俺的电脑有：Trojan.DL.Zlob.pp，可瑞星大哥杀不掉。
请教瑞星人士。

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
D:\WINDOWS\SYSTEM32\CTFMON.EXE
D:\WINDOWS\SYSTEM32\SMSS.EXE
D:\WINDOWS\SYSTEM32\CSRSS.EXE
D:\WINDOWS\SYSTEM32\WINLOGON.EXE
D:\WINDOWS\SYSTEM32\SERVICES.EXE
D:\WINDOWS\SYSTEM32\LSASS.EXE
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
D:\WINDOWS\SYSTEM32\SPOOLSV.EXE
D:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\KUANDAI\SIMPLECLIENT.EXE
D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
D:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
D:\WINDOWS\SYSTEM32\HKCMD.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\SYSTEM32\SVCHOST.EXE
D:\WINDOWS\SYSTEM32\WDFMGR.EXE
D:\WINDOWS\VSNPSTD3.EXE
D:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
D:\DOCUMENTS AND SETTINGS\WFC\MY DOCUMENTS\RSDETECT.EXE
D:\WINDOWS\SYSTEM32\CONIME.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = D:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = D:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = D:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
IgfxTray = D:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
HotKeysCmds = D:\WINDOWS\SYSTEM32\HKCMD.EXE
SoundMan = SOUNDMAN.EXE
snpstd3 = D:\WINDOWS\VSNPSTD3.EXE
SKYNET Personal FireWall = D:\PROGRA~1\SKYNET\FIREWALL\PFW.EXE
RfwMain = "D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
TkBellExe = "D:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
RavTask = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
KernelFaultCheck = D:\WINDOWS\SYSTEM32\DUMPREP 0 -K

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavWeb = "D:\PROGRAM FILES\RISING\RAVWEB\UPDATE\WEBSETUP.EXE" /UNINSTALL /S /ONCE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
wininet.dll = MSCORNET.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = D:\WINDOWS\SYSTEM32\CTFMON.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "D:\Program Files\Microsoft Office\Office10\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = D:\WINDOWS\System32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = D:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{54EBD53A-9BC1-480B-966A-843A333CA162} = F:\应用软件\qq2004\QQGame\QQ2004\QQIEHelper.dll
{A5366673-E8CA-11D3-9CD9-0090271D075B} = D:\PROGRA~1\FLASHGET\jccatch.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = D:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = D:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF8FC64C-D042-4EF2-AC95-0D7FA072D2AF}] SEQPACKET 0 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF8FC64C-D042-4EF2-AC95-0D7FA072D2AF}] DATAGRAM 0 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{224631B1-DFF6-40F8-A056-C4D763C6E9E3}] SEQPACKET 1 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{224631B1-DFF6-40F8-A056-C4D763C6E9E3}] DATAGRAM 1 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D4184B4-902A-4FD9-A785-2E8547FE8FF4}] SEQPACKET 2 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D4184B4-902A-4FD9-A785-2E8547FE8FF4}] DATAGRAM 2 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{073A92B3-C9A3-4C8D-B0CE-5C24191B4B89}] SEQPACKET 3 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{073A92B3-C9A3-4C8D-B0CE-5C24191B4B89}] DATAGRAM 3 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = D:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
cisvc = D:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = D:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = D:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dhcp = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = D:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = D:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = D:\WINDOWS\SYSTEM32\IMAPI.EXE
LanmanWorkstation = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = D:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = D:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = D:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = D:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = D:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = D:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = D:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = D:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = D:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = D:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = D:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = D:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = D:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = D:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = D:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = D:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = D:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = D:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = D:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = D:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = D:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{C5A1DE5A-48E7-4939-ACD8-B743705616FF}
SysmonLog = D:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = D:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = D:\WINDOWS\SYSTEM32\WDFMGR.EXE
uploadmgr = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = D:\WINDOWS\SYSTEM32\UPS.EXE
VSS = D:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = D:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
MRxDAV = D:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = D:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = D:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = D:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = D:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = D:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = D:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = D:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
ALCXWDM = D:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AsyncMac = D:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = D:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = D:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = D:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = D:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
CCDECODE = D:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = D:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = D:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = D:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = D:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = D:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = D:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = D:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = D:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = D:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = D:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = D:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = D:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = D:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = D:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = D:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = D:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = D:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = D:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
i8042prt = D:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
ialm = D:\WINDOWS\SYSTEM32\DRIVERS\IALMNT5.SYS
IdeBusDr = D:\WINDOWS\SYSTEM32\DRIVERS\IDEBUSDR.SYS
IdeChnDr = D:\WINDOWS\SYSTEM32\DRIVERS\IDECHNDR.SYS
IpFilterDriver = D:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = D:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = D:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = D:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = D:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = D:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = D:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = D:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = D:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
MEMSCAN = D:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = D:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mProcRs = D:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = D:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = D:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = D:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
MSTEE = D:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
ms_mpu401 = D:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NABTSFEC = D:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = D:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = D:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = D:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = D:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = D:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
New0 = D:\WINDOWS\SYSTEM32\NEW.SYS
npkcrypt = F:\应用软件\QQ2004\QQGAME\QQ2004\NPKCRYPT.SYS
NwlnkFlt = D:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = D:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = D:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = D:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = D:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = D:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = D:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = D:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = D:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = D:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = D:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = D:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = D:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = D:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = D:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = D:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
ROOTMODEM = D:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS
RsFwDrv = D:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
rtl8139 = D:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
SAMDRV = D:\WINDOWS\SYSTEM32\SAMDRV.SYS
Secdrv = D:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
ser2pl = D:\WINDOWS\SYSTEM32\DRIVERS\SER2PL.SYS
serenum = D:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = D:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = D:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
SNPSTD3 = D:\WINDOWS\SYSTEM32\DRIVERS\SNPSTD3.SYS
splitter = D:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = D:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = D:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = D:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = D:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = D:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = D:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = D:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = D:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = D:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = D:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = D:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = D:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = D:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WSTCODEC = D:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
Ydqztyef = D:\WINDOWS\SYSTEM32\DRIVERS\YDQZTYEF.SYS
{6080A529-897E-4629-A488-ABA0C29B635E} = D:\WINDOWS\SYSTEM32\DRIVERS\IALMSBW.SYS
{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} = D:\WINDOWS\SYSTEM32\DRIVERS\IALMKCHW.SYS

Trojan.DL.Zlob.pp
瑞星说它在D/WINDOWS/SYSTEM32/？？？.tmp

这些东东里有可疑的分子吗?
请大哥,高手们指教.

是我儿子装的QQ堂的游戏有病毒吗？

我今天刚升级，可还是杀不掉