Running processes:
[rundll32.exe]
CommandLine = rundll32.exe "C:\WINDOWS\system32\mz3216.dll",DllGetVersion

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[rfwmain.exe]
CommandLine =  -StartUp

[sistray.exe]
CommandLine = "C:\WINDOWS\System32\sistray.EXE"

[rundll32.exe]
CommandLine = "C:\WINDOWS\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd

[carpserv.exe]
CommandLine = "C:\WINDOWS\System32\carpserv.exe"

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[KVMonXp_1.kxp]
CommandLine = "C:\KV2004\KVMonXp_1.kxp" /auto

[issch.exe]
CommandLine = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[nsmscrs.exe]
CommandLine = "C:\WINDOWS\System32\nsmscrs.exe"

[daemon.exe]
CommandLine = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[ylive.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe"

[yassistse.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"

[ctfmon.exe]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"

[msmsgs.exe]
CommandLine = "C:\Program Files\Messenger\msmsgs.exe" /background

[rundll32.exe]
CommandLine =  C:\WINDOWS\SYSTEM32\stdup.dll,Entry

[VnetClient.exe]
CommandLine = "C:\Program Files\ChinaNet\VnetClient.exe"

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.17ww.com
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll

O1 - Hosts: 127.0.0.1  sds-qckads.com
O1 - Hosts: 127.0.0.1  status.qckads.com
O1 - Hosts: 127.0.0.1  www.qoolaid.com
O1 - Hosts: 127.0.0.1  www.qoologic.com
O1 - Hosts: 127.0.0.1  www.CLKPrecision.com
O1 - Hosts: 127.0.0.1  www.urllogic.com
O1 - Hosts: 127.0.0.1  www.clkoptimizer.com
O1 - Hosts: 127.0.0.1  www.isearch.com
O1 - Hosts: 127.0.0.1  isearch.com
O1 - Hosts: 127.0.0.1  www.idownload.com
O1 - Hosts: 127.0.0.1  idownload.com
O1 - Hosts: 127.0.0.1  www.mytotalsearch.com
O1 - Hosts: 127.0.0.1  mytotalsearch.com
O1 - Hosts: 127.0.0.1  www.lop.com
O1 - Hosts: 127.0.0.1  lop.com
O1 - Hosts: 127.0.0.1  www.websearch.com
O1 - Hosts: 127.0.0.1  websearch.com
O1 - Hosts: 127.0.0.1  www.page-not-found.net
O1 - Hosts: 127.0.0.1  page-not-found.net
O1 - Hosts: 127.0.0.1  www.isearchhere.com
O1 - Hosts: 127.0.0.1  isearchhere.com
O1 - Hosts: 127.0.0.1  as.adwave.com
O1 - Hosts: 127.0.0.1  sr.adwave.com
O1 - Hosts: 127.0.0.1  www.adwave.com
O1 - Hosts: 127.0.0.1  adwave.com EVENT:HOST:127.0.0.1
O1 - Hosts: 127.0.0.1  www.pacimedia.com
O1 - Hosts: 127.0.0.1  www.exactsearch.net
O1 - Hosts: 127.0.0.1  www.contextplus.net
O1 - Hosts: 127.0.0.1  www.contextplus.net
O1 - Hosts: 127.0.0.1  www.contextplus.net
O1 - Hosts: 127.0.0.1 www.symantec.com
O1 - Hosts: 127.0.0.1 securityresponse.symantec.com
O1 - Hosts: 127.0.0.1 symantec.com
O1 - Hosts: 127.0.0.1 www.sophos.com
O1 - Hosts: 127.0.0.1 sophos.com
O1 - Hosts: 127.0.0.1 www.mcafee.com
O1 - Hosts: 127.0.0.1 mcafee.com
O1 - Hosts: 127.0.0.1 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.0.0.1 www.viruslist.com
O1 - Hosts: 127.0.0.1 viruslist.com
O1 - Hosts: 127.0.0.1 viruslist.com
O1 - Hosts: 127.0.0.1 f-secure.com
O1 - Hosts: 127.0.0.1 www.f-secure.com
O1 - Hosts: 127.0.0.1 kaspersky.com
O1 - Hosts: 127.0.0.1 kaspersky-labs.com
O1 - Hosts: 127.0.0.1 www.avp.com
O1 - Hosts: 127.0.0.1 www.kaspersky.com
O1 - Hosts: 127.0.0.1 avp.com
O1 - Hosts: 127.0.0.1 www.networkassociates.com
O1 - Hosts: 127.0.0.1 networkassociates.com
O1 - Hosts: 127.0.0.1 www.ca.com
O1 - Hosts: 127.0.0.1 ca.com
O1 - Hosts: 127.0.0.1 mast.mcafee.com
O1 - Hosts: 127.0.0.1 my-etrust.com
O1 - Hosts: 127.0.0.1 www.my-etrust.com
O1 - Hosts: 127.0.0.1 download.mcafee.com
O1 - Hosts: 127.0.0.1 dispatch.mcafee.com
O1 - Hosts: 127.0.0.1 secure.nai.com
O1 - Hosts: 127.0.0.1 nai.com
O1 - Hosts: 127.0.0.1 www.nai.com
O1 - Hosts: 127.0.0.1 update.symantec.com
O1 - Hosts: 127.0.0.1 updates.symantec.com
O1 - Hosts: 127.0.0.1 us.mcafee.com
O1 - Hosts: 127.0.0.1 liveupdate.symantec.com
O1 - Hosts: 127.0.0.1 customer.symantec.com
O1 - Hosts: 127.0.0.1 rads.mcafee.com
O1 - Hosts: 127.0.0.1 trendmicro.com
O1 - Hosts: 127.0.0.1 pandasoftware.com
O1 - Hosts: 127.0.0.1 www.pandasoftware.com
O1 - Hosts: 127.0.0.1 www.trendmicro.com
O1 - Hosts: 127.0.0.1 www.grisoft.com
O1 - Hosts: 127.0.0.1 www.microsoft.com
O1 - Hosts: 127.0.0.1 microsoft.com
O1 - Hosts: 127.0.0.1 www.virustotal.com
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1  www.contextplus.net
O1 - Hosts: 127.0.0.1  www.contextplus.net
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KV2004\KVShell_1.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar:  (file missing)
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [Microsoft CSRSS Service] nsmscrs.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KvMonXP] C:\KV2004\KVMonXp_1.kxp /auto
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SEDMAD] C:\WINDOWS\System32\8ledm.exe "-sedmreg"
O4 - HKLM\..\Run: [Update] C:\WINDOWS\System32\Update.exe
O4 - HKLM\..\Run: [wins] C:\Program Files\win\wins.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Microsoft CSRSS Service] nsmscrs.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] nsmscrs.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =

O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Q\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Q\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Q\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Q\SendMMS.htm
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra Button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra Button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}? - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}? - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Q\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Q\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - D:\Q\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - D:\Q\QQIEHelper.dll
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O11 - Options group: [TBH]  QQ地址栏搜索插件
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2D2768E3-E1D6-4F37-B078-B018EC26477C} (WebClient Control) - http://www.horsemaker.cn/chat/HMChatClientch20050729.cab
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.chinavnet.com/VnetPluginIns.CAB
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {AA7F1441-4289-4E0A-B442-448192AD30A0} (HMRunner Control) - http://hm.18777.net/download/client/HMRunner.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {E1207373-6721-4AAD-888B-C8C5A0209E17} (VnetAnpr Class) - http://service.chinavnet.com/zx/VNetInterface/VNetForSP/VnetPlugin.CAB
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://tenpay.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2663833F-FF9A-4DB0-8244-B7CACEB7B38B}: NameServer = 202.102.192.68 202.102.199.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: Nls
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: KVSrvXp_1 (KVSrvXp_1) - JiangMin Ltd. - C:\KV2004\KVSrvXp_1.exe -Service
O23 - Service: Macromedia Licensing Service (Macromedia Licensing Service) -  - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: ServiceX (ServiceX) -  - C:\WINDOWS\System32\servicex.exe
O23 - Service: StdService (StdService) -  - C:\WINDOWS\System32\rundll32.exe c:\windows\system32\stdsver.dll,service
O23 - Service: Super AOL instant messenger (supermsg) -  - "C:\WINDOWS\lsass2.exe"
O23 - Service: Universal Disk Manager (Universal Disk Manager) -  - C:\Program Files\Common Files\SANDF\diskman.exe
O23 - Service: network monitoring tools (windows network) -  - "C:\WINDOWS\nvcr32.exe"
O23 - Service: Wint (wint) -  - C:\WINDOWS\System32\rundll32.exe "c:\windows\system32\wint\wint.dll",run -r

修复：
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O3 - Toolbar: (file missing)
O3 - Toolbar: (file missing)
O3 - Toolbar: (file missing)
O3 - Toolbar: (file missing)
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKLM\..\Run: [Update] C:\WINDOWS\System32\Update.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKCU\..\Run: [Microsoft CSRSS Service] nsmscrs.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] nsmscrs.exe
O23 - Service: ServiceX (ServiceX) - - C:\WINDOWS\System32\servicex.exe

删除:
C:\WINDOWS\SYSTEM32\stdup.dll
文件夹：C:\$NtUninstallQ5926809$\
C:\WINDOWS\System32\Update.exe
C:\windows\winsysupd5.exe
C:\\gimmygames.exe
nsmscrs.exe（C:\windows\system32\下的，可以先去看看是什么）
C:\WINDOWS\System32\servicex.exe


两个马，可能是鸽子
O23 - Service: Super AOL instant messenger (supermsg) - - "C:\WINDOWS\lsass2.exe"
O23 - Service: network monitoring tools (windows network) - - "C:\WINDOWS\nvcr32.exe"
http://forum.ikaka.com/topic.asp?board=28&artid=7713905  关于HijackThis日志发现灰鸽子的处理方法


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.17ww.com
这个东西，如果楼主不想用http://www.17ww.com这个网址作首页的话，请修复


O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
这两个去看看把，不太认识