最近老跳出这样的提示:
        下面程序企图利用IE自动执行:12.exe
            文件路径:e:\windows\system32
拒绝执行后就在上面的目录里安装了12.exe这个文件,然后又出现提示,从1.exe---14.exe

扫描报告如下：
[CODE]

2007-08-24,10:53:39

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><E:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <swg><E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <Super Rabbit IEPro><E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><E:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ATIPTA><"E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <StormCodec_Helper><"E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <KVP><E:\WINDOWS\System32\drivers\svchost.exe>  [N/A]
    <WinSys><E:\WINDOWS\IG.exe>  []
    <TIMHost><E:\WINDOWS\TIMHost.exe>  [N/A]
    <ravwdmon><E:\Program Files\Internet Explorer\ravwdmon.exe>  []
    <ravzxmon><E:\Program Files\NetMeeting\ravzxmon.exe>  []
    <runeip><"E:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]
    <Flags><8
>  [N/A]
    <Title><Windows Update>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><E:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><wsepri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1231A43A-1642-641A-64FD-146ADAB223B1}><E:\WINDOWS\System32\mxaman.dll>  []
    <{7A65498A-7653-9801-1647-987114AB7F47}><E:\WINDOWS\System32\zxgpri.dll>  []
    <{42311A42-AC1B-158F-FD32-5674345F23A4}><>  [N/A]
    <{4F12545B-1212-1314-5679-4512ACEF8904}><>  [N/A]
    <{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><>  [N/A]
    <{625AB2F3-234A-7469-2F43-E341713ABFA6}><>  [N/A]
    <{5562452F-FA36-BA4F-892A-FF5FBBAC5315}><>  [N/A]
    <{3182C1EB-375C-573D-1F5E-234552345213}><>  [N/A]
    <{759AFD5B-159F-ACD8-954C-ACD545FA6587}><>  [N/A]
    <{5FFAB213-ABCF-F421-FBA1-3FA352343215}><E:\WINDOWS\System32\wsepri.dll>  []
    <{0EA66AD2-CF26-2E23-532B-B292E22F3266}><E:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll>  []
    <{EE12D60D-AD9A-4095-B839-3BE6862679FD}><>  [N/A]
    <{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><>  [N/A]
    <{C5E87A05-F463-4841-B19E-DD3EC3862368}><>  [N/A]
    <{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys>  []
    <{A12BC423-3713-224D-3F55-32B35C62B11A}><E:\WINDOWS\System32\WinFormA5.dll>  []
    <{D1351752-5628-1547-FFAB-BADC13512AFD}><E:\WINDOWS\System32\ztmpri.dll>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><E:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <E:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> E:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <E:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <E:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <E:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <E:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>

==================================
浏览器加载项
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll, BitComet>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <e:\program files\google\googletoolbar1.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <e:\program files\google\googletoolbar1.dll, Google Inc.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <E:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[SMI MapView Control]
  {CA828031-4325-11D4-BDB2-00105A776E78} <E:\WINDOWS\Downloaded Program Files\SMIWMap.dll, 上海市测绘院基础地理信息中心, Shanghai Municipal Instatute of Surveying & Mapping,毕俊, 021-6254955>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <E:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <E:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用BitComet下载]
  <res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用快车(FlashGet)下载]
  <E:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <E:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 468 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540 / SYSTEM][\??\E:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][\??\E:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4119]
    [E:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 616 / SYSTEM][E:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 628 / SYSTEM][E:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
[PID: 784 / SYSTEM][E:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [E:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
[PID: 816 / SYSTEM][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
[PID: 896 / SYSTEM][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
[PID: 1012 / NETWORK SERVICE][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
[PID: 1084 / LOCAL SERVICE][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
[PID: 1420 / SYSTEM][E:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
[PID: 1512 / SYSTEM][E:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [E:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
[PID: 1668 / wx][E:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4119]
    [E:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 1716 / LOCAL SERVICE][E:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
[PID: 1768 / wx][E:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [E:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 396 / wx][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
[PID: 2108 / wx][E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5166]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5166]
    [E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5166]
    [E:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5166]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]

[PID: 2196 / wx][E:\WINDOWS\IG.exe]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 2268 / wx][E:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 2296 / wx][E:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2316 / wx][E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
    [E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll]  [Google Inc., 2, 0, 301, 7164]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll]  [Google Inc., 2, 0, 301, 7164]
    [E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 2324 / wx][E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.90.0001]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
    [E:\WINDOWS\System32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 3392 / wx][E:\dzh\internet\hypwise.exe]  [大智慧, 1, 0, 0, 1]
    [E:\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 2912 / SYSTEM][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
[PID: 2100 / wx][E:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [e:\program files\google\googletoolbar1.dll]  [Google Inc., 4, 0, 1601, 3576]
    [E:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [E:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll]  [BitComet, 20070614]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [E:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [E:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1740 / wx][E:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [E:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
[PID: 3908 / wx][E:\DOCUME~1\wx\LOCALS~1\Temp\Rar$EX00.985\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [E:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\ravwdmon.dat]  [N/A, ]
    [E:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [E:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [E:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\WINDOWS\system32\mxaman.dll]  [N/A, ]
    [E:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [E:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [E:\DOCUME~1\wx\LOCALS~1\Temp\Rar$EX00.985\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["E:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[D:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[E:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[F:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 568, E:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2108, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2196, E:\WINDOWS\IG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2268, E:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2324, E:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRIECLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3392, E:\DZH\INTERNET\HYPWISE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1740, E:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

图不清楚，再发个