具体描述跟他说的差不多
http://forum.ikaka.com/topic.asp?board=28&artid=8126686

请高手帮帮忙
我是菜鸟

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<fmsiocps><C:\WINDOWS\fmsiocps.exe>  []
    <anistio><C:\WINDOWS\anistio.exE>  []
    <dionpis><C:\WINDOWS\dionpis.exe>  []
    <fiosectc><C:\WINDOWS\fiosectc.exe>  []
    <tookwqef><C:\WINDOWS\okqftbqi.exe>  []
    <dbhlp32><C:\WINDOWS\dbhlp32.exe>  []
    <ticisms><C:\WINDOWS\ticisms.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <issms32><C:\WINDOWS\issms32.exe>  []
    <hefxxxy><C:\WINDOWS\hefxxxy.exe>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <ptshell><C:\WINDOWS\ptshell.exe>  []
    <WinSysM><C:\WINDOWS\192896M.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosmhfp01.dll,msosmnsf01.dll,msosping01.dll,msosdohs01.dll>  []
清空后面成：<AppInit_DLLs><>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5f24d354-e8fd-410e-8f85-35351ccc9eda}><C:\WINDOWS\system32\dqHADHAD1066.dll>  []
    <{c4789590-dbff-4ef1-ac21-a443863c2b56}><C:\WINDOWS\system32\dqABCABC1028.dll>  []
    <{3c0a13c5-4df0-4430-9718-bf99ff81334a}><C:\WINDOWS\system32\dqBAIBAI1067.dll>  []
    <{398C9B84-4EF7-47B5-9862-DE29543B3C42}><C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys>  []
    <{570d880f-4181-40ba-9ce2-b389b366b026}><C:\WINDOWS\system32\dqNNBNNB1054.dll>  []

[pop / pop][Running/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp12.tmp><N/A>
[ping / ping][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp18.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp24.tmp><N/A>

    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosping00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosping01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
[C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\dionpis.dll]  [N/A, ]
    [C:\WINDOWS\system32\fiosectc.dll]  [N/A, ]
    [C:\WINDOWS\system32\hosqpnhb.dll]  [N/A, ]
    [C:\WINDOWS\system32\dbhlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\ticisms.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf01.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosping01.dll]  [N/A, ]
    [C:\WINDOWS\system32\issms32.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefxxxy.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\ngtzcs.dll]  [N/A, ]
[C:\WINDOWS\system32\dqHADHAD1066.dll]  [N/A, ]
    [C:\WINDOWS\system32\dqABCABC1028.dll]  [N/A, ]
    [C:\WINDOWS\system32\dqBAIBAI1067.dll]  [N/A, ]
    [C:\WINDOWS\system32\dqNNBNNB1054.dll]  [N/A, ]
(本人菜鸟，觉得以上比较可疑，不排除误、漏等情况)