正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1308 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, ]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件（北京）有限公司, 2.5.1.1003]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\sanlink\INPUT_~1\contmenu.dll]  [N/A, ]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件（北京）有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1472 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [国风因特软件（北京）有限公司, 2.5.0.6]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
[PID: 1576 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2012 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 48]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 120 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 128 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 172 / Administrator][C:\WINDOWS\system32\rketbuy.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 180 / Administrator][C:\WINDOWS\system32\trmgfyg.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 192 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件（北京）有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\notifier.dll]  [国风因特软件（北京）有限公司, 2.5.1.1003]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 188 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 260 / Administrator][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 396 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 1556 / Administrator][C:\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 14]
    [C:\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 14]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [C:\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
[PID: 2160 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
[PID: 2500 / SYSTEM][C:\Rising\Rav\CopyRun\RavUpgrd.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Rising\Rav\CopyRun\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Rising\Rav\CopyRun\Update.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[PID: 3112 / Administrator][D:\Personal\Desktop\新建文件夹 (2)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.2]
    [D:\Personal\Desktop\新建文件夹 (2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe
[E:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe
[F:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 172, C:\WINDOWS\SYSTEM32\RKETBUY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 172, C:\WINDOWS\SYSTEM32\RKETBUY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 180, C:\WINDOWS\SYSTEM32\TRMGFYG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 180, C:\WINDOWS\SYSTEM32\TRMGFYG.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 396, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 396, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1556, C:\RISING\RAV\RAVTRAY.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

谢谢大家了！！！

找到下面的文件复制到桌面，用RAR压缩，传给我enao@people.com.cn 麻烦你了
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe

删除注册表项目
<fjnijid><C:\WINDOWS\system32\rketbuy.exe> []
<fctatie><C:\WINDOWS\system32\trmgfyg.exe> []

重起用WINRAR删除下面文件
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe
D:\Autorun.inf
E:\fctatie.exe
E:\Autorun.inf
F:\fctatie.exe
F:\Autorun.inf

下载IFEO修复工具(enao.ys168.com 下载)

到游戏迷的网盘下个3721专杀来清清吧.http://scj2007.ys168.com/

给我也来一份,
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe
压缩发给qcqyt1983@163.com