感觉机器好象中了毒,看了下winnt和system32里面有些个从没见过的文件,进程没看出有蛮大问题,只是系统服务中多出了几个没见过的服务,这些服务没有象正常系统服务的进程说明.
  服务名称:6988d592 ,kusn33sd ,webprint ,tcupdt ,indexing service ,局域网通信协议.
  执行这些协议的文件都是新创建的.
  谁帮我看看这是些什么病毒啊!
                都是缘份啊,谢谢了!!!!!!

还有就是用瑞星全盘扫描什么都没有报

System Repair Engineer下载链接（597KB）：
本地下载1：http://download.kztechs.com/files/sreng2.zip
本地下载2：http://www.kztechs.com/sreng/sreng2.zip
镜像下载（华军软件园）：http://www.newhua.com/soft/25562.htm
System Repair Engineer插件下载页面：
http://www.kztechs.com/sreng/plugins.html

扫描个日志看看

启动文件夹
N/A

==================================
服务
[338D9AFC / 338D9AFC][Stopped/Disabled]
  <C:\WINNT\system32\F3BA8FA3.EXE -p><Microsoft Corporation>
[6988D592 / 6988D592][Stopped/Disabled]
  <C:\WINNT\system32\6988D592.EXE -g><Microsoft Corporation>
[Volume Optimization / AtHome][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\tyqqz.dll><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[kusn33sd / kusn33sd][Stopped/Disabled]
  <C:\WINNT\system32\kusn33sd.exe -j><Microsoft Corporation>
[LexBce Server / LexBceS][Running/Auto Start]
  <C:\WINNT\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows InstallService / Removable Storage][Stopped/Auto Start]
  <C:\WINNT\system32\serveter.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[tcUpdt / tcUpdt][Running/Auto Start]
  <C:\PROGRA~1\tcclient\TCUpdt.exe -R><N/A>
[WebPrint / WebPrint][Stopped/Auto Start]
  <c:\winnt\system32\webprint.exe><Microsoft Corporation>
[DNS Cache / WIDETS][Running/Auto Start]
  <C:\WINNT\SYSTEM32\RUNDLLFOROUR.EXE C:\WINNT\SYSTEM32\WBEM\HMMDZ.DLL,DllRegisterServer 1087><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[ApplicationLaye / WindowsDown][Stopped/Auto Start]
  <C:\WINNT\system32\servet.exe><N/A>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\RAVWM.EXE><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

驱动程序
[0ssx / 0ssx][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\0ssx.sys><N/A>
[3cwzscntu / 3cwzscntu][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\3cwzscntu.sys><N/A>
[3pb69 / 3pb69][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\3pb69.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\acpidisk.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[aoikek2 / aoikek23][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aoikek23.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ci7v5x / ci7v5x][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\ci7v5x.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cmzjme4 / cmzjme41][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmzjme41.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[dwder / dwder][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\dwder.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[fg4q46s / fg4q46s5][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fg4q46s5.sys><N/A>
[fk4bu92 / fk4bu92][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\fk4bu92.sys><N/A>
[ggrdmh3 / ggrdmh37][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ggrdmh37.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[msqmx / msqmx][Running/Boot Start]
  <\SystemRoot\system32\drivers\msqmx.sys><N/A>
[mywlyb3 / mywlyb30][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mywlyb30.sys><Microsoft Corporation>
[owjtyq99 / owjtyq99][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\owjtyq99.sys><>
[pmkygo0 / pmkygo06][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pmkygo06.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[roxizk1 / roxizk11][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\roxizk11.sys><N/A>
[rqteml8 / rqteml86][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rqteml86.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[t79yr3k / t79yr3k][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\t79yr3k.sys><N/A>
[uinexj9 / uinexj95][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uinexj95.sys><N/A>
[uppfsf6 / uppfsf64][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uppfsf64.sys><N/A>
[uqfsnj24 / uqfsnj24][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\uqfsnj24.sys><>
[uzlam / uzlam][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\uzlam.sys><N/A>
[vcmzcr5 / vcmzcr59][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vcmzcr59.sys><N/A>
[wawxi / wawxi][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\wawxi.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yifkqh5 / yifkqh55][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\yifkqh55.sys><N/A>
[yxhfjt3 / yxhfjt37][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yxhfjt37.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

浏览器加载项
[BrowserHook Class]
  {40BC4903-B9E3-4EED-9E84-80D14DF603EC} <C:\PROGRA~1\tcclient\TCClient.dll, >
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[BDHlprObj Class]
  {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINNT\DOWNLO~1\BDHelper.dll, >
[TBSB04805 Class]
  {FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\Program Files\工具栏(T)\sobar.dll, >
[工具栏(T)]
  {42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\sobar.dll, >
[中文上网]
  {B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[工具栏(T)]
  {42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\sobar.dll, >
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINNT\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\system32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\system32\winlib .dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\LYMANGR.DLL]  [N/A, ]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
    [C:\WINNT\system32\RAVWL616.dll]  [N/A, ]
    [C:\WINNT\system32\RAVWM617.dll]  [N/A, ]
[PID: 1848][C:\WINNT\Explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\WINNT\system32\viy2v.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINNT\system32\vbjs.dll]  [, 1.1.1.296]
    [C:\WINNT\system32\Ravasktao.dll]  [N/A, ]
    [C:\WINNT\system32\dh2104.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\upxdnd.dll]  [N/A, ]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\tcclient\TCClient.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINNT\DOWNLO~1\BDHelper.dll]  [, 1, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\powercfg.cpl]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\igfxcpl.cpl]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\ALSNDMGR.CPL]  [Realtek Semiconductor Corp., 2.2.10]
[PID: 1964][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 2052][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.14]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 2028][C:\WINNT\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1918]
[PID: 2080][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]

[C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINNT\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
[PID: 2164][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\Rising\Rav\BDEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\BDEX.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\BDLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 1856][C:\Program Files\OCINS\idnsvr.exe]  [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 2232][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 1808][C:\Program Files\Netsoft\质检'2000\ts2000.exe]  [网软实业有限公司, 2.0.0.98]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\mapi32.dll]  [Microsoft Corporation, 1.0.2536.0]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\BDE\SQLMSS32.DLL]  [N/A, ]
    [C:\WINNT\system32\NTWDBLIB.DLL]  [Microsoft Corporation, 1998.11.13]
    [C:\WINNT\system32\upxdnd.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [C:\WINNT\system32\DBNMPNTW.DLL]  [Microsoft Corporation, 1999.10.20]
[PID: 2868][C:\Program Files\Rising\Rav\CopyRun\RavUpgrd.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\CopyRun\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\CopyRun\Update.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 4056][G:\系统扫描\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windds32.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\DOCUME~1\HNZJA0~1.HNZ\LOCALS~1\Temp\~tmp7189.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\WINNT\system32\upxdnd.dll]  [N/A, ]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\打开(&O)\command=setup.exe
[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe

HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net
127.0.0.1      cool.47555.com127.0.0.1      www.88889999.info
127.0.0.1      xz.88889999.info

==================================
API HOOK
N/A

==================================
隐藏进程
    [1024] c:\winnt\system32\webpnt.exe