电脑现象：瑞星程序、防火墙被穿透后，且无法启动；
                系统时间被更改
                运行速度齐慢
                运行内存中出现TEMPFILE（4）.EXE和...(7).exe不明进程
                无法进入安全模式
                无法登陆网页，所有网址都被更改，混乱中。
可疑文件：tempfile(4).exe,tempfile(7).exe,autorun.inf，sizhu.exe
现在问题很严重，烦请各位好人帮帮忙
ps:偶用的是正版瑞星（无语ing）

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

下载瑞星听诊器

下载地址：http://download.rising.com.cn/for_down/RsDetect.exe

运行扫描后会生成一个“瑞星听诊信息.htm”的文件，压缩后上报瑞星分析：

上报地址：http://up.rising.com.cn/webmail/othernew.htm

上报时说明具体情况

建议以下操作下载瑞星听诊器
下载地址：http://download.rising.com.cn/for_down/RsDetect.exe
运行扫描后会生成一个“瑞星听诊信息.htm”的文件，压缩后上报瑞星分析：
上报地址：http://up.rising.com.cn/webmail/othernew.htm
上报时说明具体情况

到此链接下载SREng日志扫描工具扫描一份报告上来，如果无法运行，可以用另一个。

http://bbs.ikaka.com/showtopic-8536393.aspx

尝试扫描日志上传

将可以文件打包上传“可疑文件交流”版

该用户帖子内容已被屏蔽

等晚上回家马上着手扫描，要等明天才能上传哦
家里的电脑已经不能登陆网页了。
实在不行我就重装系统了
nnd

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL

C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL
C:\PROGRAM FILES\RISING\RFW\RSXML.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL

C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSPROXY.DLL
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSLOG.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
C:\PROGRAM FILES\RISING\RAV\REFS.DLL
C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
C:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RAV\RSXML.DLL

C:\PROGRAM FILES\木马清除大师2008\BEATTROJANMON.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPONE.DLL
C:\PROGRAM FILES\木马清除大师2008\EGHELPERONE.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPTHREE.DLL
C:\PROGRAM FILES\木马清除大师2008\SYSTEMGUARDDELETE.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPEIGHT.DLL
C:\PROGRAM FILES\木马清除大师2008\SYSTEMGUARDHELPER.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPTWO.DLL

C:\PROGRAM FILES\RISING\ANTISPYWARE\RSTRAY.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSMGINFO.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSXML.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\MSVCP71.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\MSVCR71.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMSERV.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\PNGDLL.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\NCOMM.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMBGMONITOR.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\SHARED\NL3\ADVRCNTR3.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXINGSERVICEPS.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXSTORESVRPS.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMDATASERVICES.DLL

C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NB.DLL
C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NEROAPIGLUELAYERUNICODE.DLL
C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\LBFC.DLL
C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBHDMGR.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\WINS\NQADZDREY.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL

C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_CTRL.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\UNVDET.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL

C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\QTCORE4.DLL
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\QTGUI4.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\PLUGINS\IMAGEFORMATS\QJPEG4.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKREG.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKNTOS.DLL
C:\PROGRAM FILES\RISING\RAV\RSWALMON.DLL
C:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
C:\PROGRAM FILES\RISING\RAV\REFS.DLL
C:\PROGRAM FILES\RISING\RAV\FFR.DLL
C:\PROGRAM FILES\RISING\RAV\RSSTORE.DLL
C:\PROGRAM FILES\RISING\RAV\FAKESCAN.DLL
C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL
C:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL
C:\PROGRAM FILES\RISING\RAV\PEARC.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL
C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
C:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL
C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL
C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL
C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL
C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL
C:\PROGRAM FILES\RISING\RAV\SCANPACK.DLL
C:\PROGRAM FILES\RISING\RAV\REVM.DLL
C:\PROGRAM FILES\RISING\RAV\URUTILS.DLL
C:\PROGRAM FILES\RISING\RAV\UR000.DAT
C:\PROGRAM FILES\RISING\RAV\SCRIPTCI.DLL
C:\PROGRAM FILES\RISING\RAV\UROUTINE.DLL

C:\PROGRAM FILES\RISING\RFW\RFWSTUB.EXE
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL

C:\WINDOWS\SYSTEM32\CFJMP.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\DHMQU.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DSBHO_00.DLL
D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_00.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\木马清除大师2008\BTHELPSEVEN.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\PROGRAM FILES\木马清除大师2008\BEATTROJANSHIELDS.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL

C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXINGSERVICE.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXINGSERVICEPS.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMLOGCXX.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\LOG4CXX.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMDATASERVICES.DLL

C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXSTORESVR.EXE
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMSQLDB.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMLOGCXX.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\LOG4CXX.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXINGSERVICEPS.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMCOFOUNDATION.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMPLUGINBASE.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMFULLTEXTEXTRACTION.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMSEARCHPLUGINSIMILARIMAGES.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMDATASERVICES.DLL
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXSTORESVRPS.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\RISING\ANTISPYWARE\KNOWNSVR.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\NCOMM.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
Hard Disk Sentinel = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RARSFX0\HDSENTINEL.EXE
NeroFilterCheck = C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NEROCHECK.EXE
Alcmtr = ; ALCMTR.EXE
AlcWzrd = ; ALCWZRD.EXE
amd_dc_opt = ; C:\PROGRAM FILES\AMD\DUAL-CORE OPTIMIZER\AMD_DC_OPT.EXE
IMJPMIG8.1 = ; "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
NvMediaCenter = ; RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL,NVTASKBARINIT
nwiz = ; NWIZ.EXE /INSTALL
PHIME2002A = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
PHIME2002ASync = ; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
RTHDCPL = ; RTHDCPL.EXE
SkyTel = ; SKYTEL.EXE
SoundMan = ; SOUNDMAN.EXE
BeatTrojan = C:\PROGRAM FILES\木马清除大师2008\BEATTROJANMON.EXE
runeip = "C:\PROGRAM FILES\RISING\ANTISPYWARE\RSTRAY.EXE" /STARTUP
HBService32 = SYSTEM.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
kub12 = KUB12.EXE
dlnjjbdfa = C:\WINDOWS\SYSTEM\LLWZJY080923.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMBGMONITOR.EXE"
LightScribe Control Panel = C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LIGHTSCRIBECONTROLPANEL.EXE -HIDDEN


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233} = D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = C:\Program Files\FlashGet\jccatch.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} = D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
{686488AF-13D5-9DDF-4FEF-9FB88698CFC1} = C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2210.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{F156768E-81EF-470C-9057-481BA8380DBA} = C:\Program Files\FlashGet\getflash.dll


Winsock SPI
MSAPI Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\WRM32.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{50F37D71-30E2-4F13-9A72-D4B961627749}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{50F37D71-30E2-4F13-9A72-D4B961627749}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{56D1430C-5C3A-4ECD-AB68-A222AC427D2E}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{56D1430C-5C3A-4ECD-AB68-A222AC427D2E}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2A4FFC9-D262-41A4-A6D8-2C63B75026C5}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2A4FFC9-D262-41A4-A6D8-2C63B75026C5}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E4BCF4E-8CCC-4BFF-839A-C356877DB2F2}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E4BCF4E-8CCC-4BFF-839A-C356877DB2F2}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A939F840-AF12-4360-9E57-AB11641811C5}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A939F840-AF12-4360-9E57-AB11641811C5}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAPI Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\WRM32.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ccosm = D:\PROGRAM FILES\STORMII\STORMLIV.EXE /ASSERVICE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LightScribeService = "C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE"
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
Nero BackItUp Scheduler 3 = C:\PROGRAM FILES\NERO\NERO8\NERO BACKITUP\NBSERVICE.EXE
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NMIndexingService = "C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXINGSERVICE.EXE"
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
ose = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE"
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PnkBstrA = C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENSMGR = C:\WINDOWS\SYSTEM32\CFJMP.EXE
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{F4A02C93-DF1D-42A7-9C2B-9ABE1F2EED4C}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
usprserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
VyWin = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
木马清除大师实时监控 = C:\PROGRAM FILES\木马清除大师2008\BEATTROJANSVC.EXE


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
00072160 = C:\WINDOWS\SYSTEM32\DRIVERS\00072160.SYS
360IceBreaker = C:\WINDOWS\SYSTEM32\DRIVERS\360ICEBREAKER.SYS
360TimeProt = C:\WINDOWS\SYSTEM32\DRIVERS\360TIMEPROT.SYS
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AmdK8 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS
AmdLLD = C:\WINDOWS\SYSTEM32\DRIVERS\AMDLLD.SYS
ASTTools = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RARSFX1\ASTTOOLS.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BeatTrojanHelperOne = C:\PROGRAM FILES\木马清除大师2008\BEATTROJANHELPERONE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HBKernel32 = C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS
HDAudBus = C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKCONT.SYS
HookNtos = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKNTOS.SYS
HookReg = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKREG.SYS
HookSys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HookUrl = C:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntcAzAudAddService = C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
isslv = C:\WINDOWS\SYSTEM32\DRIVERS\ISSLV.SYS
jkgda = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\_TMP.BAT
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
KbdHid = C:\WINDOWS\SYSTEM32\DRIVERS\KBDHID.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MouHid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
opmjg = C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\_TMP.BAT
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
presafe = C:\WINDOWS\SYSTEM32\DRIVERS\PRESAFE.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RfwBase = C:\WINDOWS\SYSTEM32\DRIVERS\RFWBASE.SYS
RsFwDrv = C:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
RTLE8023xp = C:\WINDOWS\SYSTEM32\DRIVERS\RTENICXP.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TVICHW32 = C:\WINDOWS\SYSTEM32\DRIVERS\TVICHW32.SYS
UnlockerDriver5 = C:\PROGRAM FILES\UNLOCKER\UNLOCKERDRIVER5.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
vmmouse = C:\WINDOWS\SYSTEM32\DRIVERS\VMMOUSE.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
wmpobj = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MEDIA PLAYER\OBJ\WMPOBJ.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS

果然是
卡卡帮助偶杀了剩下的病毒
总共手工杀毒4ge
sizhu.exe
autorun.inf
tempfile 4 7 exe
kub17
软件杀毒若干
大多是木马有8个左右
其中就有灰鸽子