天啊！大哥大姐们！本菜鸟是一个地地道道的菜鸟！昨天上了个网，在讯雷下了一个游戏结果就挂了！主页被改为www.369.com！怎么改也改不回来！而且上网也有问题！看了大哥大姐们的帖子！可毕竟是菜鸟！还是不懂！所以求求各位大哥大姐们帮帮小菜鸟！菜鸟感激不尽！我的日志扫描是：
Logfile of Kaka v2. 0. 0. 8 Scan Module v2. 0. 0. 1
Scan saved at 19:08:29, on 2006-06-13
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q823353;Q867801;Q832894; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = C:\WINNT\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINNT\System32\svchost.exe -k netsvcs

[spoolsv.exe]
CommandLine = C:\WINNT\system32\spoolsv.exe

[Explorer.EXE]
CommandLine = C:\WINNT\Explorer.EXE

[exp1orer.exe]
CommandLine = "C:\WINNT\system32\exp1orer.exe"

[ServeHost.exe]
CommandLine = C:\WINNT\system32\ServeHost.exe

[regsvc.exe]
CommandLine = C:\WINNT\system32\regsvc.exe

[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavMonD.exe"

[MSTask.exe]
CommandLine = C:\WINNT\system32\MSTask.exe

[WinMgmt.exe]
CommandLine = C:\WINNT\System32\WBEM\WinMgmt.exe

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost.exe -k wugroup

[SearchNet.exe]
CommandLine = "C:\Program Files\SearchNet\SearchNet.exe"

[wuauclt.exe]
CommandLine = "C:\WINNT\system32\wuauclt.exe"

[SREng.exe]
CommandLine = "D:\008\SREng2\SREng.exe"

[RavTimer.exe]
CommandLine = "C:\Program Files\rising\rav\RavTimer.exe"

[VnetClient.exe]
CommandLine = "C:\Program Files\ChinaNet\VnetClient.exe"

[RavService.exe]
CommandLine = "C:\Program Files\rising\rav\RavService.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\rising\KakaToolBar\KkScan.exe"

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.369.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.369.com
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINNT\system32\wmpdrm.dll
O2 - BHO: IE Address Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKCU\..\Run: [Internat.exe] ; internat.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] ; Atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] ; Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] ; C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - HKLM\..\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - HKLM\..\Run: [RavService] ; C:\Program Files\Rising\Rav\RavService.exe
O4 - HKLM\..\Run: [kpcdst] ; C:\001\001\cdsprite.exe
O4 - HKLM\..\Run: [YLive.exe] ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] ; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [LoadEWXD] C:\WINNT\system32\exp1orer.exe
O4 - HKLM\..\Run: [spoolsv] ; C:\WINNT\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO
O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5524867F-0F8B-46CA-9339-8EE920327429}: NameServer = 202.103.24.68 202.103.0.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{895CCC98-4798-448B-AC5C-1A25931A9058}: NameServer = 172.19.195.8,61.183.131.242,202.103.246.8
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) -  - C:\WINNT\system32\ati2plab.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: Microsoft    NetWork  FireWall  Services (Microsoft    NetWork  FireWall  Services) -  - Net_Services.exe
O23 - Service: Microsoft NetWork FireWall Services (Microsoft NetWork FireWall Services) -  - NetServices.exe
O23 - Service: NetMeeting  Remote  Desktop  (RPC)  Sharing (NetMeeting  Remote  Desktop  (RPC)  Sharing) -  - Rundll32.exe Task688.dll ondll_server
O23 - Service: Remote Log (Remote Log) - 北京中搜在线软件有限公司 - C:\WINNT\system32\servehost.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising Realtime Monitor Service (RsRavMon) - rising - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Smart Card Helper (SCardDrv) -  - C:\WINNT\system32\scardsvr32.exe -v

可是看了还不会用！

大哥！你是我的偶像！我最最最最最最敬佩的人！你就是我的老大救世主！

老师老师！只有超级兔子清理王！没有优化王啊？

老师快出现帮帮我！

老师！其中的C:\WINNT\system32\spoolsv
删不掉啊！

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><; internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><; mobsync.exe /logon>  [Microsoft Corporation]
    <AtiPTA><; Atiptaxx.exe>  [ATI Technologies, Inc.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <RavTimer><; C:\Program Files\rising\rav\RavTimer.exe>  [rising]
    <RavMon><; C:\Program Files\rising\rav\RavMon.exe>  [rising]
    <RavService><; C:\Program Files\Rising\Rav\RavService.exe>  []
    <kpcdst><; C:\001\001\cdsprite.exe>  []
    <Super Rabbit Desktop Set><; C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <RavMon><; C:\Program Files\rising\rav\RavMon.exe /AUTO>  [rising]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINNT\System32\ati2plab.exe><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft    NetWork  FireWall  Services / Microsoft    NetWork  FireWall  Services]
  <Net_Services.exe><N/A>
[Microsoft NetWork FireWall Services / Microsoft NetWork FireWall Services]
  <NetServices.exe><N/A>
[Rising Process Communication Center / RsCCenter]
  <C:\Program Files\Rising\Rav\CCenter.exe><rising>
[Rising Realtime Monitor Service / RsRavMon]
  <C:\Program Files\Rising\Rav\RavMonD.exe><rising>
[Smart Card Helper / SCardDrv]
  <C:\WINNT\system32\scardsvr32.exe -v><N/A>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 184][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 180][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 232][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 244][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 412][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 456][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 508][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 664][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  <WinZip Computing, Inc.><4.1 (32-bit)>
    [C:\PROGRA~1\WINZIP\wzshlex1.dll]  <WinZip Computing, Inc.><4.1 (32-bit)>
    [C:\PROGRA~1\WINZIP\WZCAB3.DLL]  <WinZip Computing, Inc.><3.1 (32-bit)>
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINNT\system32\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><16, 0, 0, 4>
[PID: 760][C:\Program Files\rising\rav\RavTimer.exe]  <rising><16, 0, 0, 23>
    [C:\Program Files\rising\rav\Language.dll]  <RiSing><15, 0, 0, 17>
    [C:\Program Files\rising\rav\RsCommX.dll]  <rising><15, 0, 1, 13>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 768][C:\Program Files\rising\rav\RavMon.exe]  <rising><16, 0, 0, 32>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
    [C:\Program Files\rising\rav\RavMon.dll]  <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 63>
    [C:\Program Files\rising\rav\guidll.dll]  <rising><16, 0, 0, 36>
    [C:\Program Files\rising\rav\RsCommX.dll]  <rising><15, 0, 1, 13>
    [C:\Program Files\rising\rav\Language.dll]  <RiSing><15, 0, 0, 17>
[PID: 776][C:\Program Files\Super Rabbit\MagicSet\DS.EXE]  <Super Rabbit Software><1.50>
[PID: 676][C:\Program Files\Rising\Rav\CCenter.exe]  <rising><15, 0, 1, 8>
[PID: 796][C:\Program Files\Rising\Rav\RavMonD.exe]  <rising><16, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RavMon.dll]  <Beijing Rising Tech. Co. Ltd.><16, 0, 0, 63>
    [C:\Program Files\Rising\Rav\guidll.dll]  <rising><16, 0, 0, 36>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><15, 0, 1, 13>
    [C:\Program Files\Rising\Rav\Language.dll]  <RiSing><15, 0, 0, 17>
    [C:\Program Files\Rising\Rav\Engine.dll]  <rising><16, 0, 0, 56>
    [C:\Program Files\Rising\Rav\LibLoad.dll]  <Rising><16, 0, 0, 34>
    [C:\Program Files\Rising\Rav\StoreDll.dll]  <Beijing Rising Technology Co., Ltd.><16, 0, 0, 10>
    [C:\Program Files\Rising\Rav\ScanFile.dll]  <rising><16, 0, 0, 52>
    [C:\Program Files\Rising\Rav\NVFile.dll]  <rising><16, 0, 0, 4>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Rising><16, 0, 0, 27>
    [C:\Program Files\Rising\Rav\PostTrtX.dll]  <瑞星科技股份有限公司><16, 0, 0, 10>
    [C:\Program Files\Rising\Rav\ExtFile.dll]  <RiSing><16, 0, 0, 28>
    [C:\Program Files\Rising\Rav\ExtMail.dll]  <rising><16, 0, 0, 31>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <rising><16, 0, 0, 62>
    [C:\Program Files\Rising\Rav\UnMacro.dll]  <rising><16, 0, 0, 10>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Rising><16, 0, 0, 36>
    [C:\Program Files\Rising\Rav\UnMail.dll]  <rising><16, 0, 0, 7>
    [C:\Program Files\Rising\Rav\BtEngine.dll]  <rising><16, 0, 0, 31>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\setup.dll]  <北京瑞星科技股份有限公司><14, 10, 0, 11>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
    [C:\Program Files\Rising\Rav\zip.dll]  <rising><13, 0, 0, 1>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <rs><16, 0, 0, 16>
[PID: 812][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
[PID: 856][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 876][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 1188][C:\WINNT\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
[PID: 304][D:\009\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
    [C:\Program Files\Rising\Rav\RavProxy.dll]  <rising><16, 0, 0, 6>
[PID: 316][C:\Program Files\rising\rav\RavService.exe]  <><16, 0, 0, 33>
    [C:\Program Files\Rising\Rav\ApiHook.dll]  <北京瑞星><16, 0, 0, 19>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <北京瑞星><16, 2, 0, 6>
    [C:\Program Files\rising\rav\RsCommX.dll]  <rising><15, 0, 1, 13>
    [C:\Program Files\rising\rav\RavService936.dll]  <瑞星><16, 0, 0, 9>
    [C:\Program Files\Rising\Rav\RavProxy.dll]  <rising><16, 0, 0, 6>

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

老师！为什么C:\WINNT\system32\scardsvr32.exe
Net_Services.exe
NetServices.exe都没找到呢？？

有一个C:\WINNT\system32\scardsvr.exe