标题: 紧急求助 [打印本页]

---

作者: vestige     时间: 2009-5-5 14:16    标题: 紧急求助

中了一病毒，主要症状表现为，把正常文件夹属性更改为系统文件夹属性，可能是创建跟这个文件夹一样名称的可执行程序，图标是普通文件夹一样的图标，写入大量的计划任务，指向IE文件夹（后面的没看到），然后进程里就弹出什么SYSTEN.EXE、FIND.EXE等进程，然后机器变的很慢，请问各位高手，这个是什么病毒？微点、金山、瑞星、卡巴都查不出``紧急！WINXPSP3系统！尽快回复为盼！

看第二页那份SRE日志

[ Last edited by vestige on 2009-5-5 at 15:22 ]

---

作者: vestige     时间: 2009-5-5 14:19
坐沙发等待中！！！

---

作者: jaber     时间: 2009-5-5 14:24
扫一份SRE日志 瞧瞧！

---

作者: jaber     时间: 2009-5-5 14:24
另外把样本发给微点测试下：virus@micropoint.com.cn   这种程序微点应该处理的！

---

作者: vestige     时间: 2009-5-5 14:35
[CODE]

2009-05-05,14:30:15

System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com)[/url]

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <U盘专杀助手><C:\Program Files\U盘专杀助手\U盘专杀助手.exe>  [珑嘉软件]
    <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon><; ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <QQDownload><; "D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]

==================================
启动文件夹
N/A

==================================

---

作者: vestige     时间: 2009-5-5 14:36
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE"><Kingsoft Corporation>
[MPSVC Service / MPSVCService][Running/Auto Start]
  <C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>

==================================
驱动程序
[AFD / AFD][Running/System Start]
  <\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[ahcix86 / ahcix86][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ahci8086.sys><AMD Technologies Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Intel RAID Controller / iaStor5][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastor5.sys><Intel Corporation>
[Intel AHCI Controller 6 / iaStor6][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastor6.sys><Intel Corporation>
[Intel AHCI Controller 7 / iaStor7][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastor7.sys><Intel Corporation>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iteatapi.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KWatch3.sys><Kingsoft Corporation>
[lbrtfdc / lbrtfdc][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[m5228 / m5228][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[mp110001 / mp110001][Running/Auto Start]
  <system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
  <system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
  <system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
  <system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
  <system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
  <system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
  <system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
  <system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
  <system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[nvatabus / nvatabus][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[PCIDump / PCIDump][Stopped/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ATI-437A Serial ATA Controller / SI3112r][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiSRaid / SiSRaid][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\vmscsi.sys><VMware, Inc.>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) 腾讯>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>

---

作者: vestige     时间: 2009-5-5 14:36
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[AnyInstaller Control]
  {6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) 腾讯>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <, >
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AnyInstaller Control]
  {6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\Program Files\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 472 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]

---

作者: vestige     时间: 2009-5-5 14:36
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1268 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1484 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1584 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1668 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\ktaskbar.dll]  [Kingsoft Corporation, 2009,01,13,731]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVEXT.DLL]  [Kingsoft Corporation, 2008,07,09,459]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 168 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1396 / Administrator][C:\Program Files\U盘专杀助手\U盘专杀助手.exe]  [珑嘉软件, 6.00]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\U盘专杀助手\olepro32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\Program Files\U盘专杀助手\MyTubrTray.ocx]  [http://www.tubr.com, 1.00.0003]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[PID: 1288 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

---

作者: vestige     时间: 2009-5-5 14:37
[C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2208 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 2948 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 2, 86, 86]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\TENCENT\SSPlus\SAddr1.dll]  [腾讯, 5, 1, 4, 11]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL]  [Kingsoft Corporation, 2009,04,13,824]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddy.dll]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,12,12,694]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KANTray.dll]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVAFish.DLL]  [Kingsoft Corporation, 2008,06,26,421]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kisfree.dll]  [Kingsoft Corporation, 2009,04,13,824]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
[PID: 1608 / Administrator][D:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 2, 86, 86]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [D:\Program Files\Tencent\QQDownload\xmain.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 2, 86, 86]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [D:\Program Files\Tencent\QQDownload\xcore.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
[PID: 3012 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
[PID: 3576 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 3040 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\SREcec25149.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll]  [Kingsoft Corporation, 2009,02,13,759]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kingsoft\Kingsoft Internet Security\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.360\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

---

作者: vestige     时间: 2009-5-5 14:38
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{10A5BD45-9EFB-45B5-BD9A-25539E2D4A80}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{10A5BD45-9EFB-45B5-BD9A-25539E2D4A80}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1        858656.com
127.0.0.1        my123.com
127.0.0.1        8749.com
127.0.0.1        4199.com
127.0.0.1        7379.com
127.0.0.1        7255.com
127.0.0.1        3448.com
127.0.0.1        7939.com
127.0.0.1        8009.com
127.0.0.1        piaoxue.com
127.0.0.1        kzdh.com
127.0.0.1        about.blank.la
127.0.0.1        6781.com
127.0.0.1        7322.com
127.0.0.1        9991.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1396, C:\PROGRAM FILES\U盘专杀助手\U盘专杀助手.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3012, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3576, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.360\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x849F695D)

==================================
隐藏进程
N/A

==================================


[/CODE]

---

作者: vestige     时间: 2009-5-5 14:49
等一下，我再扫描一份日志帖上去！

---

作者: vestige     时间: 2009-5-5 15:00
[CODE]
2009-05-05,14:49:26
System Repair Engineer 2.7.1.1261
Smallfrogs ([url]http://www.KZTechs.com)[/url]
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <QQ2009><"D:\Program Files\Tencent\QQ2009\Bin\QQ.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <百度安全中心><"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe" /StartApp /baidusafecenter /Autorun>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
    <wdcertm_ccb><C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe>  [ Beijing WatchData System Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon><; ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[风影网络电视]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\风影网络电视.lnk --> C:\PROGRA~1\fengfilm\fengfilm.exe [风影网络电视]><N>

---

作者: vestige     时间: 2009-5-5 15:00
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MPSVC Service / MPSVCService][Running/Auto Start]
  <C:\Program Files\Micropoint\MPSVC.exe><Micropoint Corporation>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start]
  <C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe><Beijing WatchData System Co., Ltd.>

==================================
驱动程序
[AFD / AFD][Running/System Start]
  <\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[mp110001 / mp110001][Running/Auto Start]
  <system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
  <system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
  <system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
  <system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
  <system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
  <system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
  <system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
  <system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
  <system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\baidu\safecenter\iebuddy.dll, (Signed) Kingsoft Corporation>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeCenterEyeOnIE Class]
  {D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} <C:\Program Files\baidu\safecenter\safecenterstatus.dll, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\baidu\safecenter\iebuddyext.dll, (Signed) Kingsoft Corporation>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[JWEditor Pro for HMC-GSW]
  {674161FD-469E-4DB6-93DC-41250B73B4B3} <C:\WINDOWS\DOWNLO~1\JWEDIT~1.OCX, JWSoft>
[AnyInstaller Control]
  {6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\baidu\safecenter\iebuddyext.dll, (Signed) Kingsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\baidu\safecenter\iebuddy.dll, (Signed) Kingsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[JWEditor Pro for HMC-GSW]
  {674161FD-469E-4DB6-93DC-41250B73B4B3} <C:\WINDOWS\DOWNLO~1\JWEDIT~1.OCX, JWSoft>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AnyInstaller Control]
  {6FF49B96-5A9F-452D-9D88-7A7E0C1B8F1D} <C:\WINDOWS\DOWNLO~1\ANYINS~1.OCX, GadiaSoft>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>

---

作者: vestige     时间: 2009-5-5 15:01
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[WDCCBCtrl Class]
  {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\WINDOWS\system32\wdccb.dll, (Signed) >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[SafeCenterEyeOnIE Class]
  {D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} <C:\Program Files\baidu\safecenter\safecenterstatus.dll, (Signed) Kingsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 472 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 1128 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1328 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1472 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1528 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1684 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1976 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1240 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1928 / SYSTEM][C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe]  [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll]  [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL]  [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20]
    [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll]  [Watchdata, 1, 0, 0, 39]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3920 / Administrator][D:\Program Files\Tencent\QQ2009\Bin\QQ.exe]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\Common.dll]  [Tencent, 1, 24, 562, 0]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

---

作者: vestige     时间: 2009-5-5 15:04
[D:\Program Files\Tencent\QQ2009\Bin\KernelUtil.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\GF.dll]  [Tencent, 1, 24, 562, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [D:\Program Files\Tencent\QQ2009\Bin\AppUtil.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\MainFrame.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\TaskTray.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\TXPFProxy.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ2009\Bin\AppMisc.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\ChatFrame.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\ConfigCenter.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\CustomFace.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\IM.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\KernelMisc.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\LongCnn.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\ContactInfoFrame.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\MsgMgr.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\SkinMgr.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\QInterLive.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\AppCtrl.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\SystemMsg.dll]  [Tencent, 1, 24, 562, 0]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll]  [Tencent, 1.0.1.21]
    [D:\Program Files\Tencent\QQ2009\Bin\BasicCtrlDll.dll]  [TENCENT, 8,0,773,1801]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll]  [Tencent, 1.0.0.1]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Soso\Bin\Soso.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.Weather\Bin\Weather.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\Com.Tencent.taotao\Bin\Taotao.dll]  [Tencent, 1, 24, 562, 0]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.NetBar\Bin\NetBar.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqshow\Bin\QQShow.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.snsapp\Bin\SNSApp.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.wenwen\Bin\WenWen.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.wireless\Bin\Wireless.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.mail\Bin\Mail.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.paycenter\Bin\PayCenter.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqpet\Bin\QQPet.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.advertisement\Bin\Advertisement.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.memo\Bin\Memo.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qbar\Bin\QBar.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqchat\Bin\QQChat.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.today\Bin\Today.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqring\Bin\QQRing.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.qqgame\Bin\QQGame.dll]  [Tencent, 1, 24, 562, 0]
    [D:\Program Files\Tencent\QQ2009\Bin\vqqsdl.dll]  [Tencent Technology (Shenzhen) Company Limited, 5, 0, 3, 21]
    [D:\Program Files\Tencent\QQ2009\Plugin\com.tencent.gamelife\Bin\GameLife.dll]  [Tencent, 1, 24, 562, 0]
    [C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll]  [ Microsoft Corporation, 1.0.30401.0]
[PID: 3052 / Administrator][D:\Program Files\Tencent\QQ2009\Bin\TXPlatform.exe]  [Tencent, 1, 24, 562, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [D:\Program Files\Tencent\QQ2009\Bin\TXPFProxy.dll]  [N/A, ]
[PID: 2396 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2504 / SYSTEM][C:\WINDOWS\system32\Systen.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3560 / SYSTEM][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 183]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\Gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\baidu\safecenter\iebuddy.dll]  [Kingsoft Corporation, 2008,05,15,156]
    [C:\Program Files\baidu\safecenter\iebuddyext.dll]  [Kingsoft Corporation, 2007,09,29,200]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\baidu\safecenter\safecenterstatus.dll]  [Kingsoft Corporation, 2008,07,02,143]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
[PID: 2752 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
[PID: 2728 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\SREcec25149.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.671\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.3.3.345]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

---

作者: vestige     时间: 2009-5-5 15:04
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F4A6B93-CD06-4F45-95CA-9436DF6868E7}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F4A6B93-CD06-4F45-95CA-9436DF6868E7}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1        858656.com
127.0.0.1        my123.com
127.0.0.1        8749.com
127.0.0.1        4199.com
127.0.0.1        7379.com
127.0.0.1        7255.com
127.0.0.1        3448.com
127.0.0.1        7939.com
127.0.0.1        8009.com
127.0.0.1        piaoxue.com
127.0.0.1        kzdh.com
127.0.0.1        about.blank.la
127.0.0.1        6781.com
127.0.0.1        7322.com
127.0.0.1        9991.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1928, C:\WINDOWS\SYSTEM32\WATCHDATA\WATCHDATA CCB CSP V3.2\WDKEYMONITORCCB.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3000, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2752, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.671\SRENGLDR.EXE]

==================================

---

作者: vestige     时间: 2009-5-5 15:04
计划任务
[已启用] At102.job
        cmd
[已启用] At101.job
        cmd
[已启用] At100.job
        cmd
[已启用] At10.job
        cmd
[已启用] At1.job
        cmd
[已启用] At107.job
        cmd
[已启用] At106.job
        cmd
[已启用] At105.job
        cmd
[已启用] At104.job
        cmd
[已启用] At103.job
        cmd
[已启用] At111.job
        cmd
[已启用] At110.job
        cmd
[已启用] At11.job
        cmd
[已启用] At109.job
        cmd
[已启用] At108.job
        cmd
[已启用] At116.job
        cmd
[已启用] At115.job
        cmd
[已启用] At114.job
        cmd
[已启用] At113.job
        cmd
[已启用] At112.job
        cmd
[已启用] At120.job
        cmd
[已启用] At12.job
        cmd
[已启用] At119.job
        cmd
[已启用] At118.job
        cmd
[已启用] At117.job
        cmd
[已启用] At125.job
        cmd
[已启用] At124.job
        cmd
[已启用] At123.job
        cmd
[已启用] At122.job
        cmd
[已启用] At121.job
        cmd
[已启用] At13.job
        cmd
[已启用] At129.job
        cmd
[已启用] At128.job
        cmd
[已启用] At127.job
        cmd
[已启用] At126.job
        cmd
[已启用] At134.job
        cmd
[已启用] At133.job
        cmd
[已启用] At132.job
        cmd
[已启用] At131.job
        cmd
[已启用] At130.job
        cmd
[已启用] At139.job
        cmd
[已启用] At138.job
        cmd
[已启用] At137.job
        cmd
[已启用] At136.job
        cmd
[已启用] At135.job
        cmd
[已启用] At143.job
        cmd
[已启用] At142.job
        cmd
[已启用] At141.job
        cmd
[已启用] At140.job
        cmd
[已启用] At14.job
        cmd
[已启用] At148.job
        cmd
[已启用] At147.job
        cmd
[已启用] At146.job
        cmd
[已启用] At145.job
        cmd
[已启用] At144.job
        cmd
[已启用] At152.job
        cmd
[已启用] At151.job
        cmd
[已启用] At150.job
        cmd
[已启用] At15.job
        cmd
[已启用] At149.job
        cmd
[已启用] At157.job
        cmd
[已启用] At156.job
        cmd
[已启用] At155.job
        cmd
[已启用] At154.job
        cmd
[已启用] At153.job
        cmd
[已启用] At161.job
        cmd
[已启用] At160.job
        cmd
[已启用] At16.job
        cmd
[已启用] At159.job
        cmd
[已启用] At158.job
        cmd
[已启用] At166.job
        cmd
[已启用] At165.job
        cmd
[已启用] At164.job
        cmd
[已启用] At163.job
        cmd
[已启用] At162.job
        cmd
[已启用] At170.job
        cmd
[已启用] At17.job
        cmd
[已启用] At169.job
        cmd
[已启用] At168.job
        cmd
[已启用] At167.job
        cmd
[已启用] At175.job
        cmd
[已启用] At174.job
        cmd
[已启用] At173.job
        cmd
[已启用] At172.job
        cmd
[已启用] At171.job
        cmd
[已启用] At18.job
        cmd
[已启用] At179.job
        cmd
[已启用] At178.job
        cmd
[已启用] At177.job
        cmd
[已启用] At176.job
        cmd
[已启用] At184.job
        cmd
[已启用] At183.job
        cmd
[已启用] At182.job
        cmd
[已启用] At181.job
        cmd
[已启用] At180.job
        cmd
[已启用] At189.job
        cmd
[已启用] At188.job
        cmd
[已启用] At187.job
        cmd
[已启用] At186.job
        cmd
[已启用] At185.job
        cmd
[已启用] At193.job
        cmd
[已启用] At192.job
        cmd
[已启用] At191.job
        cmd
[已启用] At190.job
        cmd
[已启用] At19.job
        cmd
[已启用] At198.job
        cmd
[已启用] At197.job
        cmd
[已启用] At196.job
        cmd
[已启用] At195.job
        cmd
[已启用] At194.job
        cmd
[已启用] At201.job
        cmd
[已启用] At200.job
        cmd
[已启用] At20.job
        cmd
[已启用] At2.job
        cmd
[已启用] At199.job
        cmd
[已启用] At206.job
        cmd
[已启用] At205.job
        cmd
[已启用] At204.job
        cmd
[已启用] At203.job
        cmd
[已启用] At202.job
        cmd
[已启用] At210.job
        cmd
[已启用] At21.job
        cmd
[已启用] At209.job
        cmd
[已启用] At208.job
        cmd
[已启用] At207.job
        cmd
[已启用] At215.job
        cmd
[已启用] At214.job
        cmd
[已启用] At213.job
        cmd
[已启用] At212.job
        cmd
[已启用] At211.job
        cmd
[已启用] At22.job
        cmd
[已启用] At219.job
        cmd
[已启用] At218.job
        cmd
[已启用] At217.job
        cmd
[已启用] At216.job
        cmd
[已启用] At224.job
        cmd
[已启用] At223.job
        cmd
[已启用] At222.job
        cmd
[已启用] At221.job
        cmd
[已启用] At220.job
        cmd
[已启用] At229.job
        cmd
[已启用] At228.job
        cmd
[已启用] At227.job
        cmd
[已启用] At226.job
        cmd
[已启用] At225.job
        cmd
[已启用] At233.job
        cmd
[已启用] At232.job
        cmd
[已启用] At231.job
        cmd
[已启用] At230.job
        cmd
[已启用] At23.job
        cmd
[已启用] At24.job
        cmd
[已启用] At237.job
        cmd
[已启用] At236.job
        cmd
[已启用] At235.job
        cmd
[已启用] At234.job
        cmd
[已启用] At29.job
        cmd
[已启用] At28.job
        cmd
[已启用] At27.job
        cmd
[已启用] At26.job
        cmd
[已启用] At25.job
        cmd
[已启用] At33.job
        cmd
[已启用] At32.job
        cmd
[已启用] At31.job
        cmd
[已启用] At30.job
        cmd
[已启用] At3.job
        cmd
[已启用] At38.job
        cmd
[已启用] At37.job
        cmd
[已启用] At36.job
        cmd
[已启用] At35.job
        cmd
[已启用] At34.job
        cmd
[已启用] At42.job
        cmd
[已启用] At41.job
        cmd
[已启用] At40.job
        cmd
[已启用] At4.job
        cmd
[已启用] At39.job
        cmd
[已启用] At47.job
        cmd
[已启用] At46.job
        cmd
[已启用] At45.job
        cmd
[已启用] At44.job
        cmd
[已启用] At43.job
        cmd
[已启用] At51.job
        cmd
[已启用] At50.job
        cmd
[已启用] At5.job
        cmd
[已启用] At49.job
        cmd
[已启用] At48.job
        cmd
[已启用] At56.job
        cmd
[已启用] At55.job
        cmd
[已启用] At54.job
        cmd
[已启用] At53.job
        cmd
[已启用] At52.job
        cmd
[已启用] At60.job
        cmd
[已启用] At6.job
        cmd
[已启用] At59.job
        cmd
[已启用] At58.job
        cmd
[已启用] At57.job
        cmd
[已启用] At65.job
        cmd
[已启用] At64.job
        cmd
[已启用] At63.job
        cmd
[已启用] At62.job
        cmd
[已启用] At61.job
        cmd
[已启用] At7.job
        cmd
[已启用] At69.job
        cmd
[已启用] At68.job
        cmd
[已启用] At67.job
        cmd
[已启用] At66.job
        cmd
[已启用] At74.job
        cmd
[已启用] At73.job
        cmd
[已启用] At72.job
        cmd
[已启用] At71.job
        cmd
[已启用] At70.job
        cmd
[已启用] At79.job
        cmd
[已启用] At78.job
        cmd
[已启用] At77.job
        cmd
[已启用] At76.job
        cmd
[已启用] At75.job
        cmd
[已启用] At83.job
        cmd
[已启用] At82.job
        cmd
[已启用] At81.job
        cmd
[已启用] At80.job
        cmd
[已启用] At8.job
        cmd
[已启用] At88.job
        cmd
[已启用] At87.job
        cmd
[已启用] At86.job
        cmd
[已启用] At85.job
        cmd
[已启用] At84.job
        cmd
[已启用] At92.job
        cmd
[已启用] At91.job
        cmd
[已启用] At90.job
        cmd
[已启用] At9.job
        cmd
[已启用] At89.job
        cmd
[已启用] At97.job
        cmd
[已启用] At96.job
        cmd
[已启用] At95.job
        cmd
[已启用] At94.job
        cmd
[已启用] At93.job
        cmd
[已启用] At99.job
        cmd
[已启用] At98.job
        cmd

---

作者: vestige     时间: 2009-5-5 15:05
==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x849F695D)

==================================
隐藏进程
N/A

==================================


[/CODE]

---

作者: jaber     时间: 2009-5-5 15:12
怎么微点没有启动起来？

卸载微点，然后重启到安全模式，用清理助手或者其他工具清理流氓软件，在C:\WINDOWS\Tasks删除里面的计划任务，安装微点，重启。然后再看看！

---

作者: vestige     时间: 2009-5-5 15:16
病毒自动结束的微点~我也没办法·如果你重新启动机器就可以。

---

作者: vestige     时间: 2009-5-5 15:21
病毒在U盘里，如果删除了那些个计划任务，然后重新启动机器，就什么事都没了，问题在于我杀不掉U盘的那个病毒啊·一插上U盘，你再想打开微点那就成妄想了·

---

作者: Legend     时间: 2009-5-5 15:31
请楼主加QQ客服： 383154254 或 466248167 为好友，请他们帮您处理下

---

作者: snhao     时间: 2009-5-5 16:08
MS跟这个有几分相似

http://bbs.micropoint.com.cn/showthread.asp?tid=52507

---

作者: vestige     时间: 2009-5-5 16:25
就是楼上所说的那个病毒，特征一模一样`晕`

---

作者: jaber     时间: 2009-5-5 16:27
建议楼主联系客服，上边有QQ号~

---

作者: vestige     时间: 2009-5-5 16:29
那这样的话，手动就可以删除了``  问题看起来就很简单了`

---

作者: snhao     时间: 2009-5-5 20:49
问题解决得怎么样了，也不给用户通个气么？

---

作者: HomeSGerMine     时间: 2009-5-5 21:21
解决问题向来无声无息...

---

作者: vestige     时间: 2009-5-9 11:16
回27、28楼，问题已经解除`我用光盘引导进WINPE系统，删除U盘内的病毒，然后进系统删除计划任务，删除SYSTEM32下的SYSTEN.CMD SYSTEN.EXE FIND.EXE等几个文件 然后删除D盘内的以文件夹命名的EXE文件，然后用ATTRIB命令更改文件夹属性后就正常了`

---

欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn