我的电脑中了一种附在Directdb.exe上的病毒阿！
一开个别程序就
  出现这几个任务：directdb.exe,iexplore.exe,notepad.exe.（此时我并没有打开浏览器和记事本）而且iexplore.exe不停地出现，把内存吃光
directdb.exe无法关掉！！！目录是C:\Program Files\Common Files\System
我运行很多程序都运行不了，屏幕在那里不停的闪，就是启动不了我想打开的软件。我在注册表里把这两个有关的键值都删掉了，但是还是没用，病毒还在运行的。搞得我上网也上不了了。
而且会不停地出现notepad.exe，和iexplorer.exe而我没有开记事本和网页，开机的时候桌面无法显示。不断的删，不断地出现，用GHOST恢复了NN遍无效

你中的是艾妮新变种，有关这个变种的介绍，你可以看这里：http://www.cisrt.org/blog/read.php?316

哈哈，跟我的情况一样，我都搞了两天，实在是麻烦，问又没有人理，看楼上说的哪个地方还是简单，我早两天根本没有看到。不过这个病毒确实让我头痛。
  到现在根本不知道是否处理好，因为跟这说的还多了东西，还自动生成了temp_ORIGINA.EXE，点击运行一个程序，进程起码多出4个多余的，有NOTE_PAD,IE,MSD,DIRECT_DB.而已进程到后来基本无法关闭，启动项看到了，删除后又自动生成，无法消除,在temp里生成了很多乱七八糟的程序，还添加到启动项里。
    很多运行程序损坏，ie运行一段时间也自动关闭。很多杀毒工具重新下载时好像也不能运行，相同名称软件重新下载也不能运行，sreng我下载了很多回，又是下载又是改名字，都不能运行。
    因为我是新手，所以不知道是多个病毒还是和上面说的不一样。
  我是使用了删除工具 PowerRMV ，看见不顺眼的程序，就是在进程里跟那几个进程相关联的程序，
分别填入下面的文件（包括完整的路径） ，勾选“抑止杀灭对象再次生成”，点杀灭。
  这几部做完了，再乱点运行程序，这几个进程没有出现了，重新下载winrar，sreng运行，修复一遍，再重新启动，现在看好像正常了。

这东西刚出来我就碰到了，心情不好了两天，早点看到就好了。破坏了我很多运行文件，气氛啊！我的瑞星还卸载不了，不能运行，重新安装又检测到更新过了，还不能重装，星期一还得忙，瑞星我准备放弃了，每回都是先给干掉的,好像没有什么用。

没用啊！！！
我注册表里没有那项东西

SRE日志上来
使用SREng扫描工具点这里下载http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip 
2 运行SREng2.exe                 
3 按智能扫描，然后勾选检查进程模块的签名，然后再按扫描，最后保存结果
4 把结果SREngLOG.log里面的内容一字不漏的发上来，一次发不完的就分页发

提示下：
a.扫描前关闭所有正在使用的应用程序,例如QQ`浏览器等，然后再进行扫描
b.如果SREng.exe运行无反应或者不能运行又或者扫描出错
你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或abc.exe然后放到c:\windows
下面再运行

上传SREngLog
帮你分析!

[CODE]

2007-04-14,11:15:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <7uzk11iy2m7g><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\crasos.exe>  []
    <e8sxj6zcjlhvmx><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\rundl132.exe>  []
    <11ihc><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Servere.exe>  []
    <6mmu><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\c0nime.exe>  []
    <3stlcb><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\winlog0n.exe>  []
    <zr0clsfly7><C:\DOCUME~1\卢启扬\LOCALS~1\Temp\1explore.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <Knight V><>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <hcmdbcs><C:\WINDOWS\hcmdbcs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\MAT2.scr>  []

==================================
启动文件夹
N/A

==================================
服务
[AVP / AVP][Stopped/Manual Start]
  <?尺????峌?????????????癡尶癁?硥?爭"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NTService / NetService][Stopped/Auto Start]
  <C:\WINDOWS\system32\ntservice.exe><Ceramiche Ariostea>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[bdajaabe / bdajaabe][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bdajaabe.sys><中国互联网络信息中心(CNNIC)>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dhffffcj / dhffffcj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhffffcj.sys><中国互联网络信息中心(CNNIC)>
[DriverLINX Port I/O Driver / DLPortIO][Stopped/Manual Start]
  <\??\D:\Program Files\GBALink\DLPortIO.SYS><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[fegcgdca / fegcgdca][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\fegcgdca.sys><中国互联网络信息中心(CNNIC)>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Fire2USB / Fire2USB][Stopped/Manual Start]
  <System32\Drivers\Fire2USB.SYS><www.gamebios.com>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\D:\瑞星杀毒\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[kakioj / kakioj][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kakioj.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\腾讯qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\腾讯qq\npkycryp.sys><N/A>
[NPPTNT2 / NPPTNT2][Running/System Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nVidia WDM Video Capture (universal) / nvcap][Running/Auto Start]
  <system32\DRIVERS\nvcap.sys><N/A>
[nVidia WDM A/V Crossbar / NVXBAR][Running/Auto Start]
  <system32\DRIVERS\NVxbar.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QuakeDRV / QuakeDRV][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[千度互通虚拟网卡 / tap0801][Stopped/Manual Start]
  <system32\DRIVERS\tap0801.sys><The OpenVPN Project>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================

浏览器加载项
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Java Plug-in 1.5.0_11]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
  {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[CCTest Control]
  {658E8183-D04C-413A-9FCF-C04D610E81A3} <C:\wt2ksrv\bin\cctest.ocx, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin11.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[StoreAnswer Control]
  {9124F9F5-EC7E-4399-9901-4F365B42FC88} <C:\wt2ksrv\bin\zjks.ocx, N/A>
[AuwEeqjo Class]
  {A013DBE0-DECE-D871-AE5F-BDB8576131A4} <C:\WINDOWS\DOWNLO~1\rfrviqx.dll, cnnprsoft>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <D:\PROGRA~1\MICROS~1\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[QLD Control]
  {CCF6601F-5E8B-4659-ADFF-7A7037DC473F} <C:\wt2ksrv\bin\qld.ocx, N/A>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\腾讯qq\QQPlayerProxy.dll, Tencent>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WVX Moniker Class]
  {CD3AFA95-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <D:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTCheck.ocx, Apple Computer, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml2.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml2.dll, N/A>
[&使用BitComet下载]
  <res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\腾讯qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\腾讯qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\腾讯qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\腾讯qq\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 760][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 884][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
[PID: 896][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[PID: 1300][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[PID: 1652][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\hcmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7643]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7643]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10513]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3924][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2276][C:\Documents and Settings\卢启扬\桌面\新建文件夹\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\卢启扬\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\hcmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]