[PID: 892 / new][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 1, 0, 0, 24]
[PID: 956 / new][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard, 2, 0, 37, 0]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 1452 / new][C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll]  [N/A, ]
    [C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll]  [N/A, ]
    [C:\WINDOWS\system32\jst.dll]  [N/A, ]
    [C:\WINDOWS\system32\d4channel.dll]  [Hewlett-Packard, 02.07.50]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 7, 0, 5, 0]
[PID: 1984 / new][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\CSMPYIme.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSConvert.dll]  [北京中文之星数码科技有限公司, 3, 0, 0, 0]
    [C:\WINDOWS\system32\CSMPYEng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPinyin.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMConfig.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 5, 9, 1111]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 1996 / new][C:\progra~1\yahoo!\assistant\yassistse.exe]  [Yahoo! China, 3, 0, 7, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\progra~1\yahoo!\assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 1, 9, 1027]
    [C:\progra~1\yahoo!\assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [C:\progra~1\yahoo!\assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 3, 1004]
    [C:\progra~1\yahoo!\assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
[PID: 2008 / new][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 2016 / new][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 2040 / new][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\CSMPYIme.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSConvert.dll]  [北京中文之星数码科技有限公司, 3, 0, 0, 0]
    [C:\WINDOWS\system32\CSMPYEng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPinyin.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMConfig.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]

[PID: 116 / new][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 1364 / new][C:\Progra~1\Eset\1explore.exe]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 200 / new][C:\DOCUME~1\new\LOCALS~1\Temp\byetmr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\DOCUME~1\new\LOCALS~1\Temp\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\new\LOCALS~1\Temp\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\new\LOCALS~1\Temp\NPPTools.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 288 / new][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\upnpsvc.exe]  [Microsoft Corporatio, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [, ]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
[PID: 1444 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\xnpn\hxzx.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\xnpn\mcec.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\xnpn\dtvt.dll]  [, 5, 0, 0, 2]
[PID: 1456 / SYSTEM][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\rege\vlnl.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\hpgwiamd.dll]  [Hewlett-Packard, 3.2.2.553]
    [C:\WINDOWS\system32\hpptpml.dll]  [Hewlett-Packard, 1.0.0.1]
[PID: 664 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2108 / SYSTEM][C:\WINDOWS\system32\mstsc.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\CSMPYIme.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSConvert.dll]  [北京中文之星数码科技有限公司, 3, 0, 0, 0]
    [C:\WINDOWS\system32\CSMPYEng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPinyin.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMConfig.dll]  [, 1, 0, 0, 1]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]
[PID: 2240 / SYSTEM][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1744 / new][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.5]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPYIme.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSConvert.dll]  [北京中文之星数码科技有限公司, 3, 0, 0, 0]
    [C:\WINDOWS\system32\CSMPYEng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPinyin.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMConfig.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\new\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
[PID: 2280 / new][C:\Documents and Settings\new\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 4]
    [c:\progra~1\xnpn\kaca.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\xnpn\pfhf.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\CSMPYIII.IME]  [中文之星, 6, 6, 6, 1]
    [C:\WINDOWS\system32\CSMPYIme.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSConvert.dll]  [北京中文之星数码科技有限公司, 3, 0, 0, 0]
    [C:\WINDOWS\system32\CSMPYEng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMPinyin.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSMConfig.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\new\LOCALS~1\Temp\ztso0.dll]  [N/A, ]


==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe


==================================
HOSTS 文件
127.0.0.1      localhost


==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 168, C:\WINDOWS\SYSTEM32\CSMCONTEXT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 656, C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 892, C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER\ORDERREMINDER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 956, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1452, C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX\JRE\BIN\JAVAW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2008, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2016, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2040, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1364, C:\PROGRA~1\ESET\1EXPLORE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 200, C:\DOCUME~1\NEW\LOCALS~1\TEMP\BYETMR.EXE]


==================================
API HOOK
N/A

==================================
隐藏进程
N/A

[/CODE]

各位达人帮忙了……

我顶一下,我不是高手,不能帮上你

等高手吃完饭。。。。。。

高手们。。。  求助啊

<wosa><C:\DOCUME~1\new\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\new\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\new\LOCALS~1\Temp\mhso.exe> []
<qjsa><C:\DOCUME~1\new\LOCALS~1\Temp\qjso.exe> []
<tlsa><C:\DOCUME~1\new\LOCALS~1\Temp\tlso.exe> []
<wdsa><C:\DOCUME~1\new\LOCALS~1\Temp\wdso.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<wmsa><C:\DOCUME~1\new\LOCALS~1\Temp\wmso.exe> []
<wlsa><C:\DOCUME~1\new\LOCALS~1\Temp\wlso.exe> []
<fysa><C:\DOCUME~1\new\LOCALS~1\Temp\fyso.exe> [N/A]
<wgsa><C:\DOCUME~1\new\LOCALS~1\Temp\wgso.exe> []
<rxsa><C:\DOCUME~1\new\LOCALS~1\Temp\rxso.exe> []
<jtsa><C:\DOCUME~1\new\LOCALS~1\Temp\jtso.exe> [N/A]
呼啦啦……一大片……

有很多插入进程的dll文件，眼睛都看花了！麻烦！

先清理下面的试一下吧
启动项目
<ravshell><C:\Progra~1\Eset\1explore.exe> []
<svc><C:\DOCUME~1\new\LOCALS~1\Temp\byetmr.exe> [Microsoft Corporation]
<wosa><C:\DOCUME~1\new\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\new\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\new\LOCALS~1\Temp\mhso.exe> []
<qjsa><C:\DOCUME~1\new\LOCALS~1\Temp\qjso.exe> []
<tlsa><C:\DOCUME~1\new\LOCALS~1\Temp\tlso.exe> []
<wdsa><C:\DOCUME~1\new\LOCALS~1\Temp\wdso.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<wmsa><C:\DOCUME~1\new\LOCALS~1\Temp\wmso.exe> []
<wlsa><C:\DOCUME~1\new\LOCALS~1\Temp\wlso.exe> []
<fysa><C:\DOCUME~1\new\LOCALS~1\Temp\fyso.exe> [N/A]
<wgsa><C:\DOCUME~1\new\LOCALS~1\Temp\wgso.exe> []
<rxsa><C:\DOCUME~1\new\LOCALS~1\Temp\rxso.exe> []
<jtsa><C:\DOCUME~1\new\LOCALS~1\Temp\jtso.exe> [N/A]
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<dasa><C:\DOCUME~1\new\LOCALS~1\Temp\daso.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<visin><C:\WINDOWS\system32\visin.exe> [Microsoft Corporation]
服务
[Windows csus RunThem / csus][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\xnpn\hxzx.dll>< >
[Navoct / Navoct][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Windows Ins / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS\system32\servet.exe><N/A>
找到并删除以上文件

不要双击打开硬盘，可以用WinRAR或IceSword浏览删除E盘的
Autorun.inf
SysAuto.exe