微点交流论坛

标题: 提交病毒来了 [打印本页]

作者: tanglewish 时间: 2008-7-23 21:51 标题: 提交病毒来了

以为微点很强大
直接让它单奔了
结果它不能胜任
总结几个不足
以下的图示都是中毒后
清理前、中时抓图的

1.遇到有害程序它没有拦截或提示
中招后被病毒干掉
或者功能区、标签区变为灰色（菜单可用）

附件 1: 2.gif (2008-7-23 21:51, 64.45 K,下载次数： 43)

附件 2: 3.png (2008-7-23 21:51, 71.33 K,下载次数： 73)

作者: tanglewish 时间: 2008-7-23 21:52
继续

附件 1: 4.png (2008-7-23 21:52, 69.18 K,下载次数： 51)

作者: tanglewish 时间: 2008-7-23 21:53
继续

附件 1: 5.png (2008-7-23 21:53, 54.78 K,下载次数： 47)

作者: tanglewish 时间: 2008-7-23 21:54
病毒似乎在监测微点的界面
只要操作和它相关的东西
病毒就不让操作

这种图是导出进程记录不成功

附件 1: 8.png (2008-7-23 21:54, 93.45 K,下载次数： 35)

作者: tanglewish 时间: 2008-7-23 21:57
清理前sreng扫描日志

（摘抄部分）

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
<IFEO[360rpt.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
<IFEO[360safe.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE]
<IFEO[360tray.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
<IFEO[ANTIARP.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE]
<IFEO[Ast.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE]
<IFEO[AutoRunKiller.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE]
<IFEO[AvMonitor.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
<IFEO[AVP.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE]
<IFEO[CCenter.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
<IFEO[Frameworkservice.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
<IFEO[GFUpd.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
<IFEO[GuardField.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE]
<IFEO[IceSword.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE]
<IFEO[Iparmor.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
<IFEO[KASARP.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE]
<IFEO[kavstart.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE]
<IFEO[kmailmon.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE]
<IFEO[KRegEx.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP]
<IFEO[KVMonxp.KXP]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE]
<IFEO[KVSrvXP.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE]
<IFEO[KVWSC.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE]
<IFEO[kwatch.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE]
<IFEO[Mmsk.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE]
<IFEO[Navapsvc.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE]
<IFEO[nod32krn.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE]
<IFEO[Nod32kui.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE]
<IFEO[RAV.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE]
<IFEO[RavStub.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE]
<IFEO[Regedit.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE]
<IFEO[rfwmain.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE]
<IFEO[rfwProxy.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE]
<IFEO[rfwsrv.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.EXE]
<IFEO[rfwstub.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE]
<IFEO[Runiep.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
<IFEO[VPC32.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
<IFEO[VPTRAY.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
<IFEO[WOPTILITIES.EXE]><G:\WINDOWS\system32\dllcache\wuauclt.exe>  []

[ Last edited by tanglewish on 2008-7-23 at 22:09 ]

作者: Legend 时间: 2008-7-23 21:57
您是否安装了其他安全软件？
请问您的操作系统具体是什么版本？
请生成技术支持信息（微点主界面-->辅助功能-->生成技术支持信息）并及时联系我们在线管理员（QQ:466248167），让他帮您分析一下

作者: tanglewish 时间: 2008-7-23 21:58
用arswp清理完后
进程仍然有问题

附件 1: 10.png (2008-7-23 21:58, 4.01 K,下载次数： 74)

作者: tanglewish 时间: 2008-7-23 21:59
微点干不掉
只好再把小红伞打开了
又把ssm打开了

红伞报警

附件 1: 9.png (2008-7-23 21:59, 14.87 K,下载次数： 50)

作者: tanglewish 时间: 2008-7-23 22:00
红伞报警

附件 1: 11.png (2008-7-23 22:00, 27.41 K,下载次数： 42)

作者: tanglewish 时间: 2008-7-23 22:00
再用arswp清理
红伞报msdos.exe
微点没报

附件 1: 12.png (2008-7-23 22:00, 126.28 K,下载次数： 62)

作者: tanglewish 时间: 2008-7-23 22:01
红伞再报

附件 1: 13.png (2008-7-23 22:01, 13.34 K,下载次数： 52)

作者: tanglewish 时间: 2008-7-23 22:02
看红伞报的都是ie缓存
把ie缓存清理完后
发贴时红伞还报

这个图是wab.exe出错报的

[ Last edited by tanglewish on 2008-7-23 at 22:03 ]

附件 1: 14.png (2008-7-23 22:02, 8.39 K,下载次数： 23)

作者: tanglewish 时间: 2008-7-23 22:06

Quote:

Originally posted by Legend at 2008-7-23 21:57:
您是否安装了其他安全软件？
请问您的操作系统具体是什么版本？
请生成技术支持信息（微点主界面-->辅助功能-->生成技术支持信息）并及时联系我们在线管理员（QQ:466248167），让他帮您分析一下

现在都清理完，再生成还有效果吗？

作者: tanglewish 时间: 2008-7-23 22:11
filelog.txt部分内容：
2008-07-23 21:10:33 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:33 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:33 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE

作者: tanglewish 时间: 2008-7-23 22:14
reglog.txt部分：
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:53:05 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE
2008-07-23 20:49:33 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ARSWP.EXE "I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE" /AUTO I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE
2008-07-23 20:49:20 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIAFQEY\ IMAGEPATH \??\G:\WINDOWS\SYSTEM32\DRIVERS\WIAFQEY.SYS I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE
2008-07-23 20:35:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NPF\ IMAGEPATH \??\G:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS G:\WINDOWS\SYSTEM32\SC.EXE
2008-07-23 20:34:24 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYS_HKP\ IMAGEPATH \??\G:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~31.TMP C:\PROGRAM FILES\INTERNET EXPLORER\5.PIF
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GFUPD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDFIELD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANTIARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPTRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPC32.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNKILLER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTILITIES.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AST.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRAMEWORKSERVICE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE

作者: tanglewish 时间: 2008-7-23 22:14
继续：

2008-07-23 20:54:33 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYS_HKP\ IMAGEPATH \??\G:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~62.TMP C:\PROGRAM FILES\INTERNET EXPLORER\5.PIF
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GFUPD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDFIELD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANTIARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPTRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPC32.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNKILLER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTILITIES.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AST.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRAMEWORKSERVICE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE

作者: tanglewish 时间: 2008-7-23 22:15 标题: SECURITYLOG.txt部分

2008-07-23 20:54:10 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1184 58.211.7.59 80 阻断
2008-07-23 20:54:10 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1183 58.211.7.59 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1182 58.211.7.25 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1181 58.211.7.25 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1180 58.211.7.41 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1179 58.211.7.36 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1178 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1679 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1678 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1677 58.211.7.59 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1676 58.211.7.59 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1675 58.211.7.25 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1645 58.211.7.25 80 永远禁止

作者: tanglewish 时间: 2008-7-23 22:15 标题: FileExport_Startup_Other.txt

autoexec.bat 批处理文件其他软件 C:\AUTOEXEC.BAT
Beep.sys 驱动其他软件 G:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
fppdis2a.exe /source=HKLM 注册表启动组其他软件 G:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PDFFACTORY PRO 分配器 V2
PCIDump.sys 驱动其他软件文件不存在(G:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
lbrtfdc.sys 驱动其他软件文件不存在(G:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
ssv.dll Explorer插件其他软件 G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Changer.sys 驱动其他软件文件不存在(G:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
wuauclt1.exe 注册表启动组其他软件文件不存在(G:\WINDOWS\system32\wuauclt1.exe) HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\TEST
srvany.exe 服务其他软件 I:\ftp_search\app2srv\srvany.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTPSEARCH
d346prt.sys 驱动其他软件 G:\WINDOWS\system32\drivers\d346prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\D346PRT
AvaFind.exe 注册表启动组其他软件 G:\Program Files\AvaFind Pro\AvaFind.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AVAFIND
amd_dc_opt.exe 注册表启动组其他软件 G:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AMD_DC_OPT
SSMWinlogonEx.dll 系统直接调用其他软件 G:\WINDOWS\system32\SSMWinlogonEx.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SYSTEM SAFETY MONITOR
i2omgmt.sys 驱动其他软件文件不存在(G:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
vstor2-ws60.sys 驱动其他软件 G:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VSTOR2-WS60

作者: threeswords 时间: 2008-7-23 22:59
第一张图没看明白
微点报的是已知，并已阻止其运行，楼主说的是微点拦截失败？

楼主如果有病毒样本，可以直接发给微点，压缩加密码（密码：virus）发送到virus@micropoint.com.cn，记得附上技术支持信息。

还有不知道楼主是浏览哪个网页中毒的？

作者: Legend 时间: 2008-7-23 23:14
请楼主及时将样本文件和技术支持信息（微点主界面-->辅助功能-->生成技术支持信息）发送到我们support@micropoint.com.cn 邮箱，我们好及时分析处理。

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn