进不了以前的administrator，进的却是个administrator.zhangtong用户！ 
我C盘程序很多很多，除了重装电脑还有什么办法？我没做GHOST，请专家赐教

我用过很多杀毒软件跟木马查杀了，都不行，只要在用户登陆界面输入administrator进行登陆，自然就进入一个administrator.zhangtong的用户里了，而不是进的我以前的administrator用户

我重新建了一个用户，可以正常登陆，但就是解决不了administrator登陆的问题，这个木马在安全模式下进系统的时侯也自动运行，而控制面板的用户里也没这个用户，显示的依然是administrator用户，只要一用administrator一登陆就立即进入另一个administrator.zhangtong的用户模式下

我懂电脑，其他的一些解决办法也想过很多，可惜都不行，除了重装系统还有什么解救办法？

没高手知道吗？

这位大哥，我新建了一个用户，设为administrator权限，进系统后没什么事的，就是不能用administrator登陆（在安全模式下一样）
你所说的删除或修改的意思是什么？谢谢

哦，我懂你意思了，你是说删除这个用户对吧？
不行，根本不是你想的这样简单，删除了之后只要用administrator一登陆马上又有这个用户了，但是在用户列表里没有，只有在Documents and Settings文件夹里才有
厉害吧

这个办法早就试过了，而且在安全模式下也删除过，但只要用administrator一登陆就立马又新建一个，并直接进入
很不简单啊！
有人说是灰鸽子，谁能给个灰鸽子木马专杀吗

谢谢，不过我也没查出来
继续关注中，希望高手能站出来帮帮忙啊，太可怕了
别说瑞星，我知道的知名软件用过很多都没用，真的很厉害啊

请问用什么软件扫描然后把日志发上来？
感谢出差错的帮助，但是还是不行的，只要一用administrator一登陆系统就马上自动生成，哎

该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-02-25  13:06:59
诊断平台: Microsoft Windows 2000  Service Pack 4
IE版本: Internet Explorer V6.0.2800.1106 Build:62800.1106
计算机物理内存:494MB - 当前可用内存:45MB

100 - 未知 - Process: guard.exe [AVG Anti-Spyware guard] -
100 - 未知 - Process: GDStartDc.exe [] - C:\WINNT\system32\GDStartDc.exe
100 - 未知 - Process: Foxmail.exe [Internet Mail Client] - D:\Foxmail\Foxmail.exe
100 - 未知 - Process: RegCertTool.exe [RegCertTool MFC Application] - C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
O4 - 未知 - HKLM\..\Run: [j2 4.2] [eFax Messenger - DLL Command Utility] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O16 - 未知 - DPF: 无效的CLSID：_{9E265649-6E0E-4EEA-9F49-DAE0801440CF} (_{9E265649-6E0E-4EEA-9F49-DAE0801440CF}) - http://192.168.1.33/WebDiginet.CAB
O16 - 未知 - DPF: 无效的CLSID：_{F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6A3} (_{F3E92562-1B4D-4BFA-B2D4-E9BCABE3B6A3}) - https://ebanks.spdb.com.cn/ent/gb/js/iesign.ocx
O16 - 未知 - DPF: 无效的CLSID：{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} ({1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - 未知 - DPF: {26BCA338-BB94-4E8F-A082-3E5735875B79} (CMBSafeHelper) - https://www.sz1.cmbchina.com/download/CMBGUARD.cab
O16 - 未知 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - 未知 - DPF: {CA828031-4325-11D4-BDB2-00105A776E78} (SMI MapView Control) - http://www.fangdi.com.cn/gisnew/smiwmap.cab
O23 - 未知 - Service: WinkldUP [WinkldUP] -  - (not running)
O23 - 未知 - Service: WintUPp [WintUPp] -  - (not running)

=======================================

100 - 安全 - Process: smss.exe [该进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINNT\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=ba
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINNT\system32\winlogon.exe
100 - 安全 - Process: SERVICES.EXE [用于管理windows服务系统进程。] - C:\WINNT\system32\services.exe
100 - 安全 - Process: LSASS.EXE [本地安全权限服务控制windows安全机制。] - C:\WINNT\system32\lsass.exe
100 - 安全 - Process: scardsvr.exe [对插入在计算机智能卡阅读器中的智能卡进行管理和访问控制。] - C:\WINNT\System32\SCardSvr.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost -k rpcss
100 - 安全 - Process: EvtEng.exe [英特尔公司出品的相关产品。] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
100 - 安全 - Process: S24EvMon.exe [无线网卡相关驱动程序，用于事件监控。] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
100 - 安全 - Process: WLKEEPER.exe [英特尔公司产品的无线局域网相关程序。] - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINNT\system32\spoolsv.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k netsvcs
100 - 安全 - Process: RegSrvc.exe [intel公司出品的安置在网卡驱动程序(intel proset)旁，用以通信服务。] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
100 - 安全 - Process: regsvc.exe [远程注册表服务用于访问在远程计算机的注册表。] - C:\WINNT\system32\regsvc.exe
100 - 安全 - Process: mstask.exe [windows计划任务用于设定继承在什么时间或者什么日期备份或者运行。] - C:\WINNT\system32\MSTask.exe
100 - 安全 - Process: stisvc.exe [still image service用于控制扫描仪和数码相机连接在windows。] - C:\WINNT\system32\stisvc.exe
100 - 安全 - Process: winmgmt.exe [windows management service透过windows management instrumentation data (wmi)技术处理来自应用客户端的请求。] - C:\WINNT\System32\WBEM\WinMgmt.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k wugroup
100 - 安全 - Process: 1XConfig.exe [英特尔公司出品的相关无线接入程序。] - C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -Embedding
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINNT\Explorer.EXE
100 - 安全 - Process: iTunesHelper.exe [苹果公司出品的音乐播放器相关程序。] - C:\Program Files\iTunes\iTunesHelper.exe
100 - 安全 - Process: SynTPEnh.exe [美国新思公司出版的触摸板驱动程序的一部分。] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
100 - 安全 - Process: SynTPLpr.exe [触摸板相关程序。] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
100 - 安全 - Process: SafeSignCertReg.exe [一款数字证书驱动程序。] - C:\WINNT\system32\SafeSignCertReg.exe
100 - 安全 - Process: iPodService.exe [apple公司出品的itunes点对点文件下载工具。] - C:\Program Files\iPod\bin\iPodService.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: avgas.exe [一款杀毒软件AVG的相关程序。] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
100 - 安全 - Process: internat.exe [输入控制图标用于更改类似国家设置、键盘类型和日期格式。] - C:\WINNT\system32\internat.exe
100 - 安全 - Process: Skype.exe [语音通讯软件相关程序。] - C:\Program Files\Skype\Phone\Skype.exe
100 - 安全 - Process: NTVDM.EXE [windows virtual machine是为了兼容旧的16位windows和dos程序而设置的虚拟机。] - C:\WINNT\system32\ntvdm.exe
100 - 安全 - Process: msnmsgr.exe [msn messenger是一款即时通讯客户端软件。] - C:\Program Files\MSN Messenger\msnmsgr.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: OUTLOOK.EXE [microsoft office办公套件的一部分，outlook用于邮件收发和信息管理。] - C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
100 - 安全 - Process: EXCEL.EXE [microsoft office办公套件的一部分，excel用于表格制作。] - C:\Program Files\Microsoft Office\Office\EXCEL.EXE
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360tray.exe
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htm
O3 - 安全 - Toolbar: (卡卡上网安全助手) - [卡卡安全助手工具条软件相关程序。] - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - 安全 - HKLM\..\Run: [Synchronization Manager] [资料同步管理器] mobsync.exe /logon
O4 - 安全 - HKLM\..\Run: [iTunesHelper] [apple itunes助手。] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - 安全 - HKLM\..\Run: [SynTPEnh] [新思手写板，多用于各种笔记本触摸板驱动程序设置] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 安全 - HKLM\..\Run: [SynTPLpr] [新思手写板，多用于各种笔记本触摸板驱动程序设置] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 安全 - HKLM\..\Run: [CertificateRegistration] [一款数字证书驱动程序。] SafeSignCertReg.exe
O4 - 安全 - HKLM\..\Run: [igfxtray] [是Intel显卡配置和诊断程序，会同Intel 810芯片组的集成显卡安装。] C:\WINNT\system32\igfxtray.exe
O4 - 安全 - HKLM\..\Run: [NeroFilterCheck] [nero cd/dvd刻录软件。] C:\WINNT\system32\NeroCheck.exe
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 安全 - HKLM\..\Run: [QuickTime Task] [quicktime：媒体播放器。] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 安全 - HKLM\..\Run: [HDCSP RegCertTool] [中国农业银行网上银行证书工具软件。] C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
O4 - 安全 - HKLM\..\Run: [kav] [卡巴斯基杀毒软件相关程序。] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 安全 - HKLM\..\Run: [!AVG Anti-Spyware] [一款杀毒软件AVG的相关启动程序。] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe
O4 - 安全 - HKCU\..\Run: [Internat.exe] [输入法在任务栏里的图标] internat.exe

O4 - 安全 - HKCU\..\Run: [msnmsgr] [微软msn即时通讯工具] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - 安全 - Startup folder: [Adobe Reader Speed Launch.lnk] [adobe公司出品的pdf处理软件的相关程序。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk
O4 - 安全 - Startup folder: [Microsoft Office.lnk] [是offfice的一个快捷方式。 ] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - 安全 - DPF: 无效的CLSID：_{D1056C7C-E30B-4234-9A4B-7E1038B167A7} (中国工商银行个人银行) - http://www.itrus.com.cn/RootCert.cab
O16 - 安全 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (招商银行个人版) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - 安全 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN照片上传插件) - http://lucycc.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - 安全 - DPF: {5467862B-C477-437F-886E-EC5006B37DCA} (民生银行) - https://ebank.cmbc.com.cn/PwdEdit.cab
O16 - 安全 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Windows升级工具V5) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121682241869
O16 - 安全 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Windows升级工具V4) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38551.1274421296
O16 - 安全 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MSN Messenger Setup Downloader) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - 安全 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (招商银行专业版) - http://www4.cmbchina.com/download/pb45.cab
O23 - 安全 - Service: AVG Anti-Spyware Guard [一款杀毒软件AVG的相关服务。] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - (running)
O23 - 安全 - Service: AVP [卡巴斯基杀毒软件相关程序。] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r - (running)
O23 - 安全 - Service: EvtEng [EvtEng相关模块，用于支持Intel无线网络连接硬件。] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - (running)
O23 - 安全 - Service: Fax [微软Microsoft传真服务相关程序，该服务允许用户创建和发送传真到微软Office组件中。] - C:\WINNT\system32\faxsvc.exe - (not running)
O23 - 安全 - Service: iPodService [是Apple的iTunes软件P2P点对点下载工具相关服务。] - C:\Program Files\iPod\bin\iPodService.exe - (running)
O23 - 安全 - Service: RegSrvc [Intel网络通讯软件相关程序。 ] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - (running)
O23 - 安全 - Service: S24EventMonitor [无线网卡配置和诊断程序。] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - (running)
O23 - 安全 - Service: WLANKEEPER [英特尔无线网络安装文件。] - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe - (running)

=======================================

O40 - winlogon.exe - Kaspersky Lab - C:\WINNT\system32\klogon.dll - Logon Visualizer - 7072750eb5c0f0cd54b48f972855ca61
O40 - winlogon.exe - A.E.T. Europe B.V. - C:\WINNT\system32\aetcsss1.dll - CSP Library - 479a1f2d9b021f9ad27c0bd1ce7d518c
O40 - winlogon.exe - A.E.T. Europe B.V. - C:\WINNT\system32\aetdlss1.dll - aetdlss1 - 9eddddd9b349b8ab43db4523477d73fc
O40 - winlogon.exe - A.E.T. Europe B.V. - C:\WINNT\system32\aetpkss1.dll - PKCS #11 Cryptoki Library - 743ab20e60d51b606eb2fa1fbd021503
O40 - Explorer.EXE - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - AVG Anti-Spyware shellexecutehook - 4c7f099b3ffde9805ae290de3e593397
O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - PDF Shell Extension - 4b0991cd076b617a2231b19a6663c1c9

=======================================

O41 - AegisP - IEEE 802.1X Protocol Driver - C:\WINNT\system32\drivers\AegisP.sys - (running) - IEEE 802.1X Protocol Driver - Meetinghouse Data Communications - 18e0e08f3490eb8760a6b24f85a66c17
O41 - AVG Anti-Spyware Driver - AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - (running) -  -  - 7d78b7fd0ebe00f177b053a08c78e35b
O41 - AvgAsCln - AVG7 Clean Driver - C:\WINNT\system32\drivers\AvgAsCln.sys - (running) - AVG7 Clean Driver - GRISOFT, s.r.o. - 6d4a1da6e6d522b3ebbcbff4a3589ec5
O41 - ft2kEnum - ic2k Bus Enumerator - C:\WINNT\system32\drivers\ic2kenum.sys - (running) - ic2k Bus Enumerator - OEM Corporation - e1c3179a468e0d1b70f631b3875f65e0
O41 - GDBaseSmc - This is used by SRC 2000 Readers - C:\WINNT\system32\drivers\smccardb.sys - (running) - This is used by SRC 2000 Readers - OEM - a80f361637a7353594d2f0ec789ced94
O41 - hzlnqflw - hzlnqflw - C:\WINNT\system32\drivers\hzlnqflw.sys - (running) -  - Yahoo! China Corporation - d1737784be4bbc6d7feddca802532b27
O41 - kl1 - Kaspersky Unified Driver - C:\WINNT\system32\drivers\kl1.sys - (running) - Kaspersky Unified Driver - Kaspersky Lab - 5445b03cd42dedf5f85b9daf712fdd09
O41 - klif - spuper-ptor - C:\WINNT\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 92210989cc1d06f997b9628d8e4b1819
O41 - OMCI - OMCI Device Driver - C:\WINNT\system32\drivers\omci.sys - (running) - OMCI Device Driver - Dell Computer Corporation - cec7e2c6c1fa00c7ab2f5434f848ae51
O41 - PxHelp20 - Px Engine Device Driver for Windows 2000/XP - C:\WINNT\system32\drivers\pxhelp20.sys - (running) - Px Engine Device Driver for Windows 2000/XP - Sonic Solutions - 86724469cd077901706854974cd13c3e
O41 - Reader_Device - This is used by SRC 2000 Readers - C:\WINNT\system32\drivers\usbic2k.sys - (running) - This is used by SRC 2000 Readers - OEM - f1db6361875fb71769877c4925de59a5
O41 - s24trans - Intel WLAN Packet Driver - C:\WINNT\system32\drivers\s24trans.sys - (running) - Intel WLAN Packet Driver - Intel Corporation - 9c40cb317400f2cf643b8706147dd06d
O41 - WINIO - WINIO - C:\WINNT\system32\sbmc32.sys - (running) -  -  - 7e5a7cf19504af7ddaf4fa36261940d1
O41 - CIDCUSB - CIDC CTL and Interrupt USB Reader Driver - C:\WINNT\system32\drivers\CIDCUSB.sys - (not running) - CIDC CTL and Interrupt USB Reader Driver - CIDC. - 5373eb550f6be55d7ecdb9811f12bd64
O41 - GD_USB - USB Smart Card Driver - C:\WINNT\system32\drivers\usbtoken.sys - (not running) - USB Smart Card Driver -  - acef038cda883bc4b7c16652f3d08881
O41 - giveio - giveio - C:\WINNT\system32\giveio.sys - (not running) -  -  - 77ebf3e9386daa51551af429052d88d0
O41 - HookCont - HookCont - c:\program files\rising\ras\HookCont.sys - (not running) -  -  -
O41 - token - USB Smart Card Driver - C:\WINNT\system32\drivers\eps2kt1.sys - (not running) - USB Smart Card Driver -  - eb9a251b4bef856cfac930f5db4063fc
O41 - TSP - spuper-ptor - C:\WINNT\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - 92210989cc1d06f997b9628d8e4b1819
O41 - ZSMC301b - Video streaming and Capture Device Driver - C:\WINNT\system32\drivers\usbVM31b.sys - (not running) - Video streaming and Capture Device Driver - VM - 698ecd717ffa57ffe0b20d07ba4bd8e3

=======================================
360Safe.exe=3.1.0.1003
AntiAdwa.dll=2.2.5.1000
AntiEng.dll=3.0.2.2000
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：

----------修复IE浏览器操作历史----------

2007-02-25 13:06
R0 - 危险 - IE自定义搜索引擎 - HKLM\Software\Microsoft\Internet Explorer\Search
R0 - 危险 - IE备用搜索引擎 - HKLM\Software\Microsoft\Internet Explorer\Search
R0 - 危险 - IE使用的代理服务器 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Synaptics, Inc.]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <igfxtray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <NeroFilterCheck><C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <j2 4.2><"C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R>  [j2 Global Communications, Inc.]
    <HDCSP RegCertTool><C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe>  [CIDC]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[EvtEng / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService][Running/Manual Start]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[WinkldUP / WinkldUP][Stopped/Auto Start]
  <><N/A>
[WintUPp / WintUPp][Stopped/Auto Start]
  <><N/A>
[WLANKEEPER / WLANKEEPER][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbe5][Running/Manual Start]
  <system32\DRIVERS\bcm4sbe5.sys><Broadcom Corporation>
[中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start]
  <System32\Drivers\CIDCUSB.sys><CIDC.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dmio.sys><VERITAS Software Corp.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\usbtoken.sys><N/A>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[GEMPC430 / GEMPC430][Stopped/Manual Start]
  <System32\Drivers\gemusb.sys><Gemplus>
[giveio / giveio][Stopped/Manual Start]
  <\??\C:\WINNT\system32\giveio.sys><N/A>
[HookCont / HookCont][Stopped/Manual Start]
  <\??\c:\program files\rising\ras\HookCont.sys><N/A>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[hzlnqflw / hzlnqflw][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hzlnqflw.sys><Yahoo! China Corporation>
[i81x / i81x][Stopped/Manual Start]
  <system32\DRIVERS\i81xnt5.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Wireless Connection Agent Miniport for Win 2K / IWCA2K][Running/Manual Start]
  <system32\DRIVERS\iwca2k.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[OMCI / OMCI][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[WLAN 传输 / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\stac97.sys><SigmaTel, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm / tifm][Running/Manual Start]
  <system32\drivers\tifm.sys><Texas Instruments>
[usb token Device Driver / token][Stopped/Manual Start]
  <system32\DRIVERS\eps2kt1.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[用于 Windows 2000 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n50][Running/Manual Start]
  <system32\DRIVERS\w29n50.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[WINIO / WINIO][Running/System Start]
  <\??\C:\WINNT\system32\sbmc32.sys><N/A>
[iVasion PoET Adapter / WRSWanDD][Stopped/Manual Start]
  <system32\DRIVERS\WrKPoETNic2000.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[104710 / 104710][Running/]
  <2 - 系统找不到指定的文件。
><N/A>