这是在带网络连接的安全模式下打开的。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      9:35:54, 日期 2006-11-13
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\sys32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\无锡绿业物资有限公司1\桌面\HijackThis1991zww.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~2\tbhelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com

O2 - BHO: (no name) - {003169BC-AB68-482F-AEA6-B51A47BDDB83} - C:\WINDOWS\system32\ATIAngetser.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\giudfidjg\trgjiw.dll
O2 - BHO: IeEventObj Class - {0FAFD871-DFE0-496D-8953-0D5BA28E9766} - C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Google Bar  - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\System32\GoogleBar.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5196.dll
O2 - BHO: MsXmlExObj Class - {449840D6-2E92-47B5-AED3-B03A41CE9CE4} - C:\WINDOWS\System32\MSXMLR~1.DLL
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: DabObj Class - {70D509DD-32A5-4E11-B9C1-865433C8443C} - C:\WINDOWS\System32\dabapi.dll
O2 - BHO: 360安全卫士 - {8C7A85DB-99B6-4477-B14B-28FC27766244} - C:\WINDOWS\System32\gcnbfkrb.dll
O2 - BHO: (no name) - {930FD663-1720-4E8A-BC62-681A8BCEA428} - C:\WINDOWS\system32\adsnwer.dll
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\System32\drivers\spoolsv.dll
O2 - BHO: (no name) - {A878C4B6-640F-4C84-953F-31F38D9D4C80} - C:\WINDOWS\system32\ATSerioserar.dll
O2 - BHO: XBTBPos00 - {BD72EF1D-E47A-454F-AEA5-9F4C3ABE4EE5} - C:\PROGRA~1\ABOBEF~2\CAB301~1.DLL
O2 - BHO: TBSB00889 - {E9582697-E409-4312-B454-4B43F994D9DF} - C:\PROGRA~1\ABOBEF~1\ABOBEF~1.DLL
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - IE工具栏增项: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
O3 - IE工具栏增项: Abobe Flash Play 9 - {055187D9-1D7B-4C60-8324-F53F935E8AEE} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe
O4 - 启动项HKLM\\Run: [SubOlccr] C:\Patriot\SubOlccr.exe
O4 - 启动项HKLM\\Run: [RfwMain] "F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "F:\Program Files\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [QuickTime Task] "F:\新建文件夹\Storm Codec\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - 启动项HKLM\\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\WINDOWS\System32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [systemdll] regsvr32 /s c:\WINDOWS\system32\system.dll
O4 - 启动项HKLM\\Run: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\Run: [dabrun] rundll32.exe "C:\WINDOWS\System32\dabapi.dll",Rundll32
O4 - 启动项HKLM\\Run: [C:\WINDOWS\System32\15.exe] C:\WINDOWS\System32\15.exe
O4 - 启动项HKLM\\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\RunOnce: [getmid] rundll32.exe C:\WINDOWS\System32\dabapi.dll,Rundll32 getmid
O4 - 启动项HKLM\\RunOnce: [RavStub] "F:\Program Files\Rav\ravstub.exe" /RUNONCE
O4 - 启动项HKLM\\RunOnce: [xbcqvf86] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbcqvf86.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [kkicfc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\kkicfc80.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [ebiugd65] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ebiugd65.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [dwntrk81] %systemroot%\system32\Rundll32.exe %systemroot%\system32\dwntrk81.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - IE右键菜单中的新增项目: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - IE右键菜单中的新增项目: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.wuxi.cn/plugin/PowerPlr.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2165DA8-C4A7-48AC-9B94-23F38E6BA361}: NameServer = 221.228.255.1

O20 - AppInit_DLLs: 578685M.BMP
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\System32\cmspl.dll
O23 - NT 服务: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rav\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\Ravmond.exe

01项和02项、10项没法修复的，版主帮忙看看吧

清除不掉，修改后保存老是说hosts正在被使用，无法修改。

006-11-13,15:39:51

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [N/A]
    <ws_d><; C:\WINDOWS\ws32.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PreAnnotate><; C:\WINDOWS\System32\PreAnntt.exe>  [N/A]
    <SubOlccr><; C:\Patriot\SubOlccr.exe>  [N/A]
    <RfwMain><"F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"F:\Program Files\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <QuickTime Task><"F:\新建文件夹\Storm Codec\qttask.exe" -atboottime>  [N/A]
    <Lexmark 4200 Series><"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe">  [Lexmark International, Inc.]
    <FaxCenterServer4_in_1><"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s>  [N/A]
    <C:\WINDOWS\System32\15.exe><C:\WINDOWS\System32\15.exe>  [N/A]
    <assistse><; "C:\PROGRA~1\3721\assistse.exe">  [N/A]
    <ccenter><; d:\Program Files\rising\Rav\CCenter.exe>  [N/A]
    <EyeTel><; F:\EyeTel\EyeTel.exe -a>  [N/A]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <MINI_BFYY><; F:\新建文件夹\Storm Downloader\StormDownloader.exe>  [N/A]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <RavMon><; F:\Program Files\rav\RavMon.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTimer><; F:\Program Files\rav\RavTimer.exe>  [N/A]
    <RealTray><; d:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER>  [N/A]
    <rfw><; F:\Program Files\rav\Rfw\Rfw.exe>  [N/A]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [N/A]
    <WinampAgent><; "E:\zqz\winnap\Winampa.exe">  [N/A]
    <WService><; WService.EXE>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [N/A]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
    <NetWork><C:\WINDOWS\System32\cmspl.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><%SystemRoot%\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================

启动文件夹
N/A

==================================
服务
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[EpsonBidirectionalService / EpsonBidirectionalService]
  <C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe><N/A>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[Imsvc / Imsvc]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Webmail.dll><>
[Indexing Service / IndexingService]
  <2 - 系统找不到指定的文件。
><N/A>
[iPodService / iPodService]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[LexBce Server / LexBceS]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[MessageService / MessageService]
  <C:\WINDOWS\System32\Svchost.exe -k MessageService-->C:\WINDOWS\System32\MsServices\svchost.dll><N/A>
[msgsat / msgsat]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnhost.dll><>
[Rising Personal Firewall Service / RfwService]
  <f:\program files\rav\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"F:\Program Files\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"F:\Program Files\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WindowService / WindowService]
  <C:\WINDOWS\System32\Svchost.exe -k WindowService-->C:\WINDOWS\System32\drivers\Register_nos.dll><N/A>
[WinTab Service / WinTabService]
  <"C:\WINDOWS\System32\Drivers\WTSRV.EXE"><N/A>

==================================

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys]
  <\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[dwntrk8 / dwntrk81]
  <\SystemRoot\System32\DRIVERS\dwntrk81.sys><N/A>
[ebiugd6 / ebiugd65]
  <\SystemRoot\System32\DRIVERS\ebiugd65.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\F:\Program Files\Rav\ExpScan.sys><>
[GEARAspiWDM / GEARAspiWDM]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HookCont / HookCont]
  <\??\F:\Program Files\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\F:\Program Files\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\F:\Program Files\Rav\HookSys.sys><Rising>
[jr / jr]
  <\??\C:\WINDOWS\System32\drivers\jr.sys><N/A>
[kkicfc8 / kkicfc80]
  <\SystemRoot\System32\DRIVERS\kkicfc80.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\F:\Program Files\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\f:\program files\rav\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NetworkX / NetworkX]
  <\SystemRoot\system32\ckldrv.sys><N/A>
[New0 / New0]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\F:\Program Files\rav\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Helper Driver / sfhlp01]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiS315 / SiS315]
  <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Serial Tablet Port Driver / Tablet2k]
  <System32\DRIVERS\Tablet2k.sys><Windows (R) 2000 DDK provider>
[Tablet Class Driver / TClass2k]
  <System32\DRIVERS\TClass2k.sys><Windows (R) 2000 DDK provider>
[HID Tablet Port Driver / UCTblHid]
  <"C:\WINDOWS\System32\Drivers\UCTblHid.sys"><Windows (R) 2000 DDK provider>
[udsvmgg / udsvmggf]
  <\SystemRoot\System32\DRIVERS\udsvmggf.sys><N/A>

==================================