracker Software Products Ltd., 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\dscrt30.dll]  [Tracker Software Products Ltd., 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\ixclib30.dll]  [Tracker Software Products, 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\xccdx30.dll]  [Tracker Software Products, 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\PXCLIB30.DLL]  [Tracker Software Products, 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\fm30base.dll]  [Tracker Software Products Ltd., 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\Fm30Tiff.dll]  [Tracker Software, 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\fm30xmf.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\xcloc30.dll]  [Tracker Software Products Ltd., 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\xcpro30.dll]  [Tracker Software Products, 3.30.0063]
    [C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\xcpars30.dll]  [Tracker Software Products, 3.30.0063]
[PID: 1980 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 7.1.1.5]
    [C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 7.1.1.1]
    [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 7.1.1.5]
[PID: 2572 / user][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
    [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 10.00.00.3802]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1472 / user][C:\Documents and Settings\user\桌面\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 3, 1001]
    [C:\Documents and Settings\user\桌面\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 476, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1204, C:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\QTTASK.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 496, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 496, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1324, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 492, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1564, C:\PROGRAM FILES\TRACKER SOFTWARE\PDF-XCHANGE 3\PDFSAVER\PDFSAVER3.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

拜托版主及各位大侠了！！！

看看是什么妖魔鬼怪病毒！！！

Help me！

删除服务
[Automatic Updates / wuauserv][Stopped/Auto Start]
<C:\WINDOWS\system32\drivers\svchost.exe><N/A>

删除驱动服务
[3563125 / 3563125][Running/]
<2 - 系统找不到指定的文件。
><N/A>

删除浏览器加载项
[]
{0D164A8D-1863-4A4C-8BA8-A7EB2AC2210B} <C:\WINDOWS\system32\Mrto.dll, N/A>
[]
{0E0422B3-55DB-4A5C-93A6-D844D6497C3F} <C:\WINDOWS\system32\Vtya.dll, N/A>
[]
{28625DFA-5007-4ED4-B21B-88B893FE0223} <C:\WINDOWS\system32\Raipz.dll, N/A>
[]
{306FD213-7BCD-4D86-AB6A-BB5D1CF2A277} <C:\WINDOWS\system32\Fuweko.dll, N/A>
[]
{30713E9A-41F5-4C96-A121-A82803EEE5C6} <C:\WINDOWS\system32\Parlu.dll, N/A>
[]
{3095CAAD-CB48-4842-BAA1-932277F4E0D8} <C:\WINDOWS\system32\Ehdm.dll, N/A>
[]
{3E0CE35A-D9E2-4514-BDC0-F5C036CEC4E4} <C:\WINDOWS\system32\Sswdo.dll, N/A>
[]
{458EF571-B383-4B91-8746-298715B206BF} <C:\WINDOWS\system32\Eclz.dll, N/A>
[]
{461D44D0-2E87-4995-9C42-E136946ABD49} <C:\WINDOWS\system32\Uwabi.dll, N/A>
[]
{53915062-463F-4DCB-B1CD-1FE13D9B0136} <C:\WINDOWS\system32\Kyqqd.dll, N/A>
[]
{58B5D013-E0D4-4EAE-AD24-7166261468F0} <C:\WINDOWS\system32\Orwth.dll, N/A>
[]
{600B28CA-C637-44F2-9818-119AC8638E64} <C:\WINDOWS\system32\Ctcnvg.dll, N/A>
[]
{60B5B6B5-92B9-44EB-B164-879A26BA10DC} <C:\WINDOWS\system32\Adtlr.dll, N/A>
[]
{6450E802-BF72-498A-B21F-EC4C5AB35ECB} <C:\WINDOWS\system32\Myqk.dll, N/A>
[]
{77DD82EC-E796-48B2-ABDE-11BC140F76CC} <C:\WINDOWS\system32\Tjxnj.dll, N/A>
[]
{7858C3B7-7304-4847-9151-8CE80149A1F5} <C:\WINDOWS\system32\Orkpi.dll, N/A>
[]
{79FA32ED-C34A-460C-93A1-2B35EE92E0B8} <C:\WINDOWS\system32\Pzacj.dll, N/A>
[]
{80616E39-FCEC-4F81-ABF5-17714F0D2D5D} <C:\WINDOWS\system32\Vtwotk.dll, N/A>
[]
{80AFF2AC-DA79-410C-9BC7-513571443608} <C:\WINDOWS\system32\Lmwh.dll, N/A>
[]
{8353FE60-F3E3-4F68-A179-17BAFD2731D3} <C:\WINDOWS\system32\Tdyq.dll, N/A>
[]
{8A1AF3F9-0B87-4AD7-90CD-DCB9A1539CFA} <C:\WINDOWS\system32\Uuljoo.dll, N/A>
[]
{8BBD4113-7A6E-40D6-A38C-75FD88EEE810} <C:\WINDOWS\system32\Ifghf.dll, N/A>
[]
{9B57CFBE-8094-46FC-A7C7-6C7BDC264123} <C:\WINDOWS\system32\Gycd.dll, N/A>
[]
{B109AFFF-C12E-4DCE-BCD2-6F242AAD2CEC} <C:\WINDOWS\system32\Ssgc.dll, N/A>
[NavigatMon Class]
[]
{BDABB5B1-1C38-460D-A956-44C71C06400B} <C:\WINDOWS\system32\Rsawo.dll, N/A>
[]
{C114EC12-9744-45FA-90B8-5970361FD716} <C:\WINDOWS\system32\Wxcl.dll, N/A>
[]
{C2BDC11A-49A4-40CE-8BDE-BFF993FED10A} <C:\WINDOWS\system32\Jmfr.dll, N/A>
[]
{C5033A90-E31F-4BB5-9076-4162A97EEBC0} <C:\WINDOWS\system32\Nhzubc.dll, N/A>
[]
{C76892EF-657B-4DEF-9E5E-B089BD4787FA} <C:\WINDOWS\system32\Kvkqe.dll, N/A>
[]
{CA28A602-D81A-4B35-80CB-D698D8463A61} <C:\WINDOWS\system32\Qaqck.dll, N/A>
[]
{CF329EF3-5EEE-4D28-8EBA-F3BFD2B7AE5F} <C:\WINDOWS\system32\Rtbdqq.dll, N/A>
[]
{D8D136A5-C7DF-4D51-A755-25B1ABBB2F80} <C:\WINDOWS\system32\Wsbx.dll, N/A>
[]
{DA1E26EF-D369-4041-974B-851D6AF608D5} <C:\WINDOWS\system32\Fxdhi.dll, N/A>
[]
{DC3CB21D-5F24-4B61-A5F0-EF5A924AC332} <C:\WINDOWS\system32\Hbmm.dll, N/A>
[]
{DD7F48FD-C56A-4FD6-B8D3-E2F90A4A4228} <C:\WINDOWS\system32\Ftcb.dll, N/A>
[]
{DFA8D100-E7F0-4CB1-9817-0D8B01991AAD} <C:\WINDOWS\system32\Vhyzxc.dll, N/A>
[]
{F0909FD3-2FD7-440F-814B-D4D1D44DD2F0} <C:\WINDOWS\system32\Bmwh.dll, N/A>
[]
{F419BDCB-505B-42F7-BC04-F2E4230178CE} <C:\WINDOWS\system32\Anch.dll, N/A>
[]
{F8CFDD5E-D45E-438A-97DA-B181BC2A4050} <C:\WINDOWS\system32\Wnngpr.dll, N/A>
[]
{F9F1CB1B-5610-4D1C-B487-9D7B9C1F6F5A} <C:\WINDOWS\system32\Erhbb.dll, N/A>
[]
{FB9F7DE0-6A99-4577-8EFE-583B09D3251B} <C:\WINDOWS\system32\Ppwjvt.dll, N/A>
[]
{0D164A8D-1863-4A4C-8BA8-A7EB2AC2210B} <C:\WINDOWS\system32\Mrto.dll, N/A>
[]
{0E0422B3-55DB-4A5C-93A6-D844D6497C3F} <C:\WINDOWS\system32\Vtya.dll, N/A>
[]
{1C675BEE-9C7F-4397-8AE5-9FA70BB0D9C8} <C:\WINDOWS\system32\Hiwhev.dll, N/A>
[]
{28625DFA-5007-4ED4-B21B-88B893FE0223} <C:\WINDOWS\system32\Raipz.dll, N/A>
[]
{306FD213-7BCD-4D86-AB6A-BB5D1CF2A277} <C:\WINDOWS\system32\Fuweko.dll, N/A>
[]
{30713E9A-41F5-4C96-A121-A82803EEE5C6} <C:\WINDOWS\system32\Parlu.dll, N/A>
[]
{3095CAAD-CB48-4842-BAA1-932277F4E0D8} <C:\WINDOWS\system32\Ehdm.dll, N/A>
[]
{4512D565-6B12-4D73-AB82-6C54441C31BC} <C:\WINDOWS\system32\Skeiu.dll, N/A>
[]
{458EF571-B383-4B91-8746-298715B206BF} <C:\WINDOWS\system32\Eclz.dll, N/A>
[]
{461D44D0-2E87-4995-9C42-E136946ABD49} <C:\WINDOWS\system32\Uwabi.dll, N/A>
[]
{51BF0F6F-7B19-4CF8-9399-8C2266CF551D} <C:\WINDOWS\system32\Xrqv.dll, N/A>
[]
{53915062-463F-4DCB-B1CD-1FE13D9B0136} <C:\WINDOWS\system32\Kyqqd.dll, N/A>
[]
{58B5D013-E0D4-4EAE-AD24-7166261468F0} <C:\WINDOWS\system32\Orwth.dll, N/A>
[]
{5AC9E75F-78D8-4E1F-BB35-6B136AAB4836} <C:\WINDOWS\system32\Rangkz.dll, N/A>
[]
{5DA9AAF5-9271-4C11-8B5A-9EBCD4BC6819} <C:\WINDOWS\system32\Soayl.dll, N/A>
[]
{600B28CA-C637-44F2-9818-119AC8638E64} <C:\WINDOWS\system32\Ctcnvg.dll, N/A>
[]
{60B5B6B5-92B9-44EB-B164-879A26BA10DC} <C:\WINDOWS\system32\Adtlr.dll, N/A>
[]
{6450E802-BF72-498A-B21F-EC4C5AB35ECB} <C:\WINDOWS\system32\Myqk.dll, N/A>
[]
{77DD82EC-E796-48B2-ABDE-11BC140F76CC} <C:\WINDOWS\system32\Tjxnj.dll, N/A>
[]
{7858C3B7-7304-4847-9151-8CE80149A1F5} <C:\WINDOWS\system32\Orkpi.dll, N/A>
[]
{79FA32ED-C34A-460C-93A1-2B35EE92E0B8} <C:\WINDOWS\system32\Pzacj.dll, N/A>
[]
{80616E39-FCEC-4F81-ABF5-17714F0D2D5D} <C:\WINDOWS\system32\Vtwotk.dll, N/A>
[]
{80AFF2AC-DA79-410C-9BC7-513571443608} <C:\WINDOWS\system32\Lmwh.dll, N/A>
[]
{8353FE60-F3E3-4F68-A179-17BAFD2731D3} <C:\WINDOWS\system32\Tdyq.dll, N/A>
[]
{8A1AF3F9-0B87-4AD7-90CD-DCB9A1539CFA} <C:\WINDOWS\system32\Uuljoo.dll, N/A>
[]
{8BBD4113-7A6E-40D6-A38C-75FD88EEE810} <C:\WINDOWS\system32\Ifghf.dll, N/A>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
{941380EC-85EC-4382-B8E7-F9A157A228E6} <C:\WINDOWS\system32\Xidp.dll, N/A>
[]
{98726D5F-DEA1-492C-AF46-E07CE23ED5F2} <C:\WINDOWS\system32\Nsej.dll, N/A>
[]
{9B57CFBE-8094-46FC-A7C7-6C7BDC264123} <C:\WINDOWS\system32\Gycd.dll, N/A>
[]
{B109AFFF-C12E-4DCE-BCD2-6F242AAD2CEC} <C:\WINDOWS\system32\Ssgc.dll, N/A>
[]
{BDABB5B1-1C38-460D-A956-44C71C06400B} <C:\WINDOWS\system32\Rsawo.dll, N/A>
[]
{C114EC12-9744-45FA-90B8-5970361FD716} <C:\WINDOWS\system32\Wxcl.dll, N/A>
[]
{C2626E66-D21B-E628-C1DF-1DACCFA36ED2} <C:\Program Files\Common Files\fjOs0r.dll, Microsoft Corporation>
[]
{C2BDC11A-49A4-40CE-8BDE-BFF993FED10A} <C:\WINDOWS\system32\Jmfr.dll, N/A>
[]
{C5033A90-E31F-4BB5-9076-4162A97EEBC0} <C:\WINDOWS\system32\Nhzubc.dll, N/A>
[]
{C6AC8F90-BA99-4BD0-BB1A-8A6BAD839203} <C:\WINDOWS\system32\Vazz.dll, N/A>
[]
{C76892EF-657B-4DEF-9E5E-B089BD4787FA} <C:\WINDOWS\system32\Kvkqe.dll, N/A>
[]
{CA28A602-D81A-4B35-80CB-D698D8463A61} <C:\WINDOWS\system32\Qaqck.dll, N/A>
[]
{CE162D57-C3F6-47C6-A387-E503FEF0201A} <C:\WINDOWS\system32\Qypja.dll, N/A>
[]
{CF329EF3-5EEE-4D28-8EBA-F3BFD2B7AE5F} <C:\WINDOWS\system32\Rtbdqq.dll, N/A>
[]
{D8D136A5-C7DF-4D51-A755-25B1ABBB2F80} <C:\WINDOWS\system32\Wsbx.dll, N/A>
[]
{DA1E26EF-D369-4041-974B-851D6AF608D5} <C:\WINDOWS\system32\Fxdhi.dll, N/A>
[]
{DC3CB21D-5F24-4B61-A5F0-EF5A924AC332} <C:\WINDOWS\system32\Hbmm.dll, N/A>
[]
{DD7F48FD-C56A-4FD6-B8D3-E2F90A4A4228} <C:\WINDOWS\system32\Ftcb.dll, N/A>
[]
{DFA8D100-E7F0-4CB1-9817-0D8B01991AAD} <C:\WINDOWS\system32\Vhyzxc.dll, N/A>
[]
{F0909FD3-2FD7-440F-814B-D4D1D44DD2F0} <C:\WINDOWS\system32\Bmwh.dll, N/A>
[]
{F419BDCB-505B-42F7-BC04-F2E4230178CE} <C:\WINDOWS\system32\Anch.dll, N/A>
[]
{F5A4CD89-79FB-4375-A3E3-AE3CAD766BC8} <C:\WINDOWS\system32\Yhixp.dll, N/A>
[]
{F8CFDD5E-D45E-438A-97DA-B181BC2A4050} <C:\WINDOWS\system32\Wnngpr.dll, N/A>
[]
{F9F1CB1B-5610-4D1C-B487-9D7B9C1F6F5A} <C:\WINDOWS\system32\Erhbb.dll, N/A>
[]
{FB9F7DE0-6A99-4577-8EFE-583B09D3251B} <C:\WINDOWS\system32\Ppwjvt.dll, N/A>

安全模式下删除
上面所说的浏览器加载项所指向的文件
C:\WINDOWS\system32\drivers\svchost.exe