以下是系统的日志：
2007-06-17,22:41:06

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <a-winpoet-service><; C:\Program Files\WinPoET\WinPPPoverEthernet.exe>  [Fine Point Technologies, Inc.]
    <Super Rabbit Desktop Set><; F:\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <internat.exe><; internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <SKYNET Personal FireWall><F:\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <POINTER><; point32.exe>  [N/A]
    <RavTask><"F:\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><F:\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><; "F:\播放ogm\StormSet.exe" /S /opti>  []
    <CnsM.dll><; Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [N/A]
    <Microsoft Autorun4><C:\WINNT\system32\ztinetzt>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINNT\system32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\SYSTEM32\Userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  []

==================================
启动文件夹
[ImageFox]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ImageFox.lnk --> C:\WINNT\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [N/A]><H>
[Adobe Gamma Loader.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.exe.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[ADSL超频奇兵 V3.06]
  <C:\Documents and Settings\Glacier\「开始」菜单\程序\启动\ADSL超频奇兵 V3.06.lnk --> F:\ADSL超~1.06\ADSLx2.exe [奇兵软件 Worldfax.net]><H>

==================================
服务
[79CE0C78 / 79CE0C78][Stopped/Auto Start]
  <C:\WINNT\system32\E31CB9D4.EXE -k><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Remote Help Session Manager / Rasautol][Stopped/Auto Start]
  <C:\WINNT\system32\ntsokele.exe><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"F:\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Telephonyl / Windowscmds][Stopped/Auto Start]
  <C:\WINNT\system32\Wincmd.exe><N/A>
[Windowso / WindowsDown][Stopped/Auto Start]
  <C:\WINNT\system32\servet.exe><N/A>
[WinPPPoverEthernet / WinPPPoverEthernet][Running/Auto Start]
  <C:\Program Files\WinPoET\WrOS.EXE><iVasion, a Routerware Company>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[XDownloadService / XDownloadService][Stopped/Auto Start]
  <C:\WINNT\system32\Rundll32.exe "C:\WINNT\Downloader.dll",Run><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINNT\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Copystar / Copystar][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\copystar.sys><An Chen Computer>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\F:\rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\F:\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\F:\rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\F:\rising\Rav\HookSys.sys><Rising>
[KWATCH / KWATCH][Stopped/Manual Start]
  <\??\F:\KAV2003\KWATCH.SYS><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\F:\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\E:\小兵\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\F:\rising\Rav\RSPPSYS.sys><Rising>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINNT\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
  <\??\F:\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[VIAPFD / VIAPFD][Running/System Start]
  <\SystemRoot\System32\Drivers\VIAPFD.SYS><VIA Technologies. Inc.>
[W89C841 Ethernet Adapter Driver / W841ND][Running/Manual Start]
  <System32\DRIVERS\W841ND.SYS><Winbond Electronics Corporation>
[WrKPoET2000 / WrKPoET2000][Running/Manual Start]
  <\??\C:\Program Files\WinPoET\WrKPoET2000.sys><N/A>
[iVasion PoET Adapter / WRSWanDD][Running/Manual Start]
  <System32\DRIVERS\WrKPoETNic2000.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

浏览器加载项
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\FLASHGET\jccatch.dll, FlashGet>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <F:\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINNT\system32\ssup.dll, TENCENT>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINNT\system32\uusee\internet\updateC.ocx, uusee>
[pcastup Class]
  {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} <C:\WINNT\Downloaded Program Files\pcastupdate.dll, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINNT\system32\macromed\download\Download.dll, Macromedia, Inc.>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINNT\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Fc2Boot Class]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <C:\WINNT\DOWNLO~1\fc2boot.dll, ±±??????í¨?????a·￠óD?T1???>
[FcBoot Class]
  {C0C13879-6A17-429E-80F1-60B23FC1F720} <C:\WINNT\Downloaded Program Files\fcboot.dll, XXT>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[NMChatX Control]
  {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINNT\DOWNLO~1\NMChatX.ocx, Netmarble>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[KATScan Control]
  {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} <C:\WINNT\System32\kingsoft\KATScan\KATScan.OCX, Kingsoft>
[SHLaunch Control]
  {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} <C:\WINNT\System32\SHLaunch.ocx, >
[&使用BitComet下载]
  <res://F:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://F:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://F:\BitComet\BitComet.exe/AddVideo.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[使用网际快车下载]
  <F:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\909EDED0.DLL]  [Microsoft Corporation, ]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\909EDED0.DLL]  [Microsoft Corporation, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4116]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1216][C:\WINNT\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.02]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 1392][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 1604][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\WINNT\system32\909EDED0.DLL]  [Microsoft Corporation, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [F:\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [F:\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [F:\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [F:\MagicSet\srcd.dll]  [Super Rabbit Software, 1.02]
    [C:\WINNT\system32\MSVBVM50.DLL]  [Microsoft Corporation, 05.02.8244 (SP2)]
    [F:\WinRAR\rarext.dll]  [N/A, ]
    [F:\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 81, 46, 1]
    [F:\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 81, 68, 0]
    [C:\WINNT\system32\ConnAPI.DLL]  [Nokia., 6, 81, 62, 0]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 81, 29, 0]
    [F:\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 81, 11, 0]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [Tencent, 5, 0, 1, 17]
    [C:\Program Files\ACD Systems\PicaView\Picaview.dll]  [ACD Systems, Ltd., 2, 0, 0, 84]
    [C:\Program Files\ACD Systems\PlugIns\IDE_ACDStd.apl]  [ACD Systems, Ltd., 1, 3, 0, 0526]
[PID: 308][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 3, 0, 131, 0]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [Tencent, 5, 0, 1, 17]
    [F:\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [F:\BitComet\tools\BitCometBHO_1.1.3.28.dll]  [BitComet, 20070328]
    [C:\WINNT\system32\ssup.dll]  [TENCENT, 5, 0, 1, 17]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINNT\system32\msratelc.dll]  [Microsoft Corporation, 6.00.2800.1106]
[PID: 472][F:\FlashGet\flashget.exe]  [FlashGet.com, 1, 7, 2, 0]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1616][f:\rising\rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [f:\rising\rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2948][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 3016][C:\Downloads\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\msdebug.dll]  [N/A, ]
    [C:\WINNT\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINNT\system32\windhcp.ocx]  [N/A, ]
    [C:\WINNT\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINNT\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
utorun.inf
[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe

自己顶一下别沉了啊

为什么没人来帮帮我呢。突然出现1.exe 2.exe…………15.exe这15个程序。求高人出现啊

进入纯DOS，删掉各个盘符下的SysAuto.exe，autorun.inf文件。
进入桌面，在注册表中搜索SysAuto.exe，删掉！

好像没什么用：（

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng （就是你扫日志的软件）
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<Microsoft Autorun4><C:\WINNT\system32\ztinetzt> []
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：

79CE0C78 / 79CE0C78
Remote Help Session Manager / Rasautol
Remote Debug Service / RemoteDbg
Telephonyl / Windowscmds
Windowso / WindowsDown
XDownloadService / XDownloadService
Windows DHCP Service / WinDHCPsvc
Win32 Debug Service / MSDebugsvc
Wireless Service / WZCSRVC
WMI Performance API / WMIApiSrv


双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除<C:\WINNT\system32\E31CB9D4.EXE
C:\WINNT\system32\ntsokele.exe
C:\WINNT\system32\RemoteDbg.dll
C:\WINNT\system32\Wincmd.exe
C:\WINNT\system32\servet.exe
C:\WINNT\Downloader.dll
C:\WINNT\system32\windhcp.ocx
C:\WINNT\system32\msdebug.dll
C:\WINNT\system32\netsrvcs.dll
C:\WINNT\system32\WMIApiSrv.dll
C:\WINNT\system32\909EDED0.DLL
C:\Program Files\Internet Explorer\PLUGINS\System64.Sys
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt
C:\WINNT\system32\ztinetzt
用winrar打开e盘删除SysAuto.exe，autorun.inf

谢谢，哥哥了，问题已经解决了，非常感谢^_^

引用:

【newcenturymoon的贴子】安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统) 打开sreng （就是你扫日志的软件） 启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除) <Microsoft Autorun4><C:\WINNT\system32\ztinetzt> [] <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> [] <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [] “启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”， 选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”： 79CE0C78 / 79CE0C78 Remote Help Session Manager / Rasautol Remote Debug Service / RemoteDbg Telephonyl / Windowscmds Windowso / WindowsDown XDownloadService / XDownloadService Windows DHCP Service / WinDHCPsvc Win32 Debug Service / MSDebugsvc Wireless Service / WZCSRVC WMI Performance API / WMIApiSrv 双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定 然后删除<C:\WINNT\system32\E31CB9D4.EXE C:\WINNT\system32\ntsokele.exe C:\WINNT\system32\RemoteDbg.dll C:\WINNT\system32\Wincmd.exe C:\WINNT\system32\servet.exe C:\WINNT\Downloader.dll C:\WINNT\system32\windhcp.ocx C:\WINNT\system32\msdebug.dll C:\WINNT\system32\netsrvcs.dll C:\WINNT\system32\WMIApiSrv.dll C:\WINNT\system32\909EDED0.DLL C:\Program Files\Internet Explorer\PLUGINS\System64.Sys C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt C:\WINNT\system32\ztinetzt 用winrar打开e盘删除SysAuto.exe，autorun.inf ………………