四个木马用ewido杀了几次~!!重起后还在.可以查出病毒.就是杀不了~ 附进程~!!
[Main]
Program=超级兔子IE修复专家
Version=V7.75
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\li
Admin=1
Detail=1
Date=2006-09-01
Time=09:14:31
Code=,
CDCode=,
Reg=0

[Soft]
1=百度超级搜霸
Max=1

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=Microsoft Internet Explorer
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=about:blank
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=http://www.hao123.com/
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=about:blank
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=about:blank
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1022464
1_FileDate=2006-6-23 19:11:20
1_FileVersion=6.0.2900.2937
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8311296
2_FileDate=2006-7-13 21:34:55
2_FileVersion=6.0.2900.2951
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
3_Name={43869BB3-22FD-4F15-9B46-238106BA2F4E}
3_FileName=D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
3_FileSize=729088
3_FileDate=2006-7-24 14:06:04
3_FileVersion=2.2.0.1612
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
4_Name={89FDCC4B-8D91-49B0-81A6-18BCFF582735}
4_FileName=
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
5_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
5_FileName=%SystemRoot%\system32\browseui.dll
5_FileSize=1022464
5_FileDate=2006-6-23 19:11:20
5_FileVersion=6.0.2900.2937
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
6_Name={43869BB3-22FD-4F15-9B46-238106BA2F4E}
6_FileName=D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
6_FileSize=729088
6_FileDate=2006-7-24 14:06:04
6_FileVersion=2.2.0.1612
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
7_Name={B580CF65-E151-49C3-B73F-70B13FCA8E86}
7_FileName=C:\PROGRA~1\baidu\bar\baidubar.dll
7_FileSize=1028187
7_FileDate=2006-7-25 20:40:36
7_FileVersion=2.0.2.99
Max=7

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载
1_FileName=d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
1_FileSize=2338
1_FileDate=2006-7-24 15:51:28
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载全部链接
2_FileName=d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
2_FileSize=695
2_FileDate=2006-3-8 10:49:10
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
3_FileName=D:\Program Files\Tencent\QQ\AddToNetDisk.htm
3_FileSize=534
3_FileDate=2006-4-25 17:03:24
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
4_FileName=D:\Program Files\Tencent\QQ\AddPanel.htm
4_FileSize=1815
4_FileDate=2006-4-25 17:03:24
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
5_FileName=D:\Program Files\Tencent\QQ\AddEmotion.htm
5_FileSize=534
5_FileDate=2006-4-25 17:03:22
5_FileVersion=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
6_FileName=D:\Program Files\Tencent\QQ\SendMMS.htm
6_FileSize=519
6_FileDate=2006-4-25 17:03:32
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{0062C9BD-B349-40DE-91A0-755F37ACD559}
7_Clsid={1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
7_ButtonText=启动迅雷
7_MenuText=启动迅雷
7_FileName=
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157b}
8_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
8_ButtonText=QQ
8_MenuText=QQ
8_FileName=
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}
9_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
9_ButtonText=QQ炫彩工具条设置
9_MenuText=QQ炫彩工具条设置
9_FileName=
9_FileVersion=
10_HKey=HKEY_CURRENT_USER
10_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
10_Clsid=
10_ButtonText=
10_MenuText=
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0005A87D-D626-4B3A-84F9-1D9571695F55}
11_Clsid=ThunderIEHelper Class
11_FileName=C:\WINDOWS\system32\xunleibho_v8.dll
11_FileSize=49152
11_FileDate=2005-10-31 16:33:42
11_FileVersion=4.5.1.33
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
12_Clsid=AcroIEHlprObj Class
12_FileName=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
12_FileSize=37808
12_FileDate=2001-3-2 12:02:04
12_FileVersion=1.0.0.1
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EBD53A-9BC1-480B-966A-843A333CA162}
13_Clsid=QQBrowserHelperObject Class
13_FileName=d:\Program Files\Tencent\QQ\QQIEHelper.dll
13_FileSize=184320
13_FileDate=2006-4-25 17:09:56
13_FileVersion=1.1.0.5
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7369D35A-5B70-4A5B-B789-B25FE09B4AF3}
14_Clsid=超级兔子上网精灵
14_FileName=D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
14_FileSize=729088
14_FileDate=2006-7-24 14:06:04
14_FileVersion=2.2.0.1612
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}
15_Clsid=BandIE Class
15_FileName=C:\PROGRA~1\baidu\bar\baidubar.dll
15_FileSize=1028187
15_FileDate=2006-7-25 20:40:36
15_FileVersion=2.0.2.99
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}
16_Clsid=Thunder Browser Helper
16_FileName=d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
16_FileSize=49152
16_FileDate=2006-6-3 11:17:12
16_FileVersion=5.0.0.2
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
17_Download=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
17_FileName=
17_FileVersion=
18_HKey=HKEY_LOCAL_MACHINE
18_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33441F51-B97B-45A6-98EA-722BE27A72B0}
18_NameServer=
18_Clsid=
18_FileName=
18_FileVersion=
19_HKey=HKEY_LOCAL_MACHINE
19_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ABC0F3A-BC85-4C3F-95AF-76534798D11F}
19_NameServer=
19_Clsid=
19_FileName=
19_FileVersion=
20_HKey=HKEY_LOCAL_MACHINE
20_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E49DA017-1471-4EE0-8F11-A98833A17B28}
20_NameServer=
20_Clsid=
20_FileName=
20_FileVersion=
Max=20

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2004-8-4 8:52:36
4_FileVersionLink=5.1.2600.2180
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
5_FileSizeLink=93184
5_FileDateLink=2004-8-4 8:52:32
5_FileVersionLink=6.0.2900.2180
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
6_FileSizeLink=93184
6_FileDateLink=2004-8-4 8:52:32
6_FileVersionLink=6.0.2900.2180
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink=rundll32.exe shdocvw.dll,OpenURL %l
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Shdoclc]
1_FileSize=498176
1_FileDate=2004-8-4 8:51:40
1_FileVersion=6.0.2900.2180
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\userinit.exe,
2_FileSize=23552
2_FileDate=2004-8-4 8:52:38
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2004-8-4 8:52:20
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2004-8-4 8:52:28
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2004-8-4 8:52:20
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 f 
1_Value=       ?诧?谑￡往??
                 
          MSAFD Tcpip [TCP/IP]                                                                                                                                                                                                                                           
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 
2_Value=       ?诧?谑￡往??
                         ?  ?匀????吀挀瀀椀瀀?嬀唀?倀??倀崀                                                                                                                                                                                                                                           
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 
3_Value=      ?诧?谑￡往??
                    ?    ?  ?匀????吀挀瀀椀瀀?嬀刀?圀??倀崀                                                                                                                                                                                                                                           
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
4_Value=─??一─????????一????嬀?漀渀琀爀漀氀?氀愀最猀崀???砀挀氀甀搀攀?爀漀洀匀攀氀攀挀琀???????倀??尀嘀?一开???????嘀开?????匀唀?匀夀匀开　　　?????????嬀??一崀??─??一??　??      ? 悩窝?袽 苀髦?ā 萀?簂?麗??畖??畕聆?           ?  刀匀嘀倀?唀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀 ā ?? ??
?鋻聼?  ?氂鋻煼鋻| 耀??粒??????粒?粒???粒樘矚橑矚唿? ???耀?@    唿屵?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀 ?粓錿????屸??? ???????嚤? 唿??鈂鋕???  隸?汴矚燎???垉u 砀浜 ?垊幵?? ?? ????趸畕?  ??粓錿? 堀?錿?粓    X 錿? 堀?
  ( 脸???  ???    ??尀?甀爀爀攀? ? ???錿?粓
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
5_Value=─??一─????????一????嬀?漀渀琀爀漀氀?氀愀最猀崀???砀挀氀甀搀攀?爀漀洀匀攀氀攀挀琀???????倀??尀嘀?一开???????嘀开?????匀唀?匀夀匀开　　　?????????嬀??一崀??─??一??　昀?      ? 悩窝?袽 苀髦?ā ?   谀?専錍|?? ? ? ? ā ?          刀匀嘀倀?吀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀 ??
? 倀?  ????∈?? ? ??
?    ?封錍|??粓??粓?
?  ???  ?? ?噮???? ?(????峨?屸???  ?` ???? ???  ?粓窀?  ? ???` ?  ā?粒  粒?粒 ?? ???粓 錿??洀錅屼?
??  ??  ?  ??      ?????? ?  了???? ?嘼畕  ???  ???氂鋻煼鋻屼?
??
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0  
6_Value=       ?赟???耀?銡?ā              ? ? ? ? ?  ?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ABC0F3A-BC85-4C3F-95AF-76534798D11F}] SEQPACKET 0                                                                                                                                                                         
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 
7_Value=       ?赟???耀?銡?ā              ? ? ? ? ?  ?        MSAFD NetBIOS [\Device\NetBT_Tcpip_{4ABC0F3A-BC85-4C3F-95AF-76534798D11F}] DATAGRAM 0                                                                                                                                                                         
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0  
8_Value=        ?赟???耀?銡?ā              ? ? ? ? ? ???        MSAFD NetBIOS [\Device\NetBT_Tcpip_{33441F51-B97B-45A6-98EA-722BE27A72B0}] SEQPACKET 1                                                                                                                                                                         
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 
9_Value=        ?赟???耀?銡?ā              ? ? ? ? ? ???        MSAFD NetBIOS [\Device\NetBT_Tcpip_{33441F51-B97B-45A6-98EA-722BE27A72B0}] DATAGRAM 1                                                                                                                                                                         
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0  
10_Value=        ?赟???耀?銡?ā              ? ? ? ? ? ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????　???????????　??????????????????紀崀?匀?儀倀????吀??                                                                                                                                                                         
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll % D C N %        =  D C N



[ C o n t r o l F l a g s ]

E x c l u d e F r o m S e l e c t          =  P C I \ V E N _ 1 1 1 3 & D E V _ 1 2 1 6 & S U B S Y S _ 0 0 0 1 1 1 1 3



[ D C N ]

% D C N 5 3 0 
11_Value=        ?赟???耀?銡?ā              ? ? ? ? ? ??        ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????　???????????　??????????????????紀崀???吀??刀????                                                                                                                                                                         
Max=11

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-4 8:52:36
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-4 8:52:36
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8311296
1_FileDate=2006-7-13 21:34:55
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8311296
1_FileDate=2006-7-13 21:34:55
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8311296
2_FileDate=2006-7-13 21:34:55
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-4 8:52:28
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-4 8:52:26
Max=4

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1022464
1_FileDate=2006-6-23 19:11:20
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1022464
2_FileDate=2006-6-23 19:11:20
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=IMJPMIG8.1
1_Value=; "c:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
1_FileSize=208952
1_FileDate=2004-8-4 6:32:00
1_FileVersion=8.1.4202.0
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=NvCplDaemon
2_Value=; rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
2_FileSize=4620288
2_FileDate=2004-10-29 16:50:00
2_FileVersion=6.14.10.6693
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=C-Media Mixer
3_Value=mixer.exe /startup
3_FileSize=1216512
3_FileDate=2001-12-7 23:24:24
3_FileVersion=1.4.6.0
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=RavTask
4_Value="d:\program files\rising\rav\ravtask.exe" -system
4_FileSize=114688
4_FileDate=2006-8-27 15:43:35
4_FileVersion=18.0.0.22
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=TkBellExe
5_Value=; "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
5_FileSize=180269
5_FileDate=2006-8-28 12:00:22
5_FileVersion=0.1.0.3510
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\Run
6_Name=RfwMain
6_Value="e:\program files\rising\rfw\rfwmain.exe" -startup
6_FileSize=417792
6_FileDate=2006-8-31 16:17:36
6_FileVersion=4.0.0.52
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
7_Name=load
7_Value=
8_HKey=HKEY_CURRENT_USER
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=ctfmon.exe
8_Value=c:\windows\system32\ctfmon.exe
8_FileSize=15360
8_FileDate=2004-8-4 8:52:30
8_FileVersion=5.1.2600.2180
9_HKey=HKEY_CURRENT_USER
9_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
9_Name=load
9_Value=
Max=9

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll
1_Name=.Owner
1_Value=CMediaAudioRack
1_Clsid=
1_FileName=C:\WINDOWS\system32\danim.dll
1_FileSize=1049088
1_FileDate=2006-6-23 19:11:20
1_FileVersion=6.3.1.148
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll
2_Name=.Owner
2_Value=CMediaAudioRack
2_Clsid=
2_FileName=C:\WINDOWS\system32\ddrawex.dll
2_FileSize=27136
2_FileDate=2004-8-4 8:52:08
2_FileVersion=5.3.2600.2180
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll
3_Name=.Owner
3_Value=CMediaAudioRack
3_Clsid=
3_FileName=C:\WINDOWS\system32\quartz.dll
3_FileSize=1269248
3_FileDate=2005-8-30 11:55:45
3_FileVersion=6.5.2600.2749
Max=3

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-4 8:52:38
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2004-8-4 8:52:38
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2004-8-4 8:52:38
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2004-8-4 8:52:32
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2004-8-4 8:52:38
5_FileVersion=5.1.2600.2180
6_FileName=D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
6_FileSize=110592
6_FileDate=2006-8-27 15:43:35
6_FileVersion=18.0.0.3
7_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
7_FileSize=14336
7_FileDate=2004-8-4 8:52:38
7_FileVersion=5.1.2600.2180
8_FileName=E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
8_FileSize=98304
8_FileDate=2006-8-31 16:14:46
8_FileVersion=4.0.0.32
9_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
9_FileSize=57856
9_FileDate=2005-6-11 7:53:32
9_FileVersion=5.1.2600.2696
10_FileName=C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
10_FileSize=54784
10_FileDate=2006-8-17 19:43:53
10_FileVersion=4.20.20.0
11_FileName=C:\WINDOWS\SYSTEM32\NVSVC32.EXE
11_FileSize=127043
11_FileDate=2004-10-29 16:50:00
11_FileVersion=6.14.10.6693
12_FileName=C:\WINDOWS\EXPLORER.EXE
12_FileSize=976896
12_FileDate=2004-8-4 8:52:32
12_FileVersion=6.0.2900.2180
13_FileName=E:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
13_FileSize=417792
13_FileDate=2006-8-31 16:17:36
13_FileVersion=4.0.0.52
14_FileName=C:\WINDOWS\MIXER.EXE
14_FileSize=1216512
14_FileDate=2001-12-7 23:24:24
14_FileVersion=1.4.6.0
15_FileName=D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
15_FileSize=114688
15_FileDate=2006-8-27 15:43:35
15_FileVersion=18.0.0.22
16_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
16_FileSize=15360
16_FileDate=2004-8-4 8:52:30
16_FileVersion=5.1.2600.2180
17_FileName=D:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE
17_FileSize=106496
17_FileDate=2006-8-27 15:43:18
17_FileVersion=18.0.0.12
18_FileName=C:\WINDOWS\MSAGENT\AGENTSVR.EXE
18_FileSize=256512
18_FileDate=2004-8-4 8:52:30
18_FileVersion=2.0.0.3422
19_FileName=D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
19_FileSize=233472
19_FileDate=2006-8-29 12:07:21
19_FileVersion=18.0.1.35
20_FileName=D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
20_FileSize=610304
20_FileDate=2006-8-29 12:07:21
20_FileVersion=18.0.1.33
21_FileName=D:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
21_FileSize=90112
21_FileDate=2006-8-27 15:43:25
21_FileVersion=18.0.0.16
22_FileName=C:\PROGRAM FILES\AUTOCAD 2004\ACAD.EXE
22_FileSize=7842464
22_FileDate=2003-2-14 1:30:42
22_FileVersion=22.0.0.86
23_FileName=C:\DOCUME~1\LI\LOCALS~1\TEMP\~E5D141.TMP
23_FileSize=46080
23_FileDate=2006-9-1 8:42:14
23_FileVersion=1.0.0.1
24_FileName=C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\WSCOMMCNTR1.EXE
24_FileSize=193696
24_FileDate=2003-2-14 1:33:28
24_FileVersion=1.0.0.1
25_FileName=C:\WINDOWS\SYSTEM32\CONIME.EXE
25_FileSize=27648
25_FileDate=2004-8-4 8:52:30
25_FileVersion=5.1.2600.2180
26_FileName=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
26_FileSize=93184
26_FileDate=2004-8-4 8:52:32
26_FileVersion=6.0.2900.2180
27_FileName=E:\电脑工具\安装软件\EWIDO3.5\OLDEWIDO.EXE
27_FileSize=528448
27_FileDate=2006-9-1 9:11:36
27_FileVersion=3.5.0.0
28_FileName=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
28_FileSize=93184
28_FileDate=2004-8-4 8:52:32
28_FileVersion=6.0.2900.2180
29_FileName=D:\PROGRAM FILES\SUPER RABBIT\MAGICSET\IEHELP.EXE
29_FileSize=735232
29_FileDate=2006-8-9 0:29:16
29_FileVersion=7.75.0.0
30_FileName=[SYSTEM PROCESS]
31_FileName=C:\WINDOWS\system32\CSRSS.EXE
31_FileSize=6144
31_FileDate=2004-8-4 8:52:30
31_FileVersion=5.1.2600.2180
32_FileName=C:\WINDOWS\system32\ALG.EXE
32_FileSize=44544
32_FileDate=2004-8-4 8:52:30
32_FileVersion=5.1.2600.2180
Max=32

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1      localhost
Max=1

[Service]
1_ServiceName=C-DillaCdaC11BA
1_DisplayName=C-DillaCdaC11BA
1_Description=
1_Status=已启动
1_StartType=自动
1_ServiceDll=
1_ImagePath=C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE

2_ServiceName=DcomLaunch
2_DisplayName=DCOM Server Process Launcher
2_Description=为 DCOM 服务提供加载功能。
2_Status=已启动
2_StartType=自动
2_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

3_ServiceName=HTTPFilter
3_DisplayName=HTTP SSL
3_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用，任何依赖它的服务将无法启动。
3_Status=停止
3_StartType=手动
3_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
3_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

4_ServiceName=NetDDEdsdm
4_DisplayName=Network DDE DSDM
4_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止，DDE 网络共享将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。
4_Status=停止
4_StartType=已禁用
4_ServiceDll=
4_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

5_ServiceName=NVSvc
5_DisplayName=NVIDIA Display Driver Service
5_Description=Provides system and desktop level support to the NVIDIA display driver
5_Status=已启动
5_StartType=自动
5_ServiceDll=
5_ImagePath=C:\WINDOWS\SYSTEM32\NVSVC32.EXE

6_ServiceName=RfwProxySrv
6_DisplayName=Rising Proxy  Service
6_Description=Rising Personal Proxy Service
6_Status=停止
6_StartType=手动
6_ServiceDll=
6_ImagePath=E:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE

7_ServiceName=RfwService
7_DisplayName=Rising Personal Firewall Service
7_Description=Rising Personal Firewall Service
7_Status=已启动
7_StartType=自动
7_ServiceDll=
7_ImagePath=E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE

8_ServiceName=RsCCenter
8_DisplayName=Rising Process Communication Center
8_Description=
8_Status=已启动
8_StartType=自动
8_ServiceDll=
8_ImagePath="D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

9_ServiceName=RsRavMon
9_DisplayName=RsRavMon Service
9_Description=
9_Status=已启动
9_StartType=自动
9_ServiceDll=
9_ImagePath="D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"

10_ServiceName=WmdmPmSN
10_DisplayName=Portable Media Serial Number Service
10_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
10_Status=停止
10_StartType=手动
10_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

11_ServiceName=wscsvc
11_DisplayName=Security Center
11_Description=监视系统安全设置和配置。
11_Status=已启动
11_StartType=自动
11_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
11_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

12_ServiceName=xmlprov
12_DisplayName=Network Provisioning Service
12_Description=为自动网络提供管理基于域的 XML 配置文件。
12_Status=停止
12_StartType=手动
12_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
12_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=12

[END]
Max=1

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

好的
马上就好了!

Logfile of HijackThis v1.99.1
Scan saved at 14:16:10, on 2006-9-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
e:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
E:\Program Files\Rising\Rfw\rfwmain.exe
D:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
D:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\AutoCAD 2004\acad.exe
C:\DOCUME~1\li\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
E:\Program Files\Wom\Womcc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\li\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe