卡饭论坛 » 病毒救援区 » 中毒后重装6次故障依旧，十万火急~

weizdi 发表于 2008-8-31 13:13

中毒后重装6次故障依旧，十万火急~

新配的机器，电脑城帮装了一次系统，回到家后想重装个深度的，格了盘重装，没想到出事了。。。。不知道中了什么邪恶的病毒，系统OVER了，装上卡巴杀了90多个病毒，再装上360杀了30多个木马，再重装系统。。。。全盘格式化了重装，现在问题貌似比原来简单些，开机上网5－6个小时，一定会掉线，废话不多说，把系统进程发上来给高手看看，救救我这菜鸟吧~~~
该诊断报告由360安全卫士提供
诊断时间: 2008-08-31  12:58:32
诊断平台: Microsoft Windows Server 2003  Service Pack 2
IE版本: Internet Explorer V6.0.3790.3959 Build:63790.3959
计算机物理内存:2.00GB - 当前可用内存:2.00GB
100 - 未知 - Process: DCSUserProt.exe [] -
100 - 未知 - Process: HNServ.exe [Hellonet PPPoE Service] - C:\Program Files\Hellonet5.02\hnserv.exe
100 - 未知 - Process: pgaccount.exe [] -
100 - 未知 - Process: HelloNet.exe [HelloNet Main User Interface] - C:\Program Files\Hellonet5.02\hellonet.exe
100 - 未知 - Process: procguard.exe [] -
100 - 未知 - Process: QQ.exe [QQ] - E:\Tencent\QQ\QQ.exe
100 - 未知 - Process: TXPlatform.exe [Tencent Instant Messaging Platform] - e:\Tencent\QQ\TXPlatform.exe
100 - 未知 - Process: Thunder5.exe [Thunder] - D:\Thunder\Program\Thunder5.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
O1 - 未知 - Host: 127.0.0.1 [url=http://www.177dvd.cn]www.177dvd.cn[/url]
O4 - 未知 - HKLM\..\Run: [hellonet] [HelloNet Main User Interface] C:\Program Files\Hellonet5.02\hellonet.exe
O8 - 未知 - Extra context menu item: 添加到QQ表情 - e:\Tencent\QQ\AddEmotion.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - d:\Thunder\Thunder.exe
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - e:\StormII\stormliv.exe /asservice - (not running)
O23 - 未知 - Service: DCSPGSRV [Used in DiamondCS products for various security purposes] - "C:\Program Files\ProcessGuard\dcsuserprot.exe" - (running)
O23 - 未知 - Service: HelloNet_PPPoE_Service [HelloNet PPPoE Service] - "C:\Program Files\Hellonet5.02\hnserv.exe" -service - (running)
O23 - 未知 - Service: TrkSvr [启用同域内的分布式链接跟踪客户端服务，以便在同域内提供更高的可靠性和有效维护。如果此服务被禁用，任何依赖于它的服务将无法启用。] - C:\WINDOWS\system32\trksvr.dll - (not running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k tapisrv
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k termsvcs
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360tray.exe
100 - 安全 - Process: taskmgr.exe [windows自带的任务管理器程序，用于察看系统中的进程信息。] - C:\WINDOWS\system32\taskmgr.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O1 - 安全 - Host: 127.0.0.1 yu.8s7.net
O1 - 安全 - Host: 127.0.0.1 2.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 wg.47255.com
O1 - 安全 - Host: 127.0.0.1 1.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 xxx.m111.biz
O1 - 安全 - Host: 127.0.0.1 1.jopenqc.com
O1 - 安全 - Host: 127.0.0.1 1.jopenkk.com
O1 - 安全 - Host: 127.0.0.1 xxx.vh7.biz
O1 - 安全 - Host: 127.0.0.1 xxx.j41m.com
O1 - 安全 - Host: 127.0.0.1 3.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 d.93se.com
O1 - 安全 - Host: 127.0.0.1 [url=http://www.868wg.com]www.868wg.com[/url]
O1 - 安全 - Host: 127.0.0.1 xxx.mmma.biz
O1 - 安全 - Host: 127.0.0.1 ilove.com
O1 - 安全 - Host: 127.0.0.1 tp.shpzhan.cn
O1 - 安全 - Host: 127.0.0.1 [url=http://www.tomwg.com]www.tomwg.com[/url]
O1 - 安全 - Host: 127.0.0.1 [url=http://www.cike007.cn]www.cike007.cn[/url]
O1 - 安全 - Host: 127.0.0.1 [url=http://www.22aaa.com]www.22aaa.com[/url]
O1 - 安全 - Host: 127.0.0.1 xx.exiao01.com
O1 - 安全 - Host: 127.0.0.1 [url=http://www.exiao01.com]www.exiao01.com[/url]
O1 - 安全 - Host: 127.0.0.1 [url=http://www.exiao01.com]www.exiao01.com[/url]
O2 - 安全 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块。] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [AlcWzrd] [一款音频驱动程序。] ALCWZRD.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [!1_pgaccount] [一个系统的保护软件。] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - 安全 - HKCU\..\Run: [!1_ProcessGuard_Startup] [一个系统的保护软件。] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O8 - 安全 - Extra context menu item: 使用迅雷下载 - d:\Thunder\Program\GetUrl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - d:\Thunder\Program\GetAllUrl.htm
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - C:\WINDOWS\system32\Ati2evxx.exe - (running)
O23 - 安全 - Service: NtFrs [在多个服务器间维护文件目录内容的文件同步。] - C:\WINDOWS\system32\ntfrs.exe - (not running)
=======================================
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {88895560-9AA2-1069-930E-00AA0030EBC8} - hticons.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: {5F327514-6C5E-4d60-8F16-D07FA08A78ED} - C:\WINDOWS\system32\wuaucpl.cpl - Microsoft Corporation - Automatic Updates Control Panel - 7.0.6000.381 - 217944 - 36d9fa5259a1df0c587b21b934df7ee8
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Avi Properties Handler -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - SEApproved: {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - C:\Program Files\Unlocker\UnlockerCOM.dll -  -  -  - 10240 - da66ceaf1def4da337f1542e0308483d
O31 - 未知 - SEApproved: {e82a2d71-5b2f-43a0-97b8-81be15854de8} - C:\WINDOWS\system32\dfshim.dll - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - 未知 - SEApproved: {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - C:\WINDOWS\system32\dfshim.dll - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - LSA: Notification Packages - DCSVC.dll -  -  -  - 0 -
O31 - 未知 - LSA: Notification Packages - cecli.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -
=======================================
O40 - Explorer.EXE -  - C:\Program Files\Unlocker\UnlockerCOM.dll -  - da66ceaf1def4da337f1542e0308483d
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - d:\Thunder\Components\ResWorker\DsBho_00.dll - DsBho - 20a4b3b323628b330e0d779880d75cbc
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - d:\Thunder\Components\ResWorker\DataProcessor_00.dll - DataProcessor - 5c6fc1582b94892f1d4f3be88b8e7928
=======================================
O41 - procguard - procguard - C:\WINDOWS\system32\drivers\procguard.sys - (running) -  -  -
=======================================
360Safe.exe=4.3.0.1007
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028

[[i] 本帖最后由 weizdi 于 2008-8-31 13:15 编辑 [/i]]

gankeyu 发表于 2008-8-31 13:19

可能是1、你访问的网站含有恶意代码，2、你的系统有漏洞，3、你遭受了ARP攻击

change_018 发表于 2008-8-31 13:20

确认系统无毒后 断网 扫SRENG日志

zhou_yiwei 发表于 2008-8-31 13:32

你能装6次,,也真服你了,

HHWWHHWW 发表于 2008-8-31 13:43

格不掉,重新分区,再格后装

wong 发表于 2008-8-31 13:56

是不是安装时就感染了？

xxjdk 发表于 2008-8-31 14:01

你的深度系统盘,可能不是深度安全版本,被人带毒了,建议你到销售商那里换系统,你自己的系统肯定有问题!系统换好后,安装杀毒软件,全盘杀毒,然后建议你再用SREngLdr扫描下,把报告发上来,请专家帮你看下!

weizdi 发表于 2008-8-31 14:05

做了个SRENG的报告，高手请看
[code]
2008-08-31,13:57:28
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <!1_ProcessGuard_Startup><"C:\Program Files\ProcessGuard\procguard.exe" -minimize>  [DiamondCS]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AlcWzrd><ALCWZRD.EXE>  [RealTek Semicoductor Corp.]
    <Alcmtr><ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <!1_pgaccount><"C:\Program Files\ProcessGuard\pgaccount.exe">  [DiamondCS]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <hellonet><C:\Program Files\Hellonet5.02\hellonet.exe>  [北京智慧门科技有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\INF\unregmp2.exe /HideWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
  <e:\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[DiamondCS Process Guard Service v3.000 / DCSPGSRV][Running/Auto Start]
  <"C:\Program Files\ProcessGuard\dcsuserprot.exe"><DiamondCS>
[HelloNet PPPoE Service / HelloNet_PPPoE_Service][Running/Auto Start]
  <"C:\Program Files\Hellonet5.02\hnserv.exe" -service><北京智慧门科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[procguard / procguard][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\procguard.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Service for HDMI / RTHDMIAzAudService][Running/Manual Start]
  <system32\drivers\RtHDMI.sys><Realtek Semiconductor Corp.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.63.(864).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(864).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <e:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 352 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 400 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 432 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 480 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 492 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4190]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2530]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 756 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 800 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [c:\windows\system32\sfc_os.dll]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 840 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 968 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4190]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2530]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 1020 / SYSTEM][C:\Program Files\Hellonet5.02\hnserv.exe]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\hnlogic.dll]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\HNKernel.dll]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\NCUtil.dll]  [N/A, ]
    [C:\Program Files\Hellonet5.02\plugins\msg.dll]  [, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\StuLib.dll]  [N/A, ]
    [C:\Program Files\Hellonet5.02\NCLog.dll]  [N/A, ]
[PID: 1352 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1448 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [d:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [d:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [d:\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [d:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[PID: 1616 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1684 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1800 / Administrator][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [C:\Program Files\360safe\live.dll]  [360.cn, 1, 0, 1, 1028]
[PID: 1808 / Administrator][C:\Program Files\Hellonet5.02\hellonet.exe]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\HNKernel.dll]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\Program Files\Hellonet5.02\NCUtil.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Hellonet5.02\plugins\Diagnose.dll]  [北京智慧门科技有限公司, 5, 0, 0, 2]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1000 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [d:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [d:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [d:\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [d:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\FREEIME.IME]  [极点五笔工作室, 6.00.950]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 2040 / Administrator][d:\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.8.5.576]
    [d:\Thunder\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [d:\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 9, 71]
    [d:\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 3, 2, 323]
    [d:\Thunder\Program\mp.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Thunder\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 2, 2, 25]
    [d:\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Thunder\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 12]
    [d:\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
    [d:\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [d:\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [d:\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 12, 30]
    [d:\Thunder\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 2, 2, 24]
    [d:\Thunder\Program\zlib1.dll]  [, 1.2.3]
    [d:\Thunder\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 39]
    [d:\Thunder\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 24]
    [d:\Thunder\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 3,2,2,31]
    [d:\Thunder\Program\dl_peer_id.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 2]
    [d:\Thunder\Program\xl_stat.dll]  [, 1, 1, 2, 6]
    [d:\Thunder\Program\p2p_network_com.dll]  [, 1, 0, 2, 25]
    [d:\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [d:\Thunder\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,2,2,34]
    [d:\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 2, 6, 2, 18]
    [d:\Thunder\Program\stream.dll]  [Thunder Networking Technologies,LTD, 2, 1, 2, 391]
    [d:\Thunder\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1,2,2,12]
    [d:\Thunder\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1,2,2,16]
    [d:\Thunder\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,2,2,22]
    [d:\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 26]
    [d:\Thunder\Components\InMedia\iEmbed18.dll]  [Thunder Networking Technologies,LTD, 3, 4, 9, 110]
    [d:\Thunder\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 2, 7, 61]
    [d:\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [d:\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [d:\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 5, 0, 90]
    [d:\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [d:\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Thunder\Program\imdt.dll]  [Thunder Networking Technologies,LTD, 1.2.2.18]
    [d:\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 2, 1, 3, 97]
    [d:\Thunder\Components\Security\ConfigManager.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
    [d:\Thunder\Components\Security\SafeManager.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
    [d:\Thunder\Components\Security\SafeStatistic.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Thunder\Program\XLNetU.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [d:\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 5, 82]
    [d:\Thunder\Plugins\XLSafeHost\AutoHelp.dll]  [Beijing Rising Technology Co., Ltd., 6.0.0.5]
    [d:\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
    [d:\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
    [d:\Thunder\Plugins\KanKanTop\KanKanTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [d:\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
    [d:\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 14, 120]
    [d:\Thunder\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [d:\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
    [d:\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [d:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [d:\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [d:\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [d:\Thunder\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [d:\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
[PID: 2824 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 2840 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SRE3dc77e12.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1                yu.8s7.net
127.0.0.1                2.joppnqq.com
127.0.0.1                wg.47255.com
127.0.0.1                1.joppnqq.com
127.0.0.1                xxx.m111.biz
127.0.0.1                1.jopenqc.com
127.0.0.1                1.jopenkk.com
127.0.0.1                xxx.vh7.biz
127.0.0.1                xxx.j41m.com
127.0.0.1                3.joppnqq.com
127.0.0.1                d.93se.com
127.0.0.1                www.868wg.com
127.0.0.1                xxx.mmma.biz
127.0.0.1                ilove.com
127.0.0.1                tp.shpzhan.cn
127.0.0.1                www.tomwg.com
127.0.0.1                www.177dvd.cn
127.0.0.1                www.cike007.cn
127.0.0.1                www.22aaa.com
127.0.0.1                xx.exiao01.com
127.0.0.1                www.exiao01.com
127.0.0.1                www.exiao01.com

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/code]

[[i] 本帖最后由 秋叶濛濛 于 2008-9-1 09:37 编辑 [/i]]

鱼怪 发表于 2008-8-31 15:01

没找到病毒，老兄也很喜欢折磨电脑，这几天为找个合适的LINUX，一天分过8次区，最后以显卡不支持而告终，哪天卖个显卡再上。[:14:]

granthill 发表于 2008-8-31 16:16

日志好像没有什么问题
楼主第一时间 补丁+ anti arp

14206937 发表于 2008-9-1 17:38

我认为你应该是中了一种Autorun病毒,你重装系统之后双击某个盘符后把病毒又重新激活了,

如果都重新分区之后问题依旧的话那就很可能是你的系统盘有问题了

huiwen 发表于 2008-9-1 17:55

应该除C盘外其他盘也有病毒，把其他盘也格了，再全新安装，然后第一时间装个杀毒软件！

qq79563861 发表于 2008-9-1 18:04

这病毒有点似AV终结者

大蒜陀 发表于 2008-9-1 20:28

删掉你的整个QQ文件夹再装就可以了

icesoulo 发表于 2008-9-1 23:26

断网感觉像是ARP病毒
补丁一定要打上的

查看完整版本: 中毒后重装6次故障依旧，十万火急~