瑞星卡卡安全论坛

360检测出中了灰鸽子变种0006  路径是c\windows\system32\system
杀掉后反复出现，顽固木马专杀和金山灰鸽子专杀找不到！
最近卡巴斯基全功能2009报：trojan-downloader.bat.ftp.eq    system32\dboy2.sys
                                              trojan-downloader.bat.agent.r  system32\dboy1.sys
自动清除，或手动清除重启反复出现！
windows清理助手，清理后也再次出现！
windows清理助手系统诊断报告如下，请达人帮忙解决，感谢：

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

附件: SYSLOG.TXT

[CODE]

2008-10-10,00:13:04

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Home Edition Service Pack 3 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe">  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]
    <360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)360安全中心, 2, 1, 1, 1002, C:2008-06-11 22:48 M:2008-06-11 22:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\"添加到反广告"]
    <><D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm>  [N/A, C:2008-07-29 20:08 M:2008-07-29 20:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><D:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-04-12 14:10 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-04-12 14:10 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换为现有 PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换选定的链接为 Adobe PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换选定的链接为现有 PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换选项为 Adobe PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换选项为现有 PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换链接目标为 Adobe PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\转换链接目标为现有 PDF]
    <><res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [ATI Technologies Inc., 6.14.10.4155, C:2007-01-09 01:06 M:2007-01-09 01:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2001-09-05 20:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2001-09-05 20:00 M:2008-06-24 00:14|(Verified)N/A, C:2004-08-17 07:35 M:2004-08-17 07:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2001-09-05 20:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2001-09-05 20:00 M:2008-06-24 00:14|(Verified)N/A, C:2004-08-17 07:35 M:2004-08-17 07:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2001-09-05 20:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2001-09-05 20:00 M:2008-06-24 00:14|(Verified)N/A, C:2006-11-02 23:38 M:2006-11-02 23:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><D:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-04-12 14:10 M:2008-07-10 21:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
    <Web 流量保护状态><D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]

启动项



========================================
计划任务



========================================
组件


IE Extension
[Web 流量保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\System32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-12-14 20:32 M:2001-09-05 20:00]
[AutoCAD DWG 列处理程序]
    {8A0BC933-7552-42E2-A228-3BE055777227}  <C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll>  [(Verified)Autodesk, 17.1.51.0, C:2007-02-12 06:06 M:2007-02-12 06:06]
[AutoCAD DWG 信息提示处理程序]
    {5800AD5B-72C1-477B-9A08-CA112DF06D97}  <C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll>  [(Verified)Autodesk, 17.1.51.0, C:2007-02-12 06:06 M:2007-02-12 06:06]
[AutoCAD 数字签名图标覆盖处理程序]
    {36A21736-36C2-4C11-8ACB-D4136F2B57BD}  <C:\WINDOWS\system32\AcSignIcon.dll>  [(Verified)Autodesk, Inc., 17.1.51.0, C:2007-02-12 06:12 M:2007-02-12 06:12]
[Autodesk 图形预览]
    {AC1DB655-4F9A-4c39-8AD2-A65324A4C446}  <C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll>  [(Verified)Autodesk, Inc., 17.1.51.0, C:2007-02-12 06:12 M:2007-02-12 06:12]
[Autodesk Dgn 文件预览]
    {ADC46291-D8A1-4486-A24C-86FFB392AEFA}  <C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll>  [(Verified)Autodesk, 17.1.51.0, C:2007-02-12 06:13 M:2007-02-12 06:13]
[Web 流量保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <D:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-09-07 21:19 M:2008-07-11 00:22]

Protocols
[Microsoft Infotech Storage Protocol for IE 4.0]
    {0A9007C0-4076-11D3-8789-0000F8105754}  <C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL>  [Microsoft Corporation, 05.02.9336.01, C:2000-04-19 18:47 M:2000-04-19 18:47]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-04-12 14:11 M:2008-06-13 09:43]
[WebProtect]
    {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B}  <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll>  [(Verified)China Merchants Bank, 1, 0, 0, 1, C:2008-04-30 19:13 M:2007-08-20 16:15]
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-04-12 14:11 M:2008-06-13 09:43]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <D:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-04-12 14:11 M:2008-06-13 09:43]
[Web Browser Applet Control]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}  <C:\WINDOWS\System32\msjava.dll>  [Microsoft Corporation, 5.00.3810, C:2007-12-14 23:06 M:2003-02-28 18:26]
[GerneralPeerID Class]
    {0A47E819-F82E-4D5D-B806-6A9EA94D68CD}  <D:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll>  [Copyright 2007, 1, 0, 0, 1, C:2008-04-12 14:10 M:2008-04-07 15:46]
[Edit Class]
    {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D}  <C:\WINDOWS\system32\CMBEdit.dll>  [Copyright 2004, 1, 2, 0, 3, C:2007-09-14 15:54 M:2007-09-14 15:54]
[iTrusPTA Class]
    {1E0DFFCF-27FF-4574-849B-55007349FEDA}  <C:\WINDOWS\system32\aliedit\pta.dll>  [(Verified)Copyright 2001, 2, 5, 1, 509, C:2007-04-19 18:43 M:2008-04-29 10:36]
[RealPlayer RAM Download Handler]
    {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}  <d:\Program Files\StormII\Codec\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-04-12 14:11 M:2008-06-13 09:43]
[EditCtrl Class]
    {488A4255-3236-44B3-8F27-FA1AECAA8844}  <C:\WINDOWS\system32\aliedit\aliedit.dll>  [(Verified)Copyright 2007, 2, 1, 2, 1, C:2007-04-19 18:46 M:2008-05-20 10:51]
[WebProtect]
    {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B}  <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll>  [(Verified)China Merchants Bank, 1, 0, 0, 1, C:2008-04-30 19:13 M:2007-08-20 16:15]
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[AXAPI Class]
    {5EEEA87D-160E-4A2D-8427-B6C333FEDA4D}  <D:\PROGRA~1\Tencent\RTXC\RTXAX.dll>  [(Verified)Tencent, 3,4,0,32, C:2008-01-23 15:33 M:2008-01-23 15:33]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2007-12-15 02:10 M:2008-08-04 12:58]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2007-12-15 02:10 M:2008-08-04 12:58]
[WangWangObj Class]
    {6E213FC7-DD5A-4115-B7E6-D4C7838C361E}  <D:\Program Files\Alisoft\WangWang\WangWangX6.dll>  [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-04-22 21:06 M:2008-03-18 12:14]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-06-28 16:39 M:2008-06-13 10:14]
[360SafeLive]
    {87515F61-A66C-4319-A0E0-D416CB8059E3}  <D:\Program Files\360safe\live.dll>  [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-04-12 14:11 M:2008-06-13 09:43]
[XML DOM Document 4.0]
    {88D969C0-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:10 M:2007-05-08 15:10]
[Free Threaded XML DOM Document 4.0]
    {88D969C1-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:10 M:2007-05-08 15:10]
[XSL Template 4.0]
    {88D969C3-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:10 M:2007-05-08 15:10]
[XML HTTP 4.0]
    {88D969C5-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:10 M:2007-05-08 15:10]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(910).dll>  [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5803, 60, C:2008-08-17 16:53 M:2008-08-04 12:58]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <D:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[QQPlayerCtrl Class]
    {CD108273-D434-43E6-AA90-1469F97EB398}  <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 162, 202, C:2008-05-15 09:37 M:2008-05-15 09:37]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <d:\Program Files\StormII\Codec\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[Macromedia Flash Factory Object]
    {D27CDB70-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[PlayerCtrl Class]
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}  <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 162, 202, C:2008-05-15 09:37 M:2008-05-15 09:37]
[PasswordEditCtrl Class]
    {E787FD25-8D7C-4693-AE67-9406BC6E22DF}  <C:\WINDOWS\system32\qqedit\qqedit.dll>  [(Verified)腾讯科技（深圳）有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08]
[TimwpDll.TimwpCheck]
    {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}  <D:\PROGRA~1\Tencent\QQ\Timwp.dll>  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:53 M:2007-07-01 08:53]
[Scripting.Dictionary]
    {EE09B103-97E0-11CF-978F-00A02463E06F}  <C:\WINDOWS\system32\UFCOMSQL\scrrun.dll>  [Microsoft Corporation, 5.1.0.5010, C:2007-12-25 21:06 M:2000-11-23 13:13]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.910.dll>  [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-08-17 16:53 M:2008-08-04 12:58]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(910).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2008-08-17 16:53 M:2008-08-04 12:58]

Context Menu
[AVG Anti-Spyware]
    {8934FCEF-F5B8-468f-951F-78A921CD3920}  <D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll>  [(Verified)GRISOFT s.r.o., 7, 5, 1, 36, C:2007-05-30 20:29 M:2007-05-30 20:29]
[Kaspersky Anti-Virus]
    {dd230880-495a-11d1-b064-008048ec2fc5}  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <D:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-09-07 21:19 M:2008-07-11 00:22]

服务

[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe">  [Adobe Systems, 2.67.010, C:2007-12-15 20:30 M:2007-12-15 20:30]
[Application Management / AppMgmt][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\appmgmts.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
    <%SystemRoot%\System32\Ati2evxx.exe>  [ATI Technologies Inc., 6.14.10.4155, C:2007-01-09 01:05 M:2007-01-09 01:05]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]
[Windows CardSpace / idsvc][/Manual Start]
    <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe">  [Microsoft Corporation, 3.0.4506.648 (Winfxred.004506-0648), C:2007-10-11 09:55 M:2007-10-11 09:55]
[MSSQLServer / MSSQLServer][Running/Auto Start]
    <D:\MSSQL7\binn\sqlservr.exe>  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-27 23:43]
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
    <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe">  [Microsoft Corporation, 3.0.4506.648 (Winfxred.004506-0648), C:2007-10-11 09:55 M:2007-10-11 09:55]
[pxjmlw / pxjmlw][Stopped/Auto Start]
    <C:\WINDOWS\system32\svchost.exe -k pxjmlw --> "%SystemRoot%\System32\pikumcmy.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]
[SQLServerAgent / SQLServerAgent][Running/Auto Start]
    <D:\MSSQL7\binn\sqlagent.exe>  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 02:09]
[U8管理软件 / UFNet][Running/Auto Start]
    <C:\WINDOWS\system32\ServerNT.EXE>  [N/A, C:2007-12-25 21:08 M:2002-09-22 15:33]

[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe">  [(Verified)Autodesk, 2.80.011, C:2007-12-15 15:37 M:2007-12-15 15:37]
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Manual Start]
    <D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe>  [(Verified)GRISOFT s.r.o., 7, 5, 1, 22, C:2007-05-30 20:31 M:2007-05-30 20:31]
[Kaspersky Internet Security / AVP][Running/Auto Start]
    <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <d:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
    <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start>  [(Verified)China Merchants Bank, 1, 0, 0, 1, C:2008-04-30 19:13 M:2007-08-27 16:35]


========================================
驱动

[ati2mtag / ati2mtag][Running/Manual Start]
    <System32\DRIVERS\ati2mtag.sys>  [ATI Technologies Inc., 6.14.10.6660, C:2007-01-09 01:12 M:2007-01-09 01:12]
[npkcrypt / npkcrypt][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkcrypt.sys>  []
[npkycryp / npkycryp][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkycryp.sys>  []
[rgga / rgga][Stopped/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\rgga.sys>  [SafeNet China Ltd., 2, 1, 3, 0, C:2007-12-20 17:57 M:2007-12-20 17:57]
[Sense3 / Sense3][Stopped/Auto Start]
    <System32\drivers\sense3.sys>  [Beijing Senselock, 1.10.00, C:2007-12-20 16:06 M:2007-12-25 21:10]
[Superk53 / Superk53][Running/Auto Start]
    <\SystemRoot\System32\drivers\superk53.sys>  [Microsoft Corporation, 3.51, C:2007-12-25 21:10 M:2000-09-08 16:20]

[360AntiArp / 360AntiArp][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys>  [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33]
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\RTKVAC.SYS>  [(Verified)Realtek Semiconductor Corp., 6.0.1.6231 built by: WinDDK, C:2007-12-14 20:50 M:2007-03-08 16:59]
[AMD HwPState Processor Driver / AmdPPM][Running/System Start]
    <system32\DRIVERS\AmdPPM.sys>  [(Verified)Advanced Micro Devices, 1.0.0 built by: WinDDK, C:2007-04-16 21:46 M:2007-04-16 21:46]
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys>  [(Verified)N/A, C:2007-05-30 20:10 M:2007-05-30 20:10]
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys>  [(Verified)GRISOFT, s.r.o., 1.0.0.14, C:2008-01-04 18:11 M:2007-05-30 20:10]
[Kl1 / kl1][Running/Boot Start]
    <system32\drivers\kl1.sys>  [(Verified)Kaspersky Lab, 6.2.35.0, C:2008-07-21 18:34 M:2008-07-21 18:34]
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
    <system32\drivers\klbg.sys>  [(Verified)Kaspersky Lab, 8.0.6.2, C:2008-01-29 18:29 M:2008-01-29 18:29]
[Kaspersky Lab KLFltDev / KLFLTDEV][Running/Manual Start]
    <system32\DRIVERS\klfltdev.sys>  [(Verified)Kaspersky Lab, 8.0.0.17, C:2008-03-13 19:02 M:2008-03-13 19:02]
[Kaspersky Lab Driver / KLIF][Running/System Start]
    <system32\DRIVERS\klif.sys>  [(Verified)Kaspersky Lab, 8.1.0.100, C:2008-08-20 20:02 M:2008-08-20 20:02]
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
    <system32\DRIVERS\klim5.sys>  [(Verified)Kaspersky Lab, 6.1.28.0, C:2008-04-30 18:06 M:2008-04-30 18:06]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2001-09-05 20:00 M:2001-09-05 20:00]
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
    <System32\DRIVERS\Rtenicxp.sys>  [(Verified)Realtek Semiconductor Corporation                          , 5.650.0616.2006 built by: WinDDK, C:2007-12-14 20:54 M:2006-06-17 20:36]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
    <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys>  [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31]
[Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2001-09-05 20:00 M:2007-11-13 18:25]
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
    <system32\DRIVERS\SONYPVU1.SYS>  [(Verified)Sony Corporation, 1.3.0526.0 (XPClient.010817-1148), C:2008-07-07 13:12 M:2001-08-17 13:56]


========================================
进程

[PID: 916 / SYSTEM]  \SystemRoot\System32\smss.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 964 / SYSTEM]  \??\C:\WINDOWS\system32\csrss.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:13]

[PID: 992 / SYSTEM]  \??\C:\WINDOWS\system32\winlogon.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2001-09-05 20:00 M:2008-04-14 10:14]
    C:\WINDOWS\system32\Ati2evxx.dll  [ATI Technologies Inc., 6.14.10.4155, C:2007-01-09 01:06 M:2007-01-09 01:06]
    C:\WINDOWS\system32\klogon.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]

[PID: 1036 / SYSTEM]  C:\WINDOWS\system32\services.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1048 / SYSTEM]  C:\WINDOWS\system32\lsass.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1216 / SYSTEM]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1304 / NETWORK SERVICE]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1416 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1572 / LOCAL SERVICE]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1780 / SYSTEM]  C:\WINDOWS\system32\spoolsv.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2001-09-05 20:00 M:2008-04-14 10:14]
    C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll  [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725), C:2007-12-15 02:21 M:2006-10-14 16:43]

[PID: 132 / 御龙氏]  C:\WINDOWS\Explorer.EXE  [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2001-09-05 20:00 M:2008-04-14 10:14]
    C:\WINDOWS\system32\AcSignIcon.dll  [(Verified)Autodesk, Inc., 17.1.51.0, C:2007-02-12 06:12 M:2007-02-12 06:12]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-23 10:16 M:2005-09-23 10:16]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-23 09:58 M:2005-09-23 09:58]
    C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll  [(Verified)Autodesk, Inc., 17.1.51.0, C:2007-02-12 06:06 M:2007-02-12 06:06]
    D:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll  [(Verified)Autodesk, 17.1.51.0, C:2007-02-12 06:06 M:2007-02-12 06:06]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-23 08:49 M:2005-09-23 08:49]

[PID: 412 / 御龙氏]  C:\WINDOWS\system32\ctfmon.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2001-09-05 20:00 M:2008-04-14 10:13]

[PID: 808 / SYSTEM]  d:\Program Files\StormII\stormliv.exe  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]

[PID: 844 / SYSTEM]  C:\Program Files\CMBCHINA\WebProtect\WPService.exe  [(Verified)China Merchants Bank, 1, 0, 0, 1, C:2008-04-30 19:13 M:2007-08-27 16:35]
    C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll  [(Verified)China Merchants Bank, 1, 0, 0, 1, C:2008-04-30 19:13 M:2007-08-20 16:16]

[PID: 936 / SYSTEM]  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE  [(Verified)Microsoft Corporation, 7.00.9466, C:2003-06-19 23:25 M:2003-06-19 23:25]
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll  [Microsoft Corporation, 7.00.9466, C:2002-01-29 15:06 M:2002-01-29 15:06]

[PID: 1400 / SYSTEM]  D:\MSSQL7\binn\sqlservr.exe  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-27 23:43]
    D:\MSSQL7\binn\opends60.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\ums.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\sqlevn70.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\binn\COMNEVNT.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\SQLTrace.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\binn\SSNMPN70.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\SSMSSO70.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\SSMSRP70.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\SQLRGSTR.DLL  [N/A, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\xpsqlbot.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]
    D:\MSSQL7\binn\sqlboot.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:25]

[PID: 1720 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2001-09-05 20:00 M:2008-04-14 10:14]

[PID: 1840 / SYSTEM]  C:\WINDOWS\system32\ServerNT.EXE  [N/A, C:2007-12-25 21:08 M:2002-09-22 15:33]
    C:\WINDOWS\system32\UMiscell.dll  [版权所有 (C) 2000, 1, 0, 0, 1, C:2007-12-25 21:05 M:2002-08-13 20:17]
    C:\WINDOWS\system32\sgv.dll  [版权所有 (C) 2002, 8, 2, 0, 0, C:2007-12-25 21:05 M:2002-01-18 17:24]
    C:\WINDOWS\system\Sense3.dll  [N/A, C:2007-12-20 16:06 M:2007-12-25 21:10]
    C:\WINDOWS\system32\SecuComm.dll  [N/A, C:2007-12-25 21:05 M:2001-02-20 14:42]

[PID: 1636 / SYSTEM]  D:\MSSQL7\binn\sqlagent.exe  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 02:09]
    D:\MSSQL7\binn\SQLWID.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:25]
    D:\MSSQL7\binn\SQLSVC.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\SQLRESLD.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\W95SCM.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\COMNEVNT.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\SEMMAP.dll  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\Resources\1033\SQLSVC.RLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\Resources\1033\SEMMAP.RLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\SQLAGENT.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\BINN\SQLCMDSS.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\BINN\SQLREPSS.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\BINN\SQLATXSS.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:57 M:1998-11-13 04:22]
    D:\MSSQL7\binn\AXSCPHST.DLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]
    D:\MSSQL7\binn\Resources\1033\AXSCPHST.RLL  [Microsoft Corporation, 1998.11.13, C:2007-12-25 20:58 M:1998-11-13 04:22]

[PID: 2824 / LOCAL SERVICE]  C:\WINDOWS\System32\alg.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2001-09-05 20:00 M:2008-04-14 10:13]

[PID: 3848 / 御龙氏]  D:\Program Files\arswp\ArSwp.exe  [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-10-09 23:11 M:2008-08-15 22:25]
    D:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
    C:\WINDOWS\system32\AcSignIcon.dll  [(Verified)Autodesk, Inc., 17.1.51.0, C:2007-02-12 06:12 M:2007-02-12 06:12]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-23 10:16 M:2005-09-23 10:16]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-23 09:58 M:2005-09-23 09:58]
    D:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-10-09 23:11 M:2007-11-28 15:19]

[PID: 3940 / SYSTEM]  C:\WINDOWS\system32\wuauclt.exe  [(Verified)Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904), C:2007-12-14 20:32 M:2008-07-18 22:10]

[PID: 348 / NETWORK SERVICE]  C:\WINDOWS\System32\wbem\wmiprvse.exe  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2007-12-14 20:32 M:2008-04-14 10:14]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]

后面三个回复也是！
请高手支招，不胜感激！:default3: :default3: :default3: :default3: :default3: :default3:

这是后门木马程序,灰鸽子.
首先,将系统还原,关闭.
右键,我的电脑,属性.
系统还原,选项,在所有硬盘上关闭系统还原.
然后
可以使用灰鸽子专杀工具.进行查杀.

扫SRENG日志发这论坛来

下载最新版本的SRENG工具：http://www.kztechs.com/sreng/download.html

1 下载的是压缩包，必须解压缩后再运行。
2 运行SREng***.EXE
3 选择主界面左边的：智能扫描=》扫描=》保存报告
4 把报告保存后，将日志完整发这论坛来。不要有遗漏。

建议以附件形式发来

dboy2.sys和dboy1.sys两个文件

这里官网下载冰刃，在“文件”中找那两文件“强制删除”：
http://mail.ustc.edu.cn/~jfpan/download/IceSword122cn.zip