2007-04-18,16:57:38

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[IO Control]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IO Control.lnk --> C:\PROGRA~1\Agilent\IOLIBR~1\bin\iprocsvr.exe [Agilent Technologies]><N>

==================================
服务
[AQtime Service / AQtime Service]
  <C:\Program Files\Automated QA\AQtime 4\Bin\DebuggerService.exe><AutomatedQA Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[OfficeScanNT 实时扫描 / ntrtscan]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[OfficeScanNT 侦听程序 / tmlisten]
  <C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>

==================================
驱动程序
[ADS711S / ADS711S]
  <\??\C:\WINNT\system32\drivers\ADS711S.SYS><N/A>
[aqIPD / aqIPD]
  <\??\C:\WINNT\system32\drivers\aqIPD.sys><N/A>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[DarkSpy / DarkSpy]
  <\??\C:\WINNT\system32\DarkSpyKernel.sys><N/A>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ghhcgdgb / ghhcgdgb]
  <\??\C:\WINNT\system32\drivers\ghhcgdgb.sys><N/A>
[GPIB Board Class Driver / gpibclsb]
  <\SystemRoot\System32\Drivers\gpibclsb.sys><N/A>
[GPIB Device Class Driver / gpibclsd]
  <\SystemRoot\System32\Drivers\gpibclsd.sys><N/A>
[GPIB Port Driver (PCI-GPIB) / gpibpci]
  <system32\DRIVERS\gpibpci.sys><N/A>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NewTry PCI  port enumerator / npmf]
  <system32\DRIVERS\npmf.sys><N/A>
[NewTry PCI PR serial port driver / npser]
  <system32\DRIVERS\npser.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139]
  <system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Prolific Serial port driver / Ser2pl]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[Trend Micro Filter / TmFilter]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmFilter.sys><Trend Micro Inc.>
[Trend Micro VSAPI NT / VSApiNt]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINNT\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
  {08D75BB0-D2B5-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanSetupINI.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
  {08D75BC1-D2B5-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanSetup.dll, Trend Micro Inc.>
[Encrypt Class]
  {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
  {5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINNT\system32\fmrsslink.dll/201, N/A>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 184][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 232][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 404][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 448][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 496][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\ZLhp1018.DLL]  [Zenographics, Inc., 5, 53, 3726, 0]
    [C:\WINNT\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINNT\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINNT\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINNT\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.60.709.0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 60, 2629, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 6, 1, 524, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 6, 1, 520, 1]
[PID: 620][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 6.5.0.1106]
[PID: 684][C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll]  [Trend Micro Inc., 1.31.0.1708]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll]  [Trend Micro Inc., 1.2.0.1020]
[PID: 708][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 724][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 764][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll]  [Trend Micro Inc., 6.5.0.1303]

[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll]  [Trend Micro Inc., 1,81,0,1043]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 6.5.0.1106]
[PID: 916][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 968][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1088][C:\WINNT\TEMP\PPF2D9.EXE]  [N/A, N/A]
[PID: 1416][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
[PID: 1428][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 6.5.0.1303]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, N/A]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 6.5.0.1106]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
[PID: 1444][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 1, 1, 29]
[PID: 1460][C:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 1, 0, 1, 1004]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 3001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 5, 1000]
[PID: 1468][C:\WINNT\system32\Internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1508][C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe]  [Agilent Technologies, L.02.01.00]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
[PID: 1536][C:\Program Files\Agilent\IO Libraries\bin\iproc82357.exe]  [Agilent Technologies, L.02.01.00]
    [C:\WINNT\system32\SICL32.dll]  [Agilent Technologies, L.02.01.00]
    [C:\WINNT\system32\82357IPT.dll]  [Agilent Technologies, L.02.01.00]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
[PID: 1420][C:\Program Files\Tencent\Foxmail\Foxmail.exe]  [Tencent Inc., 6.03.103.21]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\Foxmail\pcre.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll]  [CNNIC, 1, 0, 0, 3]
[PID: 1284][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
    [C:\WINNT\system32\niRoot.nce]  [National Instruments Corporation, 1.1, Build 49]
    [C:\Program Files\Tencent\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\PROGRA~1\ULTRAE~1\ue32ctmn.dll]  [, 1, 0, 0, 1]
[PID: 508][E:\software\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com

==================================

日志不全,快贴

<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IO Control.lnk --> C:\PROGRA~1\Agilent\IOLIBR~1\bin\iprocsvr.exe [Agilent Technologies]><N>
驱动部分
[ADS711S / ADS711S]
<\??\C:\WINNT\system32\drivers\ADS711S.SYS><N/A>
[aqIPD / aqIPD]
<\??\C:\WINNT\system32\drivers\aqIPD.sys><N/A>
[Cdr4_2K / Cdr4_2K]
[DarkSpy / DarkSpy]
<\??\C:\WINNT\system32\DarkSpyKernel.sys><N/A>
<\??\C:\WINNT\system32\drivers\ghhcgdgb.sys><N/A>
[GPIB Board Class Driver / gpibclsb]
<\SystemRoot\System32\Drivers\gpibclsb.sys><N/A>
[GPIB Device Class Driver / gpibclsd]
<\SystemRoot\System32\Drivers\gpibclsd.sys><N/A>
[GPIB Port Driver (PCI-GPIB) / gpibpci]
<system32\DRIVERS\gpibpci.sys><N/A>
[NewTry PCI port enumerator / npmf]
<system32\DRIVERS\npmf.sys><N/A>
[NewTry PCI PR serial port driver / npser]
<system32\DRIVERS\npser.sys><N/A>
上面的干掉.
还有就是清理临时文件夹.
方便的话,病毒样本发过来

样本发给你了，上面有些东西不用删除吧，有的PCI卡的驱动啊，删除了就不能用了吧

[GPIB Board Class Driver / gpibclsb]
<\SystemRoot\System32\Drivers\gpibclsb.sys><N/A>
[GPIB Device Class Driver / gpibclsd]
<\SystemRoot\System32\Drivers\gpibclsd.sys><N/A>
[GPIB Port Driver (PCI-GPIB) / gpibpci]
<system32\DRIVERS\gpibpci.sys><N/A>
[NewTry PCI port enumerator / npmf]
<system32\DRIVERS\npmf.sys><N/A>
[NewTry PCI PR serial port driver / npser]
<system32\DRIVERS\npser.sys><N/A>不像是病毒
[DarkSpy / DarkSpy]
<\??\C:\WINNT\system32\DarkSpyKernel.sys><N/A>应该是一个检测rootkit的软件 darkspy的驱动